1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <functional>
18
19 #include "fuzzer/FuzzedDataProvider.h"
20 #include "utils/LruCache.h"
21 #include "utils/StrongPointer.h"
22
23 typedef android::LruCache<size_t, size_t> FuzzCache;
24
25 static constexpr uint32_t MAX_CACHE_ENTRIES = 800;
26
27 class NoopRemovedCallback : public android::OnEntryRemoved<size_t, size_t> {
28 public:
operator ()(size_t &,size_t &)29 void operator()(size_t&, size_t&) {
30 // noop
31 }
32 };
33
34 static NoopRemovedCallback callback;
35
36 static const std::vector<std::function<void(FuzzedDataProvider*, FuzzCache*)>> operations = {
__anon8490bc0f0102() 37 [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->removeOldest(); },
__anon8490bc0f0202() 38 [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->peekOldestValue(); },
__anon8490bc0f0302() 39 [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->clear(); },
__anon8490bc0f0402() 40 [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->size(); },
__anon8490bc0f0502() 41 [](FuzzedDataProvider*, FuzzCache* cache) -> void {
42 android::LruCache<size_t, size_t>::Iterator iter(*cache);
43 while (iter.next()) {
44 iter.key();
45 iter.value();
46 }
47 },
__anon8490bc0f0602() 48 [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
49 size_t key = dataProvider->ConsumeIntegral<size_t>();
50 size_t val = dataProvider->ConsumeIntegral<size_t>();
51 cache->put(key, val);
52 },
__anon8490bc0f0702() 53 [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
54 size_t key = dataProvider->ConsumeIntegral<size_t>();
55 cache->get(key);
56 },
__anon8490bc0f0802() 57 [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
58 size_t key = dataProvider->ConsumeIntegral<size_t>();
59 cache->remove(key);
60 },
__anon8490bc0f0902() 61 [](FuzzedDataProvider*, FuzzCache* cache) -> void {
62 cache->setOnEntryRemovedListener(&callback);
63 }};
64
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)65 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
66 FuzzedDataProvider dataProvider(data, size);
67 FuzzCache cache(MAX_CACHE_ENTRIES);
68 while (dataProvider.remaining_bytes() > 0) {
69 uint8_t op = dataProvider.ConsumeIntegral<uint8_t>() % operations.size();
70 operations[op](&dataProvider, &cache);
71 }
72
73 return 0;
74 }
75