Coverage Report

Created: 2025-08-28 06:29

/src/fmt/test/fuzzing/named-arg.cc
Line
Count
Source (jump to first uncovered line)
1
// Copyright (c) 2019, Paul Dreik
2
// For the license information refer to format.h.
3
4
#include <fmt/chrono.h>
5
6
#include <cstdint>
7
#include <type_traits>
8
#include <vector>
9
10
#include "fuzzer-common.h"
11
12
template <typename T>
13
7.48k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
7.48k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
7.48k
  if (size <= fixed_size) return;
16
7.43k
  const T value = assign_from_buf<T>(data);
17
7.43k
  data += fixed_size;
18
7.43k
  size -= fixed_size;
19
20
7.43k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
7.35k
  data_to_string arg_name(data, arg_name_size, true);
22
7.35k
  data += arg_name_size;
23
7.35k
  size -= arg_name_size;
24
25
7.35k
  data_to_string format_str(data, size);
26
7.35k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
7.35k
    fmt::memory_buffer out;
32
7.35k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
7.35k
                   fmt::arg(arg_name.data(), value));
34
7.35k
#endif
35
7.35k
  } catch (std::exception&) {
36
5.62k
  }
37
7.35k
}
void invoke_fmt<bool>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
168
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
168
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
168
  if (size <= fixed_size) return;
16
162
  const T value = assign_from_buf<T>(data);
17
162
  data += fixed_size;
18
162
  size -= fixed_size;
19
20
162
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
151
  data_to_string arg_name(data, arg_name_size, true);
22
151
  data += arg_name_size;
23
151
  size -= arg_name_size;
24
25
151
  data_to_string format_str(data, size);
26
151
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
151
    fmt::memory_buffer out;
32
151
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
151
                   fmt::arg(arg_name.data(), value));
34
151
#endif
35
151
  } catch (std::exception&) {
36
137
  }
37
151
}
void invoke_fmt<char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
282
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
282
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
282
  if (size <= fixed_size) return;
16
279
  const T value = assign_from_buf<T>(data);
17
279
  data += fixed_size;
18
279
  size -= fixed_size;
19
20
279
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
273
  data_to_string arg_name(data, arg_name_size, true);
22
273
  data += arg_name_size;
23
273
  size -= arg_name_size;
24
25
273
  data_to_string format_str(data, size);
26
273
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
273
    fmt::memory_buffer out;
32
273
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
273
                   fmt::arg(arg_name.data(), value));
34
273
#endif
35
273
  } catch (std::exception&) {
36
247
  }
37
273
}
void invoke_fmt<signed char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
124
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
124
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
124
  if (size <= fixed_size) return;
16
119
  const T value = assign_from_buf<T>(data);
17
119
  data += fixed_size;
18
119
  size -= fixed_size;
19
20
119
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
113
  data_to_string arg_name(data, arg_name_size, true);
22
113
  data += arg_name_size;
23
113
  size -= arg_name_size;
24
25
113
  data_to_string format_str(data, size);
26
113
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
113
    fmt::memory_buffer out;
32
113
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
113
                   fmt::arg(arg_name.data(), value));
34
113
#endif
35
113
  } catch (std::exception&) {
36
90
  }
37
113
}
void invoke_fmt<unsigned char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
102
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
102
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
102
  if (size <= fixed_size) return;
16
98
  const T value = assign_from_buf<T>(data);
17
98
  data += fixed_size;
18
98
  size -= fixed_size;
19
20
98
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
93
  data_to_string arg_name(data, arg_name_size, true);
22
93
  data += arg_name_size;
23
93
  size -= arg_name_size;
24
25
93
  data_to_string format_str(data, size);
26
93
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
93
    fmt::memory_buffer out;
32
93
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
93
                   fmt::arg(arg_name.data(), value));
34
93
#endif
35
93
  } catch (std::exception&) {
36
67
  }
37
93
}
void invoke_fmt<short>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
118
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
118
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
118
  if (size <= fixed_size) return;
16
114
  const T value = assign_from_buf<T>(data);
17
114
  data += fixed_size;
18
114
  size -= fixed_size;
19
20
114
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
107
  data_to_string arg_name(data, arg_name_size, true);
22
107
  data += arg_name_size;
23
107
  size -= arg_name_size;
24
25
107
  data_to_string format_str(data, size);
26
107
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
107
    fmt::memory_buffer out;
32
107
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
107
                   fmt::arg(arg_name.data(), value));
34
107
#endif
35
107
  } catch (std::exception&) {
36
85
  }
37
107
}
void invoke_fmt<unsigned short>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
75
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
75
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
75
  if (size <= fixed_size) return;
16
70
  const T value = assign_from_buf<T>(data);
17
70
  data += fixed_size;
18
70
  size -= fixed_size;
19
20
70
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
64
  data_to_string arg_name(data, arg_name_size, true);
22
64
  data += arg_name_size;
23
64
  size -= arg_name_size;
24
25
64
  data_to_string format_str(data, size);
26
64
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
64
    fmt::memory_buffer out;
32
64
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
64
                   fmt::arg(arg_name.data(), value));
