Coverage Report

Created: 2025-10-13 06:59

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/fmt/test/fuzzing/named-arg.cc
Line
Count
Source
1
// Copyright (c) 2019, Paul Dreik
2
// For the license information refer to format.h.
3
4
#include <fmt/chrono.h>
5
6
#include <cstdint>
7
#include <type_traits>
8
#include <vector>
9
10
#include "fuzzer-common.h"
11
12
template <typename T>
13
10.3k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
10.3k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
10.3k
  if (size <= fixed_size) return;
16
10.3k
  const T value = assign_from_buf<T>(data);
17
10.3k
  data += fixed_size;
18
10.3k
  size -= fixed_size;
19
20
10.3k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
10.2k
  data_to_string arg_name(data, arg_name_size, true);
22
10.2k
  data += arg_name_size;
23
10.2k
  size -= arg_name_size;
24
25
10.2k
  data_to_string format_str(data, size);
26
10.2k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
10.2k
    fmt::memory_buffer out;
32
10.2k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
10.2k
                   fmt::arg(arg_name.data(), value));
34
10.2k
#endif
35
10.2k
  } catch (std::exception&) {
36
7.93k
  }
37
10.2k
}
void invoke_fmt<bool>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
233
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
233
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
233
  if (size <= fixed_size) return;
16
227
  const T value = assign_from_buf<T>(data);
17
227
  data += fixed_size;
18
227
  size -= fixed_size;
19
20
227
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
210
  data_to_string arg_name(data, arg_name_size, true);
22
210
  data += arg_name_size;
23
210
  size -= arg_name_size;
24
25
210
  data_to_string format_str(data, size);
26
210
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
210
    fmt::memory_buffer out;
32
210
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
210
                   fmt::arg(arg_name.data(), value));
34
210
#endif
35
210
  } catch (std::exception&) {
36
185
  }
37
210
}
void invoke_fmt<char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
406
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
406
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
406
  if (size <= fixed_size) return;
16
400
  const T value = assign_from_buf<T>(data);
17
400
  data += fixed_size;
18
400
  size -= fixed_size;
19
20
400
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
394
  data_to_string arg_name(data, arg_name_size, true);
22
394
  data += arg_name_size;
23
394
  size -= arg_name_size;
24
25
394
  data_to_string format_str(data, size);
26
394
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
394
    fmt::memory_buffer out;
32
394
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
394
                   fmt::arg(arg_name.data(), value));
34
394
#endif
35
394
  } catch (std::exception&) {
36
365
  }
37
394
}
void invoke_fmt<signed char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
161
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
161
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
161
  if (size <= fixed_size) return;
16
158
  const T value = assign_from_buf<T>(data);
17
158
  data += fixed_size;
18
158
  size -= fixed_size;
19
20
158
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
151
  data_to_string arg_name(data, arg_name_size, true);
22
151
  data += arg_name_size;
23
151
  size -= arg_name_size;
24
25
151
  data_to_string format_str(data, size);
26
151
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
151
    fmt::memory_buffer out;
32
151
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
151
                   fmt::arg(arg_name.data(), value));
34
151
#endif
35
151
  } catch (std::exception&) {
36
132
  }
37
151
}
void invoke_fmt<unsigned char>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
134
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
134
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
134
  if (size <= fixed_size) return;
16
130
  const T value = assign_from_buf<T>(data);
17
130
  data += fixed_size;
18
130
  size -= fixed_size;
19
20
130
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
125
  data_to_string arg_name(data, arg_name_size, true);
22
125
  data += arg_name_size;
23
125
  size -= arg_name_size;
24
25
125
  data_to_string format_str(data, size);
26
125
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
125
    fmt::memory_buffer out;
32
125
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
125
                   fmt::arg(arg_name.data(), value));
34
125
#endif
35
125
  } catch (std::exception&) {
36
99
  }
37
125
}
void invoke_fmt<short>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
150
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
150
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
150
  if (size <= fixed_size) return;
16
149
  const T value = assign_from_buf<T>(data);
17
149
  data += fixed_size;
18
149
  size -= fixed_size;
19
20
149
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
141
  data_to_string arg_name(data, arg_name_size, true);
22
141
  data += arg_name_size;
23
141
  size -= arg_name_size;
24
25
141
  data_to_string format_str(data, size);
26
141
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
141
    fmt::memory_buffer out;
32
141
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
141
                   fmt::arg(arg_name.data(), value));
34
141
#endif
35
141
  } catch (std::exception&) {
36
112
  }
37
141
}
void invoke_fmt<unsigned short>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
89
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
89
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
89
  if (size <= fixed_size) return;
16
83
  const T value = assign_from_buf<T>(data);
17
83
  data += fixed_size;
18
83
  size -= fixed_size;
19
20
83
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
76
  data_to_string arg_name(data, arg_name_size, true);
22
76
  data += arg_name_size;
23
76
  size -= arg_name_size;
24
25
76
  data_to_string format_str(data, size);
26
76
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
76
    fmt::memory_buffer out;
32
76
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
76
                   fmt::arg(arg_name.data(), value));
34
76
#endif
35
76
  } catch (std::exception&) {
36
59
  }
37
76
}
