1 // This file is distributed under the University of Illinois Open Source
2 // License. See LICENSE.TXT for details.
3
4 // This test computes a checksum of the data (all but the last 4 bytes),
5 // and then compares the last 4 bytes with the computed value.
6 // A fuzzer with cmp traces is expected to defeat this check.
7 #include <cstdint>
8 #include <cstdlib>
9 #include <cstring>
10 #include <cstdio>
11
12 // A modified jenkins_one_at_a_time_hash initialized by non-zero,
13 // so that simple_hash(0) != 0. See also
14 // https://en.wikipedia.org/wiki/Jenkins_hash_function
simple_hash(const uint8_t * Data,size_t Size)15 static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
16 uint32_t Hash = 0x12039854;
17 for (uint32_t i = 0; i < Size; i++) {
18 Hash += Data[i];
19 Hash += (Hash << 10);
20 Hash ^= (Hash >> 6);
21 }
22 Hash += (Hash << 3);
23 Hash ^= (Hash >> 11);
24 Hash += (Hash << 15);
25 return Hash;
26 }
27
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
29 if (Size < 14)
30 return 0;
31
32 uint32_t Hash = simple_hash(&Data[0], Size - 4);
33 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
34 if (Hash != Want)
35 return 0;
36 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
37 (unsigned int)Want);
38 exit(1);
39 return 0;
40 }
41