/src/fuzz_list.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include "syshead.h"
#include "list.h"

#include "fuzz_randomizer.h"

#define KEY_SIZE 23

/* Required for hash_init() */
static uint32_t word_hash_function(const void *key, uint32_t iv) {
  return hash_func(key, KEY_SIZE, iv);
}

/* Required for hash_init() */
static bool word_compare_function(const void *key1, const void *key2) {
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct gc_arena gc;
  struct hash *hash = NULL;
  ssize_t generic_ssizet, generic_ssizet2, num_loops;

  fuzz_random_init(data, size);

  gc = gc_new();

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    generic_ssizet = fuzz_randomizer_get_int(0, 8);

    switch (generic_ssizet) {
    case 0:
      if (hash == NULL) {
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
        uint32_t iv;

        hash =
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
      }
      break;
    case 1:
      if (hash) {
        hash_free(hash);
        hash = NULL;
      }
      break;
    case 2:
      if (hash) {
        struct hash_iterator hi;
        struct hash_element *he;
        hash_iterator_init(hash, &hi);
        while ((he = hash_iterator_next(&hi))) {
          void *w = he->value;
        }
        hash_iterator_free(&hi);
      }
      break;
    case 3:
      if (hash) {
        void *key;
        void *value;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        if (!hash_lookup(hash, key)) {
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
          value = (void *)generic_ssizet;
          hash_add(hash, key, value, false);
        }
      }
      break;
    case 4:
      if (hash) {
        hash_n_elements(hash);
      }
      break;
    case 5:
      if (hash) {
        hash_n_buckets(hash);
      }
      break;
    case 6:
      if (hash) {
        uint32_t hv;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        hv = generic_ssizet;
        hash_bucket(hash, hv);
      }
      break;
    case 7:
      if (hash) {
        void *key;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        hash_remove(hash, key);
      }
      break;
    case 8:
      if (hash) {
        void *value;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        value = (void *)generic_ssizet;
        hash_remove_by_value(hash, value);
      }
    default:
      break;
    }
  }

  if (hash) {
    hash_free(hash);
  }

  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include "syshead.h"
15		#include "list.h"
16
17		#include "fuzz_randomizer.h"
18
19	6.66k	#define KEY_SIZE 23
20
21		/* Required for hash_init() */
22	3.03k	static uint32_t word_hash_function(const void *key, uint32_t iv) {
23	3.03k	return hash_func(key, KEY_SIZE, iv);
24	3.03k	}
25
26		/* Required for hash_init() */
27	293	static bool word_compare_function(const void key1, const void key2) {
28	293	return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29	293	}
30
31	514	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	514	struct gc_arena gc;
33	514	struct hash *hash = NULL;
34	514	ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36	514	fuzz_random_init(data, size);
37
38	514	gc = gc_new();
39
40	514	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41	9.10k	for (int i = 0; i < total_to_fuzz; i++) {
42	8.59k	generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44	8.59k	switch (generic_ssizet) {
45	5.30k	case 0:
46	5.30k	if (hash == NULL) {
47	564	int n_buckets = fuzz_randomizer_get_int(1, 1000);
48	564	uint32_t iv;
49
50	564	hash =
51	564	hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52	564	}
53	5.30k	break;
54	128	case 1:
55	128	if (hash) {
56	75	hash_free(hash);
57	75	hash = NULL;
58	75	}
59	128	break;
60	320	case 2:
61	320	if (hash) {
62	272	struct hash_iterator hi;
63	272	struct hash_element *he;
64	272	hash_iterator_init(hash, &hi);
65	1.07k	while ((he = hash_iterator_next(&hi))) {
66	805	void *w = he->value;
67	805	}
68	272	hash_iterator_free(&hi);
69	272	}
70	320	break;
71	1.47k	case 3:
72	1.47k	if (hash) {
73	1.35k	void *key;
74	1.35k	void *value;
75	1.35k	char arr[KEY_SIZE];
76	1.35k	memset(arr, 0, KEY_SIZE);
77	1.35k	fuzz_get_random_data(arr, KEY_SIZE);
78	1.35k	key = (void *)arr;
79	1.35k	if (!hash_lookup(hash, key)) {
80	1.21k	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81	1.21k	value = (void *)generic_ssizet;
82	1.21k	hash_add(hash, key, value, false);
83	1.21k	}
84	1.35k	}
85	1.47k	break;
86	105	case 4:
87	105	if (hash) {
88	43	hash_n_elements(hash);
89	43	}
90	105	break;
91	92	case 5:
92	92	if (hash) {
93	51	hash_n_buckets(hash);
94	51	}
95	92	break;
96	113	case 6:
97	113	if (hash) {
98	59	uint32_t hv;
99	59	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100	59	hv = generic_ssizet;
101	59	hash_bucket(hash, hv);
102	59	}
103	113	break;
104	539	case 7:
105	539	if (hash) {
106	463	void *key;
107	463	char arr[KEY_SIZE];
108	463	memset(arr, 0, KEY_SIZE);
109	463	fuzz_get_random_data(arr, KEY_SIZE);
110	463	key = (void *)arr;
111	463	hash_remove(hash, key);
112	463	}
113	539	break;
114	516	case 8:
115	516	if (hash) {
116	467	void *value;
117	467	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118	467	value = (void *)generic_ssizet;
119	467	hash_remove_by_value(hash, value);
120	467	}
121	516	default:
122	516	break;
123	8.59k	}
124	8.59k	}
125
126	514	if (hash) {
127	489	hash_free(hash);
128	489	}
129
130	514	gc_free(&gc);
131
132	514	fuzz_random_destroy();
133
134	514	return 0;
135	514	}

Coverage Report

Created: 2025-07-23 06:54