/src/fuzz_buffer.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/


#include "config.h"
#include "syshead.h"
#include "misc.h"
#include "buffer.h"

#include "fuzz_randomizer.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  fuzz_random_init(data,size);

  struct gc_arena gc;
  struct buffer *bufp;
  struct buffer buf, buf2;
  struct buffer_list *buflistp = NULL;
  ssize_t generic_ssizet, _size;
  char *tmp;
  char *tmp2;
  char match;

  gc = gc_new();
  bufp = NULL;

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    if (bufp == NULL) {
      generic_ssizet = fuzz_randomizer_get_int(0, 1);
      if (generic_ssizet == 0) {
        _size = fuzz_randomizer_get_int(0, 100);
        buf = alloc_buf_gc(_size, &gc);
        bufp = &buf;
      } else {
        tmp = get_random_string();
        buf = string_alloc_buf(tmp, &gc);
        bufp = &buf;
        free(tmp);
        tmp = NULL;
      }
    } else {
#define NUM_TARGETS 31
      generic_ssizet = fuzz_randomizer_get_int(0, NUM_TARGETS);
      switch (generic_ssizet) {
      case 0:
        buf_clear(bufp);
        break;
      case 1:
        buf2 = clone_buf(bufp);
        free_buf(&buf2);
        break;
      case 2:
        buf_defined(bufp);
        break;
      case 3:
        buf_valid(bufp);
        break;
      case 4:
        buf_bptr(bufp);
        break;
      case 5:
        buf_len(bufp);
        break;
      case 6:
        buf_bend(bufp);
        break;
      case 7:
        buf_blast(bufp);
        break;
      case 8:
        buf_str(bufp);
        break;
      case 9:
        generic_ssizet = fuzz_randomizer_get_int(0, 255);
        buf_rmtail(bufp, (uint8_t)generic_ssizet);
        break;
      case 10:
        buf_chomp(bufp);
        break;
      case 11:
        tmp = get_random_string();
        skip_leading_whitespace(tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 12:
        tmp = get_random_string();
        chomp(tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 13:
        tmp = get_random_string();
        tmp2 = get_random_string();
        rm_trailing_chars(tmp, tmp2);
        free(tmp);
        free(tmp2);
        tmp = NULL;
        tmp2 = NULL;
        break;
      case 14:
        tmp = get_random_string();
        string_clear(tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 15:
        tmp = get_random_string();
        buf_string_match_head_str(bufp, tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 16:
        tmp = get_random_string();
        buf_string_compare_advance(bufp, tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 17:
        generic_ssizet = fuzz_randomizer_get_int(0, 255);

        tmp = get_random_string();
        if (strlen(tmp) > 0) {
          buf_parse(bufp, (int)generic_ssizet, tmp, strlen(tmp));
        }

        free(tmp);
        tmp = NULL;
        break;
      case 18:
        tmp = get_random_string();
        string_mod(tmp, fuzz_randomizer_get_int(0, 12312),
                   fuzz_randomizer_get_int(0, 23141234),
                   (char)fuzz_randomizer_get_int(0, 255));

        free(tmp);
        tmp = NULL;
        break;
      case 19:
        tmp = get_random_string();
        match = (char)fuzz_randomizer_get_int(0, 255);
        if (match != 0) {
          string_replace_leading(tmp, match, (char)fuzz_randomizer_get_int(0, 255));
        }

        free(tmp);
        tmp = NULL;
        break;
      case 20:
        tmp = get_random_string();
        buf_write(bufp, tmp, strlen(tmp));

        free(tmp);
        tmp = NULL;
        break;
      case 21:
        tmp = get_random_string();

        buf_write_prepend(bufp, tmp, strlen(tmp));

        free(tmp);
        tmp = NULL;
        break;
      case 22:
        buf_write_u8(bufp, fuzz_randomizer_get_int(0, 255));
        break;
      case 23:
        buf_write_u16(bufp, fuzz_randomizer_get_int(0, 1024));
        break;
      case 24:
        buf_write_u32(bufp, fuzz_randomizer_get_int(0, 12312));
        break;
      case 25:
        tmp = get_random_string();
        buf_catrunc(bufp, tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 26:
        tmp = get_random_string();
        buf_puts(bufp, tmp);
        free(tmp);
        tmp = NULL;
        break;
      case 27:
        buf_advance(bufp, fuzz_randomizer_get_int(0, 25523));
        break;
      case 28:
        buf_prepend(bufp, fuzz_randomizer_get_int(0, 251235));
        break;
      case 29:
        buf_reverse_capacity(bufp);
        break;
      case 30:
        buf_forward_capacity_total(bufp);
        break;
      case 31:
        buf_forward_capacity(bufp);
        break;
      }
    }