34
64
#endif
35
64
  } catch (std::exception&) {
36
49
  }
37
64
}
void invoke_fmt<int>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
382
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
382
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
382
  if (size <= fixed_size) return;
16
377
  const T value = assign_from_buf<T>(data);
17
377
  data += fixed_size;
18
377
  size -= fixed_size;
19
20
377
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
370
  data_to_string arg_name(data, arg_name_size, true);
22
370
  data += arg_name_size;
23
370
  size -= arg_name_size;
24
25
370
  data_to_string format_str(data, size);
26
370
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
370
    fmt::memory_buffer out;
32
370
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
370
                   fmt::arg(arg_name.data(), value));
34
370
#endif
35
370
  } catch (std::exception&) {
36
313
  }
37
370
}
void invoke_fmt<unsigned int>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
155
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
155
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
155
  if (size <= fixed_size) return;
16
152
  const T value = assign_from_buf<T>(data);
17
152
  data += fixed_size;
18
152
  size -= fixed_size;
19
20
152
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
147
  data_to_string arg_name(data, arg_name_size, true);
22
147
  data += arg_name_size;
23
147
  size -= arg_name_size;
24
25
147
  data_to_string format_str(data, size);
26
147
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
147
    fmt::memory_buffer out;
32
147
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
147
                   fmt::arg(arg_name.data(), value));
34
147
#endif
35
147
  } catch (std::exception&) {
36
103
  }
37
147
}
void invoke_fmt<long>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
668
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
668
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
668
  if (size <= fixed_size) return;
16
663
  const T value = assign_from_buf<T>(data);
17
663
  data += fixed_size;
18
663
  size -= fixed_size;
19
20
663
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
658
  data_to_string arg_name(data, arg_name_size, true);
22
658
  data += arg_name_size;
23
658
  size -= arg_name_size;
24
25
658
  data_to_string format_str(data, size);
26
658
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
658
    fmt::memory_buffer out;
32
658
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
658
                   fmt::arg(arg_name.data(), value));
34
658
#endif
35
658
  } catch (std::exception&) {
36
527
  }
37
658
}
void invoke_fmt<unsigned long>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
518
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
518
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
518
  if (size <= fixed_size) return;
16
513
  const T value = assign_from_buf<T>(data);
17
513
  data += fixed_size;
18
513
  size -= fixed_size;
19
20
513
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
508
  data_to_string arg_name(data, arg_name_size, true);
22
508
  data += arg_name_size;
23
508
  size -= arg_name_size;
24
25
508
  data_to_string format_str(data, size);
26
508
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
508
    fmt::memory_buffer out;
32
508
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
508
                   fmt::arg(arg_name.data(), value));
34
508
#endif
35
508
  } catch (std::exception&) {
36
374
  }
37
508
}
void invoke_fmt<float>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
1.44k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
1.44k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
1.44k
  if (size <= fixed_size) return;
16
1.44k
  const T value = assign_from_buf<T>(data);
17
1.44k
  data += fixed_size;
18
1.44k
  size -= fixed_size;
19
20
1.44k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
1.44k
  data_to_string arg_name(data, arg_name_size, true);
22
1.44k
  data += arg_name_size;
23
1.44k
  size -= arg_name_size;
24
25
1.44k
  data_to_string format_str(data, size);
26
1.44k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
1.44k
    fmt::memory_buffer out;
32
1.44k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
1.44k
                   fmt::arg(arg_name.data(), value));
34
1.44k
#endif
35
1.44k
  } catch (std::exception&) {
36
1.07k
  }
37
1.44k
}
void invoke_fmt<double>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
2.15k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
2.15k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
2.15k
  if (size <= fixed_size) return;
16
2.15k
  const T value = assign_from_buf<T>(data);
17
2.15k
  data += fixed_size;
18
2.15k
  size -= fixed_size;
19
20
2.15k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
2.14k
  data_to_string arg_name(data, arg_name_size, true);
22
2.14k
  data += arg_name_size;
23
2.14k
  size -= arg_name_size;
24
25
2.14k
  data_to_string format_str(data, size);
26
2.14k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
2.14k
    fmt::memory_buffer out;
32
2.14k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
2.14k
                   fmt::arg(arg_name.data(), value));
34
2.14k
#endif
35
2.14k
  } catch (std::exception&) {
36
1.57k
  }
37
2.14k
}
void invoke_fmt<long double>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
1.29k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
1.29k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
1.29k
  if (size <= fixed_size) return;
16
1.28k
  const T value = assign_from_buf<T>(data);
17
1.28k
  data += fixed_size;
18
1.28k
  size -= fixed_size;
19
20
1.28k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
1.28k
  data_to_string arg_name(data, arg_name_size, true);
22
1.28k
  data += arg_name_size;
23
1.28k
  size -= arg_name_size;
24
25
1.28k
  data_to_string format_str(data, size);
26
1.28k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
1.28k
    fmt::memory_buffer out;
32
1.28k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
1.28k
                   fmt::arg(arg_name.data(), value));
34
1.28k
#endif
35
1.28k
  } catch (std::exception&) {
36
979
  }
37
1.28k
}
38
39
// For dynamic dispatching to an explicit instantiation.
