• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright 2021 Google LLC
2 Licensed under the Apache License, Version 2.0 (the "License");
3 you may not use this file except in compliance with the License.
4 You may obtain a copy of the License at
5       http://www.apache.org/licenses/LICENSE-2.0
6 Unless required by applicable law or agreed to in writing, software
7 distributed under the License is distributed on an "AS IS" BASIS,
8 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9 See the License for the specific language governing permissions and
10 limitations under the License.
11 */
12 
13 #include "config.h"
14 #include "syshead.h"
15 #include "list.h"
16 
17 #include "fuzz_randomizer.h"
18 
19 #define KEY_SIZE 23
20 
21 /* Required for hash_init() */
word_hash_function(const void * key,uint32_t iv)22 static uint32_t word_hash_function(const void *key, uint32_t iv) {
23   return hash_func(key, KEY_SIZE, iv);
24 }
25 
26 /* Required for hash_init() */
word_compare_function(const void * key1,const void * key2)27 static bool word_compare_function(const void *key1, const void *key2) {
28   return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29 }
30 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)31 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32   struct gc_arena gc;
33   struct hash *hash = NULL;
34   ssize_t generic_ssizet, generic_ssizet2, num_loops;
35 
36   fuzz_random_init(data, size);
37 
38   gc = gc_new();
39 
40   int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41   for (int i = 0; i < total_to_fuzz; i++) {
42     generic_ssizet = fuzz_randomizer_get_int(0, 8);
43 
44     switch (generic_ssizet) {
45     case 0:
46       if (hash == NULL) {
47         int n_buckets = fuzz_randomizer_get_int(1, 1000);
48         uint32_t iv;
49 
50         hash =
51             hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52       }
53       break;
54     case 1:
55       if (hash) {
56         hash_free(hash);
57         hash = NULL;
58       }
59       break;
60     case 2:
61       if (hash) {
62         struct hash_iterator hi;
63         struct hash_element *he;
64         hash_iterator_init(hash, &hi);
65         while ((he = hash_iterator_next(&hi))) {
66           void *w = he->value;
67         }
68         hash_iterator_free(&hi);
69       }
70       break;
71     case 3:
72       if (hash) {
73         void *key;
74         void *value;
75         char arr[KEY_SIZE];
76         memset(arr, 0, KEY_SIZE);
77         fuzz_get_random_data(arr, KEY_SIZE);
78         key = (void *)arr;
79         if (!hash_lookup(hash, key)) {
80           generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81           value = (void *)generic_ssizet;
82           hash_add(hash, key, value, false);
83         }
84       }
85       break;
86     case 4:
87       if (hash) {
88         hash_n_elements(hash);
89       }
90       break;
91     case 5:
92       if (hash) {
93         hash_n_buckets(hash);
94       }
95       break;
96     case 6:
97       if (hash) {
98         uint32_t hv;
99         generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100         hv = generic_ssizet;
101         hash_bucket(hash, hv);
102       }
103       break;
104     case 7:
105       if (hash) {
106         void *key;
107         char arr[KEY_SIZE];
108         memset(arr, 0, KEY_SIZE);
109         fuzz_get_random_data(arr, KEY_SIZE);
110         key = (void *)arr;
111         hash_remove(hash, key);
112       }
113       break;
114     case 8:
115       if (hash) {
116         void *value;
117         generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118         value = (void *)generic_ssizet;
119         hash_remove_by_value(hash, value);
120       }
121     default:
122       break;
123     }
124   }
125 
126   if (hash) {
127     hash_free(hash);
128   }
129 
130   gc_free(&gc);
131 
132   fuzz_random_destroy();
133 
134   return 0;
135 }
136