void invoke_fmt<int>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
518
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
518
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
518
  if (size <= fixed_size) return;
16
512
  const T value = assign_from_buf<T>(data);
17
512
  data += fixed_size;
18
512
  size -= fixed_size;
19
20
512
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
505
  data_to_string arg_name(data, arg_name_size, true);
22
505
  data += arg_name_size;
23
505
  size -= arg_name_size;
24
25
505
  data_to_string format_str(data, size);
26
505
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
505
    fmt::memory_buffer out;
32
505
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
505
                   fmt::arg(arg_name.data(), value));
34
505
#endif
35
505
  } catch (std::exception&) {
36
431
  }
37
505
}
void invoke_fmt<unsigned int>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
295
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
295
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
295
  if (size <= fixed_size) return;
16
289
  const T value = assign_from_buf<T>(data);
17
289
  data += fixed_size;
18
289
  size -= fixed_size;
19
20
289
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
283
  data_to_string arg_name(data, arg_name_size, true);
22
283
  data += arg_name_size;
23
283
  size -= arg_name_size;
24
25
283
  data_to_string format_str(data, size);
26
283
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
283
    fmt::memory_buffer out;
32
283
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
283
                   fmt::arg(arg_name.data(), value));
34
283
#endif
35
283
  } catch (std::exception&) {
36
228
  }
37
283
}
void invoke_fmt<long>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
983
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
983
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
983
  if (size <= fixed_size) return;
16
980
  const T value = assign_from_buf<T>(data);
17
980
  data += fixed_size;
18
980
  size -= fixed_size;
19
20
980
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
974
  data_to_string arg_name(data, arg_name_size, true);
22
974
  data += arg_name_size;
23
974
  size -= arg_name_size;
24
25
974
  data_to_string format_str(data, size);
26
974
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
974
    fmt::memory_buffer out;
32
974
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
974
                   fmt::arg(arg_name.data(), value));
34
974
#endif
35
974
  } catch (std::exception&) {
36
768
  }
37
974
}
void invoke_fmt<unsigned long>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
716
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
716
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
716
  if (size <= fixed_size) return;
16
710
  const T value = assign_from_buf<T>(data);
17
710
  data += fixed_size;
18
710
  size -= fixed_size;
19
20
710
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
704
  data_to_string arg_name(data, arg_name_size, true);
22
704
  data += arg_name_size;
23
704
  size -= arg_name_size;
24
25
704
  data_to_string format_str(data, size);
26
704
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
704
    fmt::memory_buffer out;
32
704
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
704
                   fmt::arg(arg_name.data(), value));
34
704
#endif
35
704
  } catch (std::exception&) {
36
515
  }
37
704
}
void invoke_fmt<float>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
2.05k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
2.05k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
2.05k
  if (size <= fixed_size) return;
16
2.04k
  const T value = assign_from_buf<T>(data);
17
2.04k
  data += fixed_size;
18
2.04k
  size -= fixed_size;
19
20
2.04k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
2.04k
  data_to_string arg_name(data, arg_name_size, true);
22
2.04k
  data += arg_name_size;
23
2.04k
  size -= arg_name_size;
24
25
2.04k
  data_to_string format_str(data, size);
26
2.04k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
2.04k
    fmt::memory_buffer out;
32
2.04k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
2.04k
                   fmt::arg(arg_name.data(), value));
34
2.04k
#endif
35
2.04k
  } catch (std::exception&) {
36
1.60k
  }
37
2.04k
}
void invoke_fmt<double>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
2.79k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
2.79k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
2.79k
  if (size <= fixed_size) return;
16
2.78k
  const T value = assign_from_buf<T>(data);
17
2.78k
  data += fixed_size;
18
2.78k
  size -= fixed_size;
19
20
2.78k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
2.78k
  data_to_string arg_name(data, arg_name_size, true);
22
2.78k
  data += arg_name_size;
23
2.78k
  size -= arg_name_size;
24
25
2.78k
  data_to_string format_str(data, size);
26
2.78k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
2.78k
    fmt::memory_buffer out;
32
2.78k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
2.78k
                   fmt::arg(arg_name.data(), value));
34
2.78k
#endif
35
2.78k
  } catch (std::exception&) {
36
2.02k
  }
37
2.78k
}
void invoke_fmt<long double>(unsigned char const*, unsigned long, unsigned int)
Line
Count
Source
13
1.85k
void invoke_fmt(const uint8_t* data, size_t size, unsigned arg_name_size) {
14
1.85k
  static_assert(sizeof(T) <= fixed_size, "fixed_size too small");
15
1.85k
  if (size <= fixed_size) return;
16
1.85k
  const T value = assign_from_buf<T>(data);
17
1.85k
  data += fixed_size;
18
1.85k
  size -= fixed_size;
19
20
1.85k
  if (arg_name_size <= 0 || arg_name_size >= size) return;
21
1.84k
  data_to_string arg_name(data, arg_name_size, true);
22
1.84k
  data += arg_name_size;
23
1.84k
  size -= arg_name_size;
24
25
1.84k
  data_to_string format_str(data, size);
26
1.84k
  try {
27
#if FMT_FUZZ_FORMAT_TO_STRING
28
    std::string message =
29
        fmt::format(format_str.get(), fmt::arg(arg_name.data(), value));
30
#else
31
1.84k
    fmt::memory_buffer out;
32
1.84k
    fmt::format_to(std::back_inserter(out), format_str.get(),
33
1.84k
                   fmt::arg(arg_name.data(), value));
34
1.84k
#endif
35
1.84k
  } catch (std::exception&) {
36
1.41k
  }
37
1.84k
}
38
39
// For dynamic dispatching to an explicit instantiation.
