• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <functional>
18 
19 #include "fuzzer/FuzzedDataProvider.h"
20 #include "utils/LruCache.h"
21 #include "utils/StrongPointer.h"
22 
23 typedef android::LruCache<size_t, size_t> FuzzCache;
24 
25 static constexpr uint32_t MAX_CACHE_ENTRIES = 800;
26 
27 class NoopRemovedCallback : public android::OnEntryRemoved<size_t, size_t> {
28   public:
operator ()(size_t &,size_t &)29     void operator()(size_t&, size_t&) {
30         // noop
31     }
32 };
33 
34 static NoopRemovedCallback callback;
35 
36 static const std::vector<std::function<void(FuzzedDataProvider*, FuzzCache*)>> operations = {
__anon12b2102d0102() 37         [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->removeOldest(); },
__anon12b2102d0202() 38         [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->peekOldestValue(); },
__anon12b2102d0302() 39         [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->clear(); },
__anon12b2102d0402() 40         [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->size(); },
__anon12b2102d0502() 41         [](FuzzedDataProvider*, FuzzCache* cache) -> void {
42             android::LruCache<size_t, size_t>::Iterator iter(*cache);
43             while (iter.next()) {
44                 iter.key();
45                 iter.value();
46             }
47         },
__anon12b2102d0602() 48         [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
49             size_t key = dataProvider->ConsumeIntegral<size_t>();
50             size_t val = dataProvider->ConsumeIntegral<size_t>();
51             cache->put(key, val);
52         },
__anon12b2102d0702() 53         [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
54             size_t key = dataProvider->ConsumeIntegral<size_t>();
55             cache->get(key);
56         },
__anon12b2102d0802() 57         [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void {
58             size_t key = dataProvider->ConsumeIntegral<size_t>();
59             cache->remove(key);
60         },
__anon12b2102d0902() 61         [](FuzzedDataProvider*, FuzzCache* cache) -> void {
62             cache->setOnEntryRemovedListener(&callback);
63         }};
64 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)65 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
66     FuzzedDataProvider dataProvider(data, size);
67     FuzzCache cache(MAX_CACHE_ENTRIES);
68     while (dataProvider.remaining_bytes() > 0) {
69         uint8_t op = dataProvider.ConsumeIntegral<uint8_t>() % operations.size();
70         operations[op](&dataProvider, &cache);
71     }
72 
73     return 0;
74 }
75