Line | Count | Source |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | | #include "syshead.h" |
15 | | #include "list.h" |
16 | | |
17 | | #include "fuzz_randomizer.h" |
18 | | |
19 | 6.79k | #define KEY_SIZE 23 |
20 | | |
21 | | /* Required for hash_init() */ |
22 | 3.11k | static uint32_t word_hash_function(const void *key, uint32_t iv) { |
23 | 3.11k | return hash_func(key, KEY_SIZE, iv); |
24 | 3.11k | } |
25 | | |
26 | | /* Required for hash_init() */ |
27 | 272 | static bool word_compare_function(const void *key1, const void *key2) { |
28 | 272 | return ((size_t)key1 & 0xFFF) == ((size_t)key1 & 0xFFF); |
29 | 272 | } |
30 | | |
31 | 519 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
32 | 519 | struct gc_arena gc; |
33 | 519 | struct hash *hash = NULL; |
34 | 519 | ssize_t generic_ssizet, generic_ssizet2, num_loops; |
35 | | |
36 | 519 | fuzz_random_init(data, size); |
37 | | |
38 | 519 | gc = gc_new(); |
39 | | |
40 | 519 | int total_to_fuzz = fuzz_randomizer_get_int(1, 20); |
41 | 9.05k | for (int i = 0; i < total_to_fuzz; i++) { |
42 | 8.54k | generic_ssizet = fuzz_randomizer_get_int(0, 8); |
43 | | |
44 | 8.54k | switch (generic_ssizet) { |
45 | 5.22k | case 0: |
46 | 5.22k | if (hash == NULL) { |
47 | 577 | int n_buckets = fuzz_randomizer_get_int(1, 1000); |
48 | 577 | uint32_t iv; |
49 | | |
50 | 577 | hash = |
51 | 577 | hash_init(n_buckets, iv, word_hash_function, word_compare_function); |
52 | 577 | } |
53 | 5.22k | break; |
54 | 133 | case 1: |
55 | 133 | if (hash) { |
56 | 77 | hash_free(hash); |
57 | 77 | hash = NULL; |
58 | 77 | } |
59 | 133 | break; |
60 | 292 | case 2: |
61 | 292 | if (hash) { |
62 | 245 | struct hash_iterator hi; |
63 | 245 | struct hash_element *he; |
64 | 245 | hash_iterator_init(hash, &hi); |
65 | 917 | while ((he = hash_iterator_next(&hi))) { |
66 | 672 | void *w = he->value; |
67 | 672 | } |
68 | 245 | hash_iterator_free(&hi); |
69 | 245 | } |
70 | 292 | break; |
71 | 1.46k | case 3: |
72 | 1.46k | if (hash) { |
73 | 1.38k | void *key; |
74 | 1.38k | void *value; |
75 | 1.38k | char arr[KEY_SIZE]; |
76 | 1.38k | memset(arr, 0, KEY_SIZE); |
77 | 1.38k | fuzz_get_random_data(arr, KEY_SIZE); |
78 | 1.38k | key = (void *)arr; |
79 | 1.38k | if (!hash_lookup(hash, key)) { |
80 | 1.27k | generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); |
81 | 1.27k | value = (void *)generic_ssizet; |
82 | 1.27k | hash_add(hash, key, value, false); |
83 | 1.27k | } |
84 | 1.38k | } |
85 | 1.46k | break; |
86 | 92 | case 4: |
87 | 92 | if (hash) { |
88 | 49 | hash_n_elements(hash); |
89 | 49 | } |
90 | 92 | break; |
91 | 98 | case 5: |
92 | 98 | if (hash) { |
93 | 53 | hash_n_buckets(hash); |
94 | 53 | } |
95 | 98 | break; |
96 | 121 | case 6: |
97 | 121 | if (hash) { |
98 | 77 | uint32_t hv; |
99 | 77 | generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); |
100 | 77 | hv = generic_ssizet; |
101 | 77 | hash_bucket(hash, hv); |
102 | 77 | } |
103 | 121 | break; |
104 | 540 | case 7: |
105 | 540 | if (hash) { |
106 | 460 | void *key; |
107 | 460 | char arr[KEY_SIZE]; |
108 | 460 | memset(arr, 0, KEY_SIZE); |
109 | 460 | fuzz_get_random_data(arr, KEY_SIZE); |
110 | 460 | key = (void *)arr; |
111 | 460 | hash_remove(hash, key); |
112 | 460 | } |
113 | 540 | break; |
114 | 567 | case 8: |
115 | 567 | if (hash) { |
116 | 516 | void *value; |
117 | 516 | generic_ssizet = fuzz_randomizer_get_int(0, 0xfffffff); |
118 | 516 | value = (void *)generic_ssizet; |
119 | 516 | hash_remove_by_value(hash, value); |
120 | 516 | } |
121 | 567 | default: |
122 | 567 | break; |
123 | 8.54k | } |
124 | 8.54k | } |
125 | | |
126 | 519 | if (hash) { |
127 | 500 | hash_free(hash); |
128 | 500 | } |
129 | | |
130 | 519 | gc_free(&gc); |
131 | | |
132 | 519 | fuzz_random_destroy(); |
133 | | |
134 | 519 | return 0; |
135 | 519 | } |