1 #include <cstdint>
2 #include <fuzzer/FuzzedDataProvider.h>
3
4 extern "C" {
5 #include "libufdt_sysdeps.h"
6 #include "libufdt.h"
7 #include "ufdt_node_pool.h"
8 }
9
10 constexpr uint32_t kMaxData = 1024 * 512;
11 constexpr size_t kMinDataSize = 10;
12
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)13 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
14 if (size < kMinDataSize || size > kMaxData) {
15 return 0;
16 }
17
18 FuzzedDataProvider stream(data, size);
19
20 // Initialize node pool
21 struct ufdt_node_pool pool; // Allocate the structure.
22 ufdt_node_pool_construct(&pool); // Initialize it.
23
24 // Consume bytes and ensure they persist for the required lifetime
25 auto bytes = stream.ConsumeBytes<uint8_t>(stream.remaining_bytes() / 2);
26 void *fdtp = bytes.data();
27
28 int isValidBuffer = fdt_check_full(bytes.data(), bytes.size());
29 // Return if memory bytes are invalid
30 if (isValidBuffer != 0) {
31 return 0;
32 }
33
34 fdt32_t *fdt_tag_ptr = (fdt32_t *)fdt_offset_ptr(fdtp, 0, sizeof(fdt32_t));
35 struct ufdt_node *node = ufdt_node_construct(fdtp, fdt_tag_ptr, &pool);
36
37 int depth = stream.ConsumeIntegral<int>();
38
39 if (node) {
40 ufdt_node_print(node, depth);
41 }
42
43 ufdt_node_destruct(node, &pool);
44
45 return 0;
46 }
47