Coverage Report

Created: 2026-06-30 07:04

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/fuzz_list.c
Line
Count
Source
1
/* Copyright 2021 Google LLC
2
Licensed under the Apache License, Version 2.0 (the "License");
3
you may not use this file except in compliance with the License.
4
You may obtain a copy of the License at
5
      http://www.apache.org/licenses/LICENSE-2.0
6
Unless required by applicable law or agreed to in writing, software
7
distributed under the License is distributed on an "AS IS" BASIS,
8
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9
See the License for the specific language governing permissions and
10
limitations under the License.
11
*/
12
13
#include "config.h"
14
#include "syshead.h"
15
#include "list.h"
16
17
#include "fuzz_randomizer.h"
18
19
6.79k
#define KEY_SIZE 23
20
21
/* Required for hash_init() */
22
3.11k
static uint32_t word_hash_function(const void *key, uint32_t iv) {
23
3.11k
  return hash_func(key, KEY_SIZE, iv);
24
3.11k
}
25
26
/* Required for hash_init() */
27
272
static bool word_compare_function(const void *key1, const void *key2) {
28
272
  return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF);
29
272
}
30
31
519
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32
519
  struct gc_arena gc;
33
519
  struct hash *hash = NULL;
34
519
  ssize_t generic_ssizet, generic_ssizet2, num_loops;
35
36
519
  fuzz_random_init(data, size);
37
38
519
  gc = gc_new();
39
40
519
  int total_to_fuzz = fuzz_randomizer_get_int(1, 20);
41
9.05k
  for (int i = 0; i < total_to_fuzz; i++) {
42
8.54k
    generic_ssizet = fuzz_randomizer_get_int(0, 8);
43
44
8.54k
    switch (generic_ssizet) {
45
5.22k
    case 0:
46
5.22k
      if (hash == NULL) {
47
577
        int n_buckets = fuzz_randomizer_get_int(1, 1000);
48
577
        uint32_t iv;
49
50
577
        hash =
51
577
            hash_init(n_buckets, iv, word_hash_function, word_compare_function);
52
577
      }
53
5.22k
      break;
54
133
    case 1:
55
133
      if (hash) {
56
77
        hash_free(hash);
57
77
        hash = NULL;
58
77
      }
59
133
      break;
60
292
    case 2:
61
292
      if (hash) {
62
245
        struct hash_iterator hi;
63
245
        struct hash_element *he;
64
245
        hash_iterator_init(hash, &hi);
65
917
        while ((he = hash_iterator_next(&hi))) {
66
672
          void *w = he->value;
67
672
        }
68
245
        hash_iterator_free(&hi);
69
245
      }
70
292
      break;
71
1.46k
    case 3:
72
1.46k
      if (hash) {
73
1.38k
        void *key;
74
1.38k
        void *value;
75
1.38k
        char arr[KEY_SIZE];
76
1.38k
        memset(arr, 0, KEY_SIZE);
77
1.38k
        fuzz_get_random_data(arr, KEY_SIZE);
78
1.38k
        key = (void *)arr;
79
1.38k
        if (!hash_lookup(hash, key)) {
80
1.27k
          generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
81
1.27k
          value = (void *)generic_ssizet;
82
1.27k
          hash_add(hash, key, value, false);
83
1.27k
        }
84
1.38k
      }
85
1.46k
      break;
86
92
    case 4:
87
92
      if (hash) {
88
49
        hash_n_elements(hash);
89
49
      }
90
92
      break;
91
98
    case 5:
92
98
      if (hash) {
93
53
        hash_n_buckets(hash);
94
53
      }
95
98
      break;
96
121
    case 6:
97
121
      if (hash) {
98
77
        uint32_t hv;
99
77
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
100
77
        hv = generic_ssizet;
101
77
        hash_bucket(hash, hv);
102
77
      }
103
121
      break;
104
540
    case 7:
105
540
      if (hash) {
106
460
        void *key;
107
460
        char arr[KEY_SIZE];
108
460
        memset(arr, 0, KEY_SIZE);
109
460
        fuzz_get_random_data(arr, KEY_SIZE);
110
460
        key = (void *)arr;
111
460
        hash_remove(hash, key);
112
460
      }
113
540
      break;
114
567
    case 8:
115
567
      if (hash) {
116
516
        void *value;
117
516
        generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff);
118
516
        value = (void *)generic_ssizet;
119
516
        hash_remove_by_value(hash, value);
120
516
      }
121
567
    default:
122
567
      break;
123
8.54k
    }
124
8.54k
  }
125
126
519
  if (hash) {
127
500
    hash_free(hash);
128
500
  }
129
130
519
  gc_free(&gc);
131
132
519
  fuzz_random_destroy();
133
134
519
  return 0;
135
519
}