/src/fuzz_list.c

Source
/* Copyright 2021 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

#include "config.h"
#include "syshead.h"
#include "list.h"

#include "fuzz_randomizer.h"

#define KEY_SIZE 23

/* Required for hash_init() */
static uint32_t word_hash_function(const void *key, uint32_t iv) {
  return hash_func(key, KEY_SIZE, iv);
}

/* Required for hash_init() */
static bool word_compare_function(const void *key1, const void *key2) {
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  struct gc_arena gc;
  struct hash *hash = NULL;
  ssize_t generic_ssizet, generic_ssizet2, num_loops;

  fuzz_random_init(data, size);

  gc = gc_new();

  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
  for (int i = 0; i < total_to_fuzz; i++) {
    generic_ssizet = fuzz_randomizer_get_int(0, 8);

    switch (generic_ssizet) {
    case 0:
      if (hash == NULL) {
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
        uint32_t iv;

        hash =
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
      }
      break;
    case 1:
      if (hash) {
        hash_free(hash);
        hash = NULL;
      }
      break;
    case 2:
      if (hash) {
        struct hash_iterator hi;
        struct hash_element *he;
        hash_iterator_init(hash, &hi);
        while ((he = hash_iterator_next(&hi))) {
          void *w = he->value;
        }
        hash_iterator_free(&hi);
      }
      break;
    case 3:
      if (hash) {
        void *key;
        void *value;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        if (!hash_lookup(hash, key)) {
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
          value = (void *)generic_ssizet;
          hash_add(hash, key, value, false);
        }
      }
      break;
    case 4:
      if (hash) {
        hash_n_elements(hash);
      }
      break;
    case 5:
      if (hash) {
        hash_n_buckets(hash);
      }
      break;
    case 6:
      if (hash) {
        uint32_t hv;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        hv = generic_ssizet;
        hash_bucket(hash, hv);
      }
      break;
    case 7:
      if (hash) {
        void *key;
        char arr[KEY_SIZE];
        memset(arr, 0, KEY_SIZE);
        fuzz_get_random_data(arr, KEY_SIZE);
        key = (void *)arr;
        hash_remove(hash, key);
      }
      break;
    case 8:
      if (hash) {
        void *value;
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
        value = (void *)generic_ssizet;
        hash_remove_by_value(hash, value);
      }
    default:
      break;
    }
  }

  if (hash) {
    hash_free(hash);
  }

  gc_free(&gc);

  fuzz_random_destroy();

  return 0;
}

Line	Count	Source
1		/* Copyright 2021 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		#include "config.h"
14		#include "syshead.h"
15		#include "list.h"
16
17		#include "fuzz_randomizer.h"
18
19	6.84k	#define KEY_SIZE 23
20
21		/* Required for hash_init() */
22	3.15k	static uint32_t word_hash_function(const void *key, uint32_t iv) {
23	3.15k	return hash_func(key, KEY_SIZE, iv);
24	3.15k	}
25
26		/* Required for hash_init() */
27	260	static bool word_compare_function(const void key1, const void key2) {
28	260	return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29	260	}
30
31	522	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	522	struct gc_arena gc;
33	522	struct hash *hash = NULL;
34	522	ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36	522	fuzz_random_init(data, size);
37
38	522	gc = gc_new();
39
40	522	int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41	8.98k	for (int i = 0; i < total_to_fuzz; i++) {
42	8.46k	generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44	8.46k	switch (generic_ssizet) {
45	5.09k	case 0:
46	5.09k	if (hash == NULL) {
47	571	int n_buckets = fuzz_randomizer_get_int(1, 1000);
48	571	uint32_t iv;
49
50	571	hash =
51	571	hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52	571	}
53	5.09k	break;
54	123	case 1:
55	123	if (hash) {
56	73	hash_free(hash);
57	73	hash = NULL;
58	73	}
59	123	break;
60	362	case 2:
61	362	if (hash) {
62	316	struct hash_iterator hi;
63	316	struct hash_element *he;
64	316	hash_iterator_init(hash, &hi);
65	1.33k	while ((he = hash_iterator_next(&hi))) {
66	1.02k	void *w = he->value;
67	1.02k	}
68	316	hash_iterator_free(&hi);
69	316	}
70	362	break;
71	1.51k	case 3:
72	1.51k	if (hash) {
73	1.41k	void *key;
74	1.41k	void *value;
75	1.41k	char arr[KEY_SIZE];
76	1.41k	memset(arr, 0, KEY_SIZE);
77	1.41k	fuzz_get_random_data(arr, KEY_SIZE);
78	1.41k	key = (void *)arr;
79	1.41k	if (!hash_lookup(hash, key)) {
80	1.30k	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81	1.30k	value = (void *)generic_ssizet;
82	1.30k	hash_add(hash, key, value, false);
83	1.30k	}
84	1.41k	}
85	1.51k	break;
86	105	case 4:
87	105	if (hash) {
88	63	hash_n_elements(hash);
89	63	}
90	105	break;
91	88	case 5:
92	88	if (hash) {
93	48	hash_n_buckets(hash);
94	48	}
95	88	break;
96	100	case 6:
97	100	if (hash) {
98	62	uint32_t hv;
99	62	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100	62	hv = generic_ssizet;
101	62	hash_bucket(hash, hv);
102	62	}
103	100	break;
104	508	case 7:
105	508	if (hash) {
106	435	void *key;
107	435	char arr[KEY_SIZE];
108	435	memset(arr, 0, KEY_SIZE);
109	435	fuzz_get_random_data(arr, KEY_SIZE);
110	435	key = (void *)arr;
111	435	hash_remove(hash, key);
112	435	}
113	508	break;
114	570	case 8:
115	570	if (hash) {
116	511	void *value;
117	511	generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118	511	value = (void *)generic_ssizet;
119	511	hash_remove_by_value(hash, value);
120	511	}
121	570	default:
122	570	break;
123	8.46k	}
124	8.46k	}
125
126	522	if (hash) {
127	498	hash_free(hash);
128	498	}
129
130	522	gc_free(&gc);
131
132	522	fuzz_random_destroy();
133
134	522	return 0;
135	522	}

Coverage Report

Created: 2026-02-14 06:40