    if (buflistp == NULL) {
      buflistp = buffer_list_new();
    } else {
#define NUM_LIST_TARGETS 6
      generic_ssizet = fuzz_randomizer_get_int(0, NUM_LIST_TARGETS);
      switch (generic_ssizet) {
      case 0:
        buffer_list_free(buflistp);
        buflistp = NULL;
        break;
      case 1:
        buffer_list_defined(buflistp);
        break;
      case 2:
        tmp = get_random_string();
        if (strlen(tmp) < BUF_SIZE_MAX) {
          buffer_list_push(buflistp, tmp);
        }
        free(tmp);
        tmp = NULL;
        break;
      case 3:
        buffer_list_peek(buflistp);
        break;
      case 4:
        buffer_list_pop(buflistp);
        break;
      case 5:
        tmp = get_random_string();
        buffer_list_aggregate_separator(
            buflistp, fuzz_randomizer_get_int(0, 1024), tmp);

        free(tmp);
        tmp = NULL;
        break;
      case 6:
        buffer_list_aggregate(buflistp,
                              fuzz_randomizer_get_int(0, 1024));
        break;
      }
    }
  }

  // Cleanup
  buffer_list_free(buflistp);
  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Coverage Report

Created: 2025-07-23 06:54

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13
14		#include "config.h"
15		#include "syshead.h"
16		#include "misc.h"
17		#include "buffer.h"
18
19		#include "fuzz_randomizer.h"
20
21	2.48k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
22	2.48k	fuzz_random_init(data,size);
23
24	2.48k	struct gc_arena gc;
25	2.48k	struct buffer *bufp;
26	2.48k	struct buffer buf, buf2;
27	2.48k	struct buffer_list *buflistp = NULL;
28	2.48k	ssize_t generic_ssizet, _size;
29	2.48k	char *tmp;
30	2.48k	char *tmp2;
31	2.48k	char match;
32
33	2.48k	gc = gc_new();
34	2.48k	bufp = NULL;
35
36	2.48k	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
37	35.6k	for (int i = 0; i < total_to_fuzz; i++) {
38	33.1k	if (bufp == NULL) {
39	2.48k	generic_ssizet = fuzz_randomizer_get_int(0, 1);
40	2.48k	if (generic_ssizet == 0) {
41	1.34k	_size = fuzz_randomizer_get_int(0, 100);
42	1.34k	buf = alloc_buf_gc(_size, &gc);
43	1.34k	bufp = &buf;
44	1.34k	} else {
45	1.13k	tmp = get_random_string();
46	1.13k	buf = string_alloc_buf(tmp, &gc);
47	1.13k	bufp = &buf;
48	1.13k	free(tmp);
49	1.13k	tmp = NULL;
50	1.13k	}
51	30.6k	} else {
52	30.6k	#define NUM_TARGETS 31
53	30.6k	generic_ssizet = fuzz_randomizer_get_int(0, NUM_TARGETS);
54	30.6k	switch (generic_ssizet) {
55	24.1k	case 0:
56	24.1k	buf_clear(bufp);
57	24.1k	break;
58	252	case 1:
59	252	buf2 = clone_buf(bufp);
60	252	free_buf(&buf2);
61	252	break;
62	110	case 2:
63	110	buf_defined(bufp);
64	110	break;
65	191	case 3:
66	191	buf_valid(bufp);
67	191	break;
68	138	case 4:
69	138	buf_bptr(bufp);
70	138	break;
71	44	case 5:
72	44	buf_len(bufp);
73	44	break;
74	69	case 6:
75	69	buf_bend(bufp);
76	69	break;
77	120	case 7:
78	120	buf_blast(bufp);
79	120	break;
80	102	case 8:
81	102	buf_str(bufp);
82	102	break;
83	203	case 9:
84	203	generic_ssizet = fuzz_randomizer_get_int(0, 255);
85	203	buf_rmtail(bufp, (uint8_t)generic_ssizet);
86	203	break;
87	565	case 10:
88	565	buf_chomp(bufp);
89	565	break;
90	113	case 11:
91	113	tmp = get_random_string();
92	113	skip_leading_whitespace(tmp);
93	113	free(tmp);
94	113	tmp = NULL;
95	113	break;
96	127	case 12:
97	127	tmp = get_random_string();
98	127	chomp(tmp);
99	127	free(tmp);
100	127	tmp = NULL;
101	127	break;
102	269	case 13:
103	269	tmp = get_random_string();
104	269	tmp2 = get_random_string();
105	269	rm_trailing_chars(tmp, tmp2);
106	269	free(tmp);
107	269	free(tmp2);
108	269	tmp = NULL;
109	269	tmp2 = NULL;
110	269	break;
111	42	case 14:
112	42	tmp = get_random_string();
113	42	string_clear(tmp);
114	42	free(tmp);
