/src/fuzz_list.c

Source (jump to first uncovered line)
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include "syshead.h"
#include "list.h"

#include "fuzz_randomizer.h"

#define KEY_SIZE 23

/* Required for hash_init() */
static uint32_t word_hash_function(const void *key, uint32_t iv) {
  return hash_func(key, KEY_SIZE, iv);
}

/* Required for hash_init() */
static bool word_compare_function(const void *key1, const void *key2) {
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct gc_arena gc;
  struct hash *hash = NULL;
  ssize_t generic_ssizet, generic_ssizet2, num_loops;

  fuzz_random_init(data, size);

  gc = gc_new();

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    generic_ssizet = fuzz_randomizer_get_int(0, 8);

    switch (generic_ssizet) {
    case 0:
      if (hash == NULL) {
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
        uint32_t iv;

        hash =
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
      }
      break;
    case 1:
      if (hash) {
        hash_free(hash);
        hash = NULL;
      }
      break;
    case 2:
      if (hash) {
        struct hash_iterator hi;
        struct hash_element *he;
        hash_iterator_init(hash, &hi);
        while ((he = hash_iterator_next(&hi))) {
          void *w = he->value;
        }
        hash_iterator_free(&hi);
      }
      break;
    case 3:
      if (hash) {
        void *key;
        void *value;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        if (!hash_lookup(hash, key)) {
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
          value = (void *)generic_ssizet;
          hash_add(hash, key, value, false);
        }
      }
      break;
    case 4:
      if (hash) {
        hash_n_elements(hash);
      }
      break;
    case 5:
      if (hash) {
        hash_n_buckets(hash);
      }
      break;
    case 6:
      if (hash) {
        uint32_t hv;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        hv = generic_ssizet;
        hash_bucket(hash, hv);
      }
      break;
    case 7:
      if (hash) {
        void *key;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        hash_remove(hash, key);
      }
      break;
    case 8:
      if (hash) {
        void *value;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        value = (void *)generic_ssizet;
        hash_remove_by_value(hash, value);
      }
    default:
      break;
    }
  }

  if (hash) {
    hash_free(hash);
  }

  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include "syshead.h"
15		#include "list.h"
16
17		#include "fuzz_randomizer.h"
18
19	6.84k	#define KEY_SIZE 23
20
21		/* Required for hash_init() */
22	3.13k	static uint32_t word_hash_function(const void *key, uint32_t iv) {
23	3.13k	return hash_func(key, KEY_SIZE, iv);
24	3.13k	}
25
26		/* Required for hash_init() */
27	311	static bool word_compare_function(const void key1, const void key2) {
28	311	return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29	311	}
30
31	507	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	507	struct gc_arena gc;
33	507	struct hash *hash = NULL;
34	507	ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36	507	fuzz_random_init(data, size);
37
38	507	gc = gc_new();
39
40	507	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41	8.80k	for (int i = 0; i < total_to_fuzz; i++) {
42	8.29k	generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44	8.29k	switch (generic_ssizet) {
45	4.96k	case 0:
46	4.96k	if (hash == NULL) {
47	552	int n_buckets = fuzz_randomizer_get_int(1, 1000);
48	552	uint32_t iv;
49
50	552	hash =
51	552	hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52	552	}
53	4.96k	break;
54	119	case 1:
55	119	if (hash) {
56	65	hash_free(hash);
57	65	hash = NULL;
58	65	}
59	119	break;
60	347	case 2:
61	347	if (hash) {
62	298	struct hash_iterator hi;
63	298	struct hash_element *he;
64	298	hash_iterator_init(hash, &hi);
65	1.35k	while ((he = hash_iterator_next(&hi))) {
66	1.05k	void *w = he->value;
67	1.05k	}
68	298	hash_iterator_free(&hi);
69	298	}
70	347	break;
71	1.49k	case 3:
72	1.49k	if (hash) {
73	1.40k	void *key;
74	1.40k	void *value;
75	1.40k	char arr[KEY_SIZE];
76	1.40k	memset(arr, 0, KEY_SIZE);
77	1.40k	fuzz_get_random_data(arr, KEY_SIZE);
78	1.40k	key = (void *)arr;
79	1.40k	if (!hash_lookup(hash, key)) {
80	1.28k	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81	1.28k	value = (void *)generic_ssizet;
82	1.28k	hash_add(hash, key, value, false);
83	1.28k	}
84	1.40k	}
85	1.49k	break;
86	84	case 4:
87	84	if (hash) {
88	46	hash_n_elements(hash);
89	46	}
90	84	break;
91	91	case 5:
92	91	if (hash) {
93	56	hash_n_buckets(hash);
94	56	}
95	91	break;
96	99	case 6:
97	99	if (hash) {
98	50	uint32_t hv;
99	50	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100	50	hv = generic_ssizet;
101	50	hash_bucket(hash, hv);
102	50	}
103	99	break;
104	546	case 7:
105	546	if (hash) {
106	452	void *key;
107	452	char arr[KEY_SIZE];
108	452	memset(arr, 0, KEY_SIZE);
109	452	fuzz_get_random_data(arr, KEY_SIZE);
110	452	key = (void *)arr;
111	452	hash_remove(hash, key);
112	452	}
113	546	break;
114	549	case 8:
115	549	if (hash) {
116	494	void *value;
117	494	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118	494	value = (void *)generic_ssizet;
119	494	hash_remove_by_value(hash, value);
120	494	}
121	549	default:
122	549	break;
123	8.29k	}
124	8.29k	}
125
126	507	if (hash) {
127	487	hash_free(hash);
128	487	}
129
130	507	gc_free(&gc);
131
132	507	fuzz_random_destroy();
133
134	507	return 0;
135	507	}

Coverage Report

Created: 2025-08-31 07:02