/src/fuzz_list.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include "syshead.h"
#include "list.h"

#include "fuzz_randomizer.h"

#define KEY_SIZE 23

/* Required for hash_init() */
static uint32_t word_hash_function(const void *key, uint32_t iv) {
  return hash_func(key, KEY_SIZE, iv);
}

/* Required for hash_init() */
static bool word_compare_function(const void *key1, const void *key2) {
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct gc_arena gc;
  struct hash *hash = NULL;
  ssize_t generic_ssizet, generic_ssizet2, num_loops;

  fuzz_random_init(data, size);

  gc = gc_new();

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    generic_ssizet = fuzz_randomizer_get_int(0, 8);

    switch (generic_ssizet) {
    case 0:
      if (hash == NULL) {
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
        uint32_t iv;

        hash =
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
      }
      break;
    case 1:
      if (hash) {
        hash_free(hash);
        hash = NULL;
      }
      break;
    case 2:
      if (hash) {
        struct hash_iterator hi;
        struct hash_element *he;
        hash_iterator_init(hash, &hi);
        while ((he = hash_iterator_next(&hi))) {
          void *w = he->value;
        }
        hash_iterator_free(&hi);
      }
      break;
    case 3:
      if (hash) {
        void *key;
        void *value;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        if (!hash_lookup(hash, key)) {
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
          value = (void *)generic_ssizet;
          hash_add(hash, key, value, false);
        }
      }
      break;
    case 4:
      if (hash) {
        hash_n_elements(hash);
      }
      break;
    case 5:
      if (hash) {
        hash_n_buckets(hash);
      }
      break;
    case 6:
      if (hash) {
        uint32_t hv;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        hv = generic_ssizet;
        hash_bucket(hash, hv);
      }
      break;
    case 7:
      if (hash) {
        void *key;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        hash_remove(hash, key);
      }
      break;
    case 8:
      if (hash) {
        void *value;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        value = (void *)generic_ssizet;
        hash_remove_by_value(hash, value);
      }
    default:
      break;
    }
  }

  if (hash) {
    hash_free(hash);
  }

  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include "syshead.h"
15		#include "list.h"
16
17		#include "fuzz_randomizer.h"
18
19	6.88k	#define KEY_SIZE 23
20
21		/* Required for hash_init() */
22	3.18k	static uint32_t word_hash_function(const void *key, uint32_t iv) {
23	3.18k	return hash_func(key, KEY_SIZE, iv);
24	3.18k	}
25
26		/* Required for hash_init() */
27	260	static bool word_compare_function(const void key1, const void key2) {
28	260	return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29	260	}
30
31	515	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	515	struct gc_arena gc;
33	515	struct hash *hash = NULL;
34	515	ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36	515	fuzz_random_init(data, size);
37
38	515	gc = gc_new();
39
40	515	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41	9.19k	for (int i = 0; i < total_to_fuzz; i++) {
42	8.68k	generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44	8.68k	switch (generic_ssizet) {
45	5.32k	case 0:
46	5.32k	if (hash == NULL) {
47	568	int n_buckets = fuzz_randomizer_get_int(1, 1000);
48	568	uint32_t iv;
49
50	568	hash =
51	568	hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52	568	}
53	5.32k	break;
54	124	case 1:
55	124	if (hash) {
56	73	hash_free(hash);
57	73	hash = NULL;
58	73	}
59	124	break;
60	349	case 2:
61	349	if (hash) {
62	291	struct hash_iterator hi;
63	291	struct hash_element *he;
64	291	hash_iterator_init(hash, &hi);
65	1.28k	while ((he = hash_iterator_next(&hi))) {
66	990	void *w = he->value;
67	990	}
68	291	hash_iterator_free(&hi);
69	291	}
70	349	break;
71	1.55k	case 3:
72	1.55k	if (hash) {
73	1.44k	void *key;
74	1.44k	void *value;
75	1.44k	char arr[KEY_SIZE];
76	1.44k	memset(arr, 0, KEY_SIZE);
77	1.44k	fuzz_get_random_data(arr, KEY_SIZE);
78	1.44k	key = (void *)arr;
79	1.44k	if (!hash_lookup(hash, key)) {
80	1.33k	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81	1.33k	value = (void *)generic_ssizet;
82	1.33k	hash_add(hash, key, value, false);
83	1.33k	}
84	1.44k	}
85	1.55k	break;
86	99	case 4:
87	99	if (hash) {
88	59	hash_n_elements(hash);
89	59	}
90	99	break;
91	86	case 5:
92	86	if (hash) {
93	42	hash_n_buckets(hash);
94	42	}
95	86	break;
96	126	case 6:
97	126	if (hash) {
98	83	uint32_t hv;
99	83	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100	83	hv = generic_ssizet;
101	83	hash_bucket(hash, hv);
102	83	}
103	126	break;
104	484	case 7:
105	484	if (hash) {
106	403	void *key;
107	403	char arr[KEY_SIZE];
108	403	memset(arr, 0, KEY_SIZE);
109	403	fuzz_get_random_data(arr, KEY_SIZE);
110	403	key = (void *)arr;
111	403	hash_remove(hash, key);
112	403	}
113	484	break;
114	536	case 8:
115	536	if (hash) {
116	486	void *value;
117	486	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118	486	value = (void *)generic_ssizet;
119	486	hash_remove_by_value(hash, value);
120	486	}
121	536	default:
122	536	break;
123	8.68k	}
124	8.68k	}
125
126	515	if (hash) {
127	495	hash_free(hash);
128	495	}
129
130	515	gc_free(&gc);
131
132	515	fuzz_random_destroy();
133
134	515	return 0;
135	515	}

Coverage Report

Created: 2026-01-16 06:59