/src/spirv-tools/test/fuzzers/spvtools_dis_fuzzer.cpp

Source (jump to first uncovered line)
// Copyright (c) 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <cstdint>
#include <cstring>  // memcpy
#include <vector>

#include "source/spirv_target_env.h"
#include "spirv-tools/libspirv.hpp"
#include "test/fuzzers/random_generator.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size < 4) {
    // There are not enough bytes to constitute a binary that can be
    // disassembled.
    return 0;
  }

  spvtools::fuzzers::RandomGenerator random_gen(data, size);
  const spv_context context = spvContextCreate(random_gen.GetTargetEnv());
  if (context == nullptr) {
    return 0;
  }

  std::vector<uint32_t> input;
  input.resize(size >> 2);
  size_t count = 0;
  for (size_t i = 0; (i + 3) < size; i += 4) {
    input[count++] = data[i] | (data[i + 1] << 8) | (data[i + 2] << 16) |
                     (data[i + 3]) << 24;
  }

  std::vector<char> input_str;
  size_t char_count = input.size() * sizeof(uint32_t) / sizeof(char);
  input_str.resize(char_count);
  memcpy(input_str.data(), input.data(), input.size() * sizeof(uint32_t));

  spv_text text = nullptr;
  spv_diagnostic diagnostic = nullptr;

  for (uint32_t options = SPV_BINARY_TO_TEXT_OPTION_NONE;
       options <
       (SPV_BINARY_TO_TEXT_OPTION_PRINT | SPV_BINARY_TO_TEXT_OPTION_COLOR |
        SPV_BINARY_TO_TEXT_OPTION_INDENT |
        SPV_BINARY_TO_TEXT_OPTION_SHOW_BYTE_OFFSET |
        SPV_BINARY_TO_TEXT_OPTION_NO_HEADER |
        SPV_BINARY_TO_TEXT_OPTION_FRIENDLY_NAMES);
       options++) {
    spvBinaryToText(context, input.data(), input.size(), options, &text,
                    &diagnostic);
    if (diagnostic) {
      spvDiagnosticDestroy(diagnostic);
      diagnostic = nullptr;
    }

    if (text) {
      spvTextDestroy(text);
      text = nullptr;
    }
  }

  spvContextDestroy(context);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		// Copyright (c) 2019 Google Inc.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <cstdint>
16		#include <cstring> // memcpy
