lib/Fuzzer/test/UserSuppliedFuzzerTest.cpp - platform/external/llvm - Git at Google

 // Simple test for a fuzzer.
 // The fuzzer must find the string "Hi!" preceded by a magic value.
 // Uses UserSuppliedFuzzer which ensures that the magic is present.
 #include <cstdint>
 #include <cassert>
 #include <cstdlib>
 #include <cstddef>
 #include <cstring>
 #include <iostream>

 #include "FuzzerInterface.h"

 static const uint64_t kMagic = 8860221463604ULL;

 class MyFuzzer : public fuzzer::UserSuppliedFuzzer {
  public:
   MyFuzzer(fuzzer::FuzzerRandomBase *Rand)
       : fuzzer::UserSuppliedFuzzer(Rand) {}
   int TargetFunction(const uint8_t *Data, size_t Size) {
     if (Size <= 10) return 0;
     if (memcmp(Data, &kMagic, sizeof(kMagic))) return 0;
     // It's hard to get here w/o advanced fuzzing techniques (e.g. cmp tracing).
     // So, we simply 'fix' the data in the custom mutator.
     if (Data[8] == 'H') {
       if (Data[9] == 'i') {
         if (Data[10] == '!') {
           std::cout << "BINGO; Found the target, exiting\n";
           exit(1);
         }
       }
     }
     return 0;
   }
   // Custom mutator.
   virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
     assert(MaxSize > sizeof(kMagic));
     if (Size < sizeof(kMagic))
       Size = sizeof(kMagic);
     // "Fix" the data, then mutate.
     memcpy(Data, &kMagic, std::min(MaxSize, sizeof(kMagic)));
     return fuzzer::UserSuppliedFuzzer::Mutate(
         Data + sizeof(kMagic), Size - sizeof(kMagic), MaxSize - sizeof(kMagic));
   }
   // No need to redefine CrossOver() here.
 };

 int main(int argc, char **argv) {
   fuzzer::FuzzerRandomLibc Rand(0);
   MyFuzzer F(&Rand);
   fuzzer::FuzzerDriver(argc, argv, F);
 }
	// Simple test for a fuzzer.
	// The fuzzer must find the string "Hi!" preceded by a magic value.
	// Uses UserSuppliedFuzzer which ensures that the magic is present.
	#include <cstdint>
	#include <cassert>
	#include <cstdlib>
	#include <cstddef>
	#include <cstring>
	#include <iostream>

	#include "FuzzerInterface.h"

	static const uint64_t kMagic = 8860221463604ULL;

	class MyFuzzer : public fuzzer::UserSuppliedFuzzer {
	public:
	MyFuzzer(fuzzer::FuzzerRandomBase *Rand)
	: fuzzer::UserSuppliedFuzzer(Rand) {}
	int TargetFunction(const uint8_t *Data, size_t Size) {
	if (Size <= 10) return 0;
	if (memcmp(Data, &kMagic, sizeof(kMagic))) return 0;
	// It's hard to get here w/o advanced fuzzing techniques (e.g. cmp tracing).
	// So, we simply 'fix' the data in the custom mutator.
	if (Data[8] == 'H') {
	if (Data[9] == 'i') {
	if (Data[10] == '!') {
	std::cout << "BINGO; Found the target, exiting\n";
	exit(1);
	}
	}
	}
	return 0;
	}
	// Custom mutator.
	virtual size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
	assert(MaxSize > sizeof(kMagic));
	if (Size < sizeof(kMagic))
	Size = sizeof(kMagic);
	// "Fix" the data, then mutate.
	memcpy(Data, &kMagic, std::min(MaxSize, sizeof(kMagic)));
	return fuzzer::UserSuppliedFuzzer::Mutate(
	Data + sizeof(kMagic), Size - sizeof(kMagic), MaxSize - sizeof(kMagic));
	}
	// No need to redefine CrossOver() here.
	};

	int main(int argc, char **argv) {
	fuzzer::FuzzerRandomLibc Rand(0);
	MyFuzzer F(&Rand);
	fuzzer::FuzzerDriver(argc, argv, F);
	}