Line | Count | Source |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | |
13 | | #include <fuzzer/FuzzedDataProvider.h> |
14 | | #include <assert.h> |
15 | | |
16 | | FuzzedDataProvider *prov = NULL; |
17 | | |
18 | 8.15k | extern "C" void fuzz_random_init(const uint8_t *data, size_t size) { |
19 | 8.15k | assert(prov == NULL); |
20 | 8.15k | prov = new FuzzedDataProvider(data, size); |
21 | 8.15k | } |
22 | | |
23 | 8.15k | extern "C" void fuzz_random_destroy() { |
24 | 8.15k | assert(prov != NULL); |
25 | 8.15k | delete prov; |
26 | 8.15k | prov = NULL; |
27 | 8.15k | } |
28 | | |
29 | 33.4k | extern "C" char *get_random_string() { |
30 | 33.4k | assert(prov != NULL); |
31 | | |
32 | 33.4k | std::string s1 = prov->ConsumeRandomLengthString(); |
33 | 33.4k | char *tmp = (char *)malloc(s1.size() + 1); |
34 | 33.4k | memcpy(tmp, s1.c_str(), s1.size()); |
35 | 33.4k | tmp[s1.size()] = '\0'; |
36 | 33.4k | return tmp; |
37 | 33.4k | } |
38 | | |
39 | 129k | extern "C" int fuzz_randomizer_get_int(int min, int max) { |
40 | 129k | assert(prov != NULL); |
41 | 129k | return prov->ConsumeIntegralInRange<int>(min, max); |
42 | 129k | } |
43 | | |
44 | 868 | extern "C" char *fuzz_random_get_string_max_length(int max_len) { |
45 | 868 | assert(prov != NULL); |
46 | | |
47 | 868 | std::string s1 = prov->ConsumeBytesAsString( |
48 | 868 | prov->ConsumeIntegralInRange<uint32_t>(1, max_len)); |
49 | 868 | char *tmp123 = (char*)malloc(s1.size()+1); |
50 | 868 | memcpy(tmp123, s1.c_str(), s1.size()); |
51 | 868 | tmp123[s1.size()] = '\0'; |
52 | | |
53 | 868 | return tmp123; |
54 | 868 | } |
55 | | |
56 | 3.50k | extern "C" size_t fuzz_get_random_data(void *buf, size_t len) { |
57 | 3.50k | assert(prov != NULL); |
58 | 3.50k | size_t ret_val; |
59 | 3.50k | char *cbuf = (char*)buf; |
60 | | |
61 | 3.50k | if (prov->remaining_bytes() == 0) { |
62 | 684 | return -1; |
63 | 684 | } |
64 | | |
65 | 2.82k | double prob = prov->ConsumeProbability<double>(); |
66 | 2.82k | if (prob < 0.05) { |
67 | 1.53k | return 0; |
68 | 1.53k | } |
69 | | |
70 | | //if (len == 1) { |
71 | | // ret_val = prov->ConsumeData(buf, 1); |
72 | | // return ret_val; |
73 | | //} |
74 | 1.28k | ret_val = prov->ConsumeData(buf, len); |
75 | 1.28k | return ret_val; |
76 | 2.82k | } |
77 | | |
78 | | |
79 | | // Simple garbage collector |
80 | 510k | #define GB_SIZE 100 |
81 | | void *pointer_arr[GB_SIZE]; |
82 | | static int pointer_idx = 0; |
83 | | |
84 | | // If the garbage collector is used then this must be called as first thing |
85 | | // during a fuzz run. |
86 | 2.52k | extern "C" void gb_init() { |
87 | 2.52k | pointer_idx = 0; |
88 | | |
89 | 255k | for (int i = 0; i < GB_SIZE; i++) { |
90 | 252k | pointer_arr[i] = NULL; |
91 | 252k | } |
92 | 2.52k | } |
93 | | |
94 | 2.52k | extern "C" void gb_cleanup() { |
95 | 255k | for(int i = 0; i < GB_SIZE; i++) { |
96 | 252k | if (pointer_arr[i] != NULL) { |
97 | 16.4k | free(pointer_arr[i]); |
98 | 16.4k | } |
99 | 252k | } |
100 | 2.52k | } |
101 | | |
102 | 16.4k | extern "C" char *gb_get_random_string() { |
103 | 16.4k | char *tmp = get_random_string(); |
104 | 16.4k | pointer_arr[pointer_idx++] = (void*)tmp; |
105 | 16.4k | return tmp; |
106 | 16.4k | } |
107 | | |