40
7.48k
template <typename Callback> void invoke(int type, Callback callback) {
41
7.48k
  switch (type) {
42
168
  case 0:
43
168
    callback(bool());
44
168
    break;
45
282
  case 1:
46
282
    callback(char());
47
282
    break;
48
124
  case 2:
49
124
    using sc = signed char;
50
124
    callback(sc());
51
124
    break;
52
102
  case 3:
53
102
    using uc = unsigned char;
54
102
    callback(uc());
55
102
    break;
56
118
  case 4:
57
118
    callback(short());
58
118
    break;
59
75
  case 5:
60
75
    using us = unsigned short;
61
75
    callback(us());
62
75
    break;
63
382
  case 6:
64
382
    callback(int());
65
382
    break;
66
155
  case 7:
67
155
    callback(unsigned());
68
155
    break;
69
668
  case 8:
70
668
    callback(long());
71
668
    break;
72
518
  case 9:
73
518
    using ul = unsigned long;
74
518
    callback(ul());
75
518
    break;
76
1.44k
  case 10:
77
1.44k
    callback(float());
78
1.44k
    break;
79
2.15k
  case 11:
80
2.15k
    callback(double());
81
2.15k
    break;
82
1.29k
  case 12:
83
1.29k
    using LD = long double;
84
1.29k
    callback(LD());
85
1.29k
    break;
86
7.48k
  }
87
7.48k
}
88
89
7.48k
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
90
7.48k
  if (size <= 3) return 0;
91
92
  // Switch types depending on the first byte of the input.
93
7.48k
  const auto type = data[0] & 0x0F;
94
7.48k
  const unsigned arg_name_size = (data[0] & 0xF0) >> 4;
95
7.48k
  data++;
96
7.48k
  size--;
97
98
7.48k
  invoke(type, [=](auto arg) {
99
7.48k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
7.48k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<bool>(bool) const
Line
Count
Source
98
168
  invoke(type, [=](auto arg) {
99
168
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
168
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<char>(char) const
Line
Count
Source
98
282
  invoke(type, [=](auto arg) {
99
282
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
282
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<signed char>(signed char) const
Line
Count
Source
98
124
  invoke(type, [=](auto arg) {
99
124
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
124
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned char>(unsigned char) const
Line
Count
Source
98
102
  invoke(type, [=](auto arg) {
99
102
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
102
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<short>(short) const
Line
Count
Source
98
118
  invoke(type, [=](auto arg) {
99
118
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
118
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned short>(unsigned short) const
Line
Count
Source
98
75
  invoke(type, [=](auto arg) {
99
75
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
75
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<int>(int) const
Line
Count
Source
98
382
  invoke(type, [=](auto arg) {
99
382
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
382
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned int>(unsigned int) const
Line
Count
Source
98
155
  invoke(type, [=](auto arg) {
99
155
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
155
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<long>(long) const
Line
Count
Source
98
668
  invoke(type, [=](auto arg) {
99
668
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
668
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned long>(unsigned long) const
Line
Count
Source
98
518
  invoke(type, [=](auto arg) {
99
518
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
518
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<float>(float) const
Line
Count
Source
98
1.44k
  invoke(type, [=](auto arg) {
99
1.44k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
1.44k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<double>(double) const
Line
Count
Source
98
2.15k
  invoke(type, [=](auto arg) {
99
2.15k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
2.15k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<long double>(long double) const
Line
Count
Source
98
1.29k
  invoke(type, [=](auto arg) {
99
1.29k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
1.29k
  });
101
7.48k
  return 0;
102
7.48k
}