115	42	tmp = NULL;
116	42	break;
117	327	case 15:
118	327	tmp = get_random_string();
119	327	buf_string_match_head_str(bufp, tmp);
120	327	free(tmp);
121	327	tmp = NULL;
122	327	break;
123	416	case 16:
124	416	tmp = get_random_string();
125	416	buf_string_compare_advance(bufp, tmp);
126	416	free(tmp);
127	416	tmp = NULL;
128	416	break;
129	345	case 17:
130	345	generic_ssizet = fuzz_randomizer_get_int(0, 255);
131
132	345	tmp = get_random_string();
133	345	if (strlen(tmp) > 0) {
134	296	buf_parse(bufp, (int)generic_ssizet, tmp, strlen(tmp));
135	296	}
136
137	345	free(tmp);
138	345	tmp = NULL;
139	345	break;
140	550	case 18:
141	550	tmp = get_random_string();
142	550	string_mod(tmp, fuzz_randomizer_get_int(0, 12312),
143	550	fuzz_randomizer_get_int(0, 23141234),
144	550	(char)fuzz_randomizer_get_int(0, 255));
145
146	550	free(tmp);
147	550	tmp = NULL;
148	550	break;
149	170	case 19:
150	170	tmp = get_random_string();
151	170	match = (char)fuzz_randomizer_get_int(0, 255);
152	170	if (match != 0) {
153	134	string_replace_leading(tmp, match, (char)fuzz_randomizer_get_int(0, 255));
154	134	}
155
156	170	free(tmp);
157	170	tmp = NULL;
158	170	break;
159	224	case 20:
160	224	tmp = get_random_string();
161	224	buf_write(bufp, tmp, strlen(tmp));
162
163	224	free(tmp);
164	224	tmp = NULL;
165	224	break;
166	175	case 21:
167	175	tmp = get_random_string();
168
169	175	buf_write_prepend(bufp, tmp, strlen(tmp));
170
171	175	free(tmp);
172	175	tmp = NULL;
173	175	break;
174	212	case 22:
175	212	buf_write_u8(bufp, fuzz_randomizer_get_int(0, 255));
176	212	break;
177	186	case 23:
178	186	buf_write_u16(bufp, fuzz_randomizer_get_int(0, 1024));
179	186	break;
180	241	case 24:
181	241	buf_write_u32(bufp, fuzz_randomizer_get_int(0, 12312));
182	241	break;
183	281	case 25:
184	281	tmp = get_random_string();
185	281	buf_catrunc(bufp, tmp);
186	281	free(tmp);
187	281	tmp = NULL;
188	281	break;
189	149	case 26:
190	149	tmp = get_random_string();
191	149	buf_puts(bufp, tmp);
192	149	free(tmp);
193	149	tmp = NULL;
194	149	break;
195	196	case 27:
196	196	buf_advance(bufp, fuzz_randomizer_get_int(0, 25523));
197	196	break;
198	280	case 28:
199	280	buf_prepend(bufp, fuzz_randomizer_get_int(0, 251235));
200	280	break;
201	33	case 29:
202	33	buf_reverse_capacity(bufp);
203	33	break;
204	102	case 30:
205	102	buf_forward_capacity_total(bufp);
206	102	break;
207	361	case 31:
208	361	buf_forward_capacity(bufp);
209	361	break;
210	30.6k	}
211	30.6k	}
212
213	33.1k	if (buflistp == NULL) {
214	15.6k	buflistp = buffer_list_new();
215	17.4k	} else {
216	17.4k	#define NUM_LIST_TARGETS 6
217	17.4k	generic_ssizet = fuzz_randomizer_get_int(0, NUM_LIST_TARGETS);
218	17.4k	switch (generic_ssizet) {
219	14.4k	case 0:
220	14.4k	buffer_list_free(buflistp);
221	14.4k	buflistp = NULL;
222	14.4k	break;
223	415	case 1:
224	415	buffer_list_defined(buflistp);
225	415	break;
226	851	case 2:
227	851	tmp = get_random_string();
228	851	if (strlen(tmp) < BUF_SIZE_MAX) {
229	846	buffer_list_push(buflistp, tmp);
230	846	}
231	851	free(tmp);
232	851	tmp = NULL;
233	851	break;
234	691	case 3:
235	691	buffer_list_peek(buflistp);
236	691	break;
237	255	case 4:
238	255	buffer_list_pop(buflistp);
239	255	break;
240	284	case 5:
241	284	tmp = get_random_string();
242	284	buffer_list_aggregate_separator(
243	284	buflistp, fuzz_randomizer_get_int(0, 1024), tmp);
244
245	284	free(tmp);
246	284	tmp = NULL;
247	284	break;
248	549	case 6:
249	549	buffer_list_aggregate(buflistp,
250	549	fuzz_randomizer_get_int(0, 1024));
251	549	break;
252	17.4k	}
253	17.4k	}
254	33.1k	}
255
256		// Cleanup
257	2.48k	buffer_list_free(buflistp);
258	2.48k	gc_free(&gc);
259
260	2.48k	fuzz_random_destroy();
261
262	2.48k	return 0;
263	2.48k	}