40
10.3k
template <typename Callback> void invoke(int type, Callback callback) {
41
10.3k
  switch (type) {
42
233
  case 0:
43
233
    callback(bool());
44
233
    break;
45
406
  case 1:
46
406
    callback(char());
47
406
    break;
48
161
  case 2:
49
161
    using sc = signed char;
50
161
    callback(sc());
51
161
    break;
52
134
  case 3:
53
134
    using uc = unsigned char;
54
134
    callback(uc());
55
134
    break;
56
150
  case 4:
57
150
    callback(short());
58
150
    break;
59
89
  case 5:
60
89
    using us = unsigned short;
61
89
    callback(us());
62
89
    break;
63
518
  case 6:
64
518
    callback(int());
65
518
    break;
66
295
  case 7:
67
295
    callback(unsigned());
68
295
    break;
69
983
  case 8:
70
983
    callback(long());
71
983
    break;
72
716
  case 9:
73
716
    using ul = unsigned long;
74
716
    callback(ul());
75
716
    break;
76
2.05k
  case 10:
77
2.05k
    callback(float());
78
2.05k
    break;
79
2.79k
  case 11:
80
2.79k
    callback(double());
81
2.79k
    break;
82
1.85k
  case 12:
83
1.85k
    using LD = long double;
84
1.85k
    callback(LD());
85
1.85k
    break;
86
10.3k
  }
87
10.3k
}
88
89
10.3k
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
90
10.3k
  if (size <= 3) return 0;
91
92
  // Switch types depending on the first byte of the input.
93
10.3k
  const auto type = data[0] & 0x0F;
94
10.3k
  const unsigned arg_name_size = (data[0] & 0xF0) >> 4;
95
10.3k
  data++;
96
10.3k
  size--;
97
98
10.3k
  invoke(type, [=](auto arg) {
99
10.3k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
10.3k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<bool>(bool) const
Line
Count
Source
98
233
  invoke(type, [=](auto arg) {
99
233
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
233
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<char>(char) const
Line
Count
Source
98
406
  invoke(type, [=](auto arg) {
99
406
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
406
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<signed char>(signed char) const
Line
Count
Source
98
161
  invoke(type, [=](auto arg) {
99
161
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
161
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned char>(unsigned char) const
Line
Count
Source
98
134
  invoke(type, [=](auto arg) {
99
134
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
134
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<short>(short) const
Line
Count
Source
98
150
  invoke(type, [=](auto arg) {
99
150
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
150
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned short>(unsigned short) const
Line
Count
Source
98
89
  invoke(type, [=](auto arg) {
99
89
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
89
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<int>(int) const
Line
Count
Source
98
518
  invoke(type, [=](auto arg) {
99
518
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
518
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned int>(unsigned int) const
Line
Count
Source
98
295
  invoke(type, [=](auto arg) {
99
295
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
295
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<long>(long) const
Line
Count
Source
98
983
  invoke(type, [=](auto arg) {
99
983
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
983
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<unsigned long>(unsigned long) const
Line
Count
Source
98
716
  invoke(type, [=](auto arg) {
99
716
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
716
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<float>(float) const
Line
Count
Source
98
2.05k
  invoke(type, [=](auto arg) {
99
2.05k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
2.05k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<double>(double) const
Line
Count
Source
98
2.79k
  invoke(type, [=](auto arg) {
99
2.79k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
2.79k
  });
named-arg.cc:auto LLVMFuzzerTestOneInput::$_0::operator()<long double>(long double) const
Line
Count
Source
98
1.85k
  invoke(type, [=](auto arg) {
99
1.85k
    invoke_fmt<decltype(arg)>(data, size, arg_name_size);
100
1.85k
  });
101
10.3k
  return 0;
102
10.3k
}