/src/harfbuzz/test/fuzzing/hb-set-fuzzer.cc
Line | Count | Source |
1 | | #include "hb-fuzzer.hh" |
2 | | |
3 | | #include <stdlib.h> |
4 | | #include <stdio.h> |
5 | | #include <string.h> |
6 | | #include <assert.h> |
7 | | |
8 | | #include "hb.h" |
9 | | |
10 | | // Only allow ~5,000 set values between the two input sets. |
11 | | // Arbitrarily long input sets do not trigger any meaningful |
12 | | // differences in behaviour so there's no benefit from allowing |
13 | | // the fuzzer to create super large sets. |
14 | 117 | #define MAX_INPUT_SIZE 20000 |
15 | | |
16 | | enum set_operation_t : uint8_t |
17 | | { |
18 | | INTERSECT = 0, |
19 | | UNION = 1, |
20 | | SUBTRACT = 2, |
21 | | SYMMETRIC_DIFFERENCE = 3 |
22 | | }; |
23 | | |
24 | | struct instructions_t |
25 | | { |
26 | | set_operation_t operation; |
27 | | uint32_t first_set_size; |
28 | | }; |
29 | | |
30 | | static hb_set_t *create_set (const uint32_t *value_array, int count) |
31 | 74 | { |
32 | 74 | hb_set_t *set = hb_set_create (); |
33 | 63.8k | for (int i = 0; i < count; i++) |
34 | 63.8k | hb_set_add (set, value_array[i]); |
35 | 74 | return set; |
36 | 74 | } |
37 | | |
38 | | |
39 | | extern "C" int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) |
40 | 140 | { |
41 | 140 | _fuzzing_skip_leading_comment (&data, &size); |
42 | 140 | alloc_state = _fuzzing_alloc_state (data, size); |
43 | | |
44 | 140 | if (size < sizeof (instructions_t)) |
45 | 23 | return 0; |
46 | | |
47 | 117 | if (size > MAX_INPUT_SIZE) |
48 | 26 | return 0; |
49 | | |
50 | 91 | const instructions_t &instructions = reinterpret_cast<const instructions_t &> (*data); |
51 | 91 | data += sizeof (instructions_t); |
52 | 91 | size -= sizeof (instructions_t); |
53 | | |
54 | 91 | const uint32_t *values = reinterpret_cast<const uint32_t *> (data); |
55 | 91 | size = size / sizeof (uint32_t); |
56 | | |
57 | 91 | if (size < instructions.first_set_size) |
58 | 54 | return 0; |
59 | | |
60 | 37 | hb_set_t *set_a = create_set (values, instructions.first_set_size); |
61 | | |
62 | 37 | values += instructions.first_set_size; |
63 | 37 | size -= instructions.first_set_size; |
64 | 37 | hb_set_t *set_b = create_set (values, size); |
65 | | |
66 | 37 | switch (instructions.operation) |
67 | 37 | { |
68 | 25 | case INTERSECT: |
69 | 25 | hb_set_intersect (set_a, set_b); |
70 | 25 | break; |
71 | 0 | case UNION: |
72 | 0 | hb_set_union (set_a, set_b); |
73 | 0 | break; |
74 | 0 | case SUBTRACT: |
75 | 0 | hb_set_subtract (set_a, set_b); |
76 | 0 | break; |
77 | 0 | case SYMMETRIC_DIFFERENCE: |
78 | 0 | hb_set_symmetric_difference (set_a, set_b); |
79 | 0 | break; |
80 | 12 | default: |
81 | 12 | break; |
82 | 37 | } |
83 | | |
84 | 37 | hb_set_destroy (set_a); |
85 | 37 | hb_set_destroy (set_b); |
86 | | |
87 | 37 | return 0; |
88 | 37 | } |