1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5 http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12
13
14 #include "config.h"
15 #include "syshead.h"
16 #include "misc.h"
17 #include "buffer.h"
18
19 #include "fuzz_randomizer.h"
20
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)21 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
22 fuzz_random_init(data,size);
23
24 struct gc_arena gc;
25 struct buffer *bufp;
26 struct buffer buf, buf2;
27 struct buffer_list *buflistp = NULL;
28 ssize_t generic_ssizet, _size;
29 char *tmp;
30 char *tmp2;
31 char match;
32
33 gc = gc_new();
34 bufp = NULL;
35
36 int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
37 for (int i = 0; i < total_to_fuzz; i++) {
38 if (bufp == NULL) {
39 generic_ssizet = fuzz_randomizer_get_int(0, 1);
40 if (generic_ssizet == 0) {
41 _size = fuzz_randomizer_get_int(0, 100);
42 buf = alloc_buf_gc(_size, &gc);
43 bufp = &buf;
44 } else {
45 tmp = get_random_string();
46 buf = string_alloc_buf(tmp, &gc);
47 bufp = &buf;
48 free(tmp);
49 tmp = NULL;
50 }
51 } else {
52 #define NUM_TARGETS 32
53 generic_ssizet = fuzz_randomizer_get_int(0, NUM_TARGETS);
54 switch (generic_ssizet) {
55 case 0:
56 buf_clear(bufp);
57 break;
58 case 1:
59 buf2 = clone_buf(bufp);
60 free_buf(&buf2);
61 break;
62 case 2:
63 buf_defined(bufp);
64 break;
65 case 3:
66 buf_valid(bufp);
67 break;
68 case 4:
69 buf_bptr(bufp);
70 break;
71 case 5:
72 buf_len(bufp);
73 break;
74 case 6:
75 buf_bend(bufp);
76 break;
77 case 7:
78 buf_blast(bufp);
79 break;
80 case 8:
81 buf_str(bufp);
82 break;
83 case 9:
84 generic_ssizet = fuzz_randomizer_get_int(0, 255);
85 buf_rmtail(bufp, (uint8_t)generic_ssizet);
86 break;
87 case 10:
88 buf_chomp(bufp);
89 break;
90 case 11:
91 tmp = get_random_string();
92 skip_leading_whitespace(tmp);
93 free(tmp);
94 tmp = NULL;
95 break;
96 case 12:
97 tmp = get_random_string();
98 chomp(tmp);
99 free(tmp);
100 tmp = NULL;
101 break;
102 case 13:
103 tmp = get_random_string();
104 tmp2 = get_random_string();
105 rm_trailing_chars(tmp, tmp2);
106 free(tmp);
107 free(tmp2);
108 tmp = NULL;
109 tmp2 = NULL;
110 break;
111 case 14:
112 tmp = get_random_string();
113 string_clear(tmp);
114 free(tmp);
115 tmp = NULL;
116 break;
117 case 15:
118 tmp = get_random_string();
119 buf_string_match_head_str(bufp, tmp);
120 free(tmp);
121 tmp = NULL;
122 break;
123 case 16:
124 tmp = get_random_string();
125 buf_string_compare_advance(bufp, tmp);
126 free(tmp);
127 tmp = NULL;
128 break;
129 case 17:
130 generic_ssizet = fuzz_randomizer_get_int(0, 255);
131
132 tmp = get_random_string();
133 if (strlen(tmp) > 0) {
134 buf_parse(bufp, (int)generic_ssizet, tmp, strlen(tmp));
135 }
136
137 free(tmp);
138 tmp = NULL;
139 break;
140 case 18:
141 tmp = get_random_string();
142 string_mod(tmp, fuzz_randomizer_get_int(0, 12312),
143 fuzz_randomizer_get_int(0, 23141234),
144 (char)fuzz_randomizer_get_int(0, 255));
145
146 free(tmp);
147 tmp = NULL;
148 break;
149 case 19:
150 tmp = get_random_string();
151 match = (char)fuzz_randomizer_get_int(0, 255);
152 if (match != 0) {
153 string_replace_leading(tmp, match, (char)fuzz_randomizer_get_int(0, 255));
154 }
155
156 free(tmp);
157 tmp = NULL;
158 break;
159 case 20:
160 tmp = get_random_string();
161 buf_write(bufp, tmp, strlen(tmp));
162
163 free(tmp);
164 tmp = NULL;
165 break;
166 case 21:
167 tmp = get_random_string();
168
169 buf_write_prepend(bufp, tmp, strlen(tmp));
170
171 free(tmp);
172 tmp = NULL;
173 break;
174 case 22:
175 buf_write_u8(bufp, fuzz_randomizer_get_int(0, 255));
176 break;
177 case 23:
178 buf_write_u16(bufp, fuzz_randomizer_get_int(0, 1024));
179 break;
180 case 24:
181 buf_write_u32(bufp, fuzz_randomizer_get_int(0, 12312));
182 break;
183 case 25:
184 tmp = get_random_string();
185 buf_catrunc(bufp, tmp);
186 free(tmp);
187 tmp = NULL;
188 break;
189 case 26:
190 convert_to_one_line(bufp);
191 break;
192 case 27:
193 buf_advance(bufp, fuzz_randomizer_get_int(0, 25523));
194 break;
195 case 28:
196 buf_prepend(bufp, fuzz_randomizer_get_int(0, 251235));
197 break;
198 case 29:
199 buf_reverse_capacity(bufp);
200 break;
201 case 30:
202 buf_forward_capacity_total(bufp);
203 break;
204 case 31:
205 buf_forward_capacity(bufp);
206 break;
207 case 32:
208 tmp = get_random_string();
209 buf_puts(bufp, tmp);
210 free(tmp);
211 tmp = NULL;
212 break;
213 }
214 }
215
216 if (buflistp == NULL) {
217 buflistp = buffer_list_new(fuzz_randomizer_get_int(0, 200));
218 } else {
219 #define NUM_LIST_TARGETS 6
220 generic_ssizet = fuzz_randomizer_get_int(0, NUM_LIST_TARGETS);
221 switch (generic_ssizet) {
222 case 0:
223 buffer_list_free(buflistp);
224 buflistp = NULL;
225 break;
226 case 1:
227 buffer_list_defined(buflistp);
228 break;
229 case 2:
230 tmp = get_random_string();
231 if (strlen(tmp) < BUF_SIZE_MAX) {
232 buffer_list_push(buflistp, tmp);
233 }
234 free(tmp);
235 tmp = NULL;
236 break;
237 case 3:
238 buffer_list_peek(buflistp);
239 break;
240 case 4:
241 buffer_list_pop(buflistp);
242 break;
243 case 5:
244 tmp = get_random_string();
245 buffer_list_aggregate_separator(
246 buflistp, fuzz_randomizer_get_int(0, 1024), tmp);
247
248 free(tmp);
249 tmp = NULL;
250 break;
251 case 6:
252 buffer_list_aggregate(buflistp,
253 fuzz_randomizer_get_int(0, 1024));
254 break;
255 }
256 }
257 }
258
259 // Cleanup
260 buffer_list_free(buflistp);
261 gc_free(&gc);
262
263 fuzz_random_destroy();
264
265 return 0;
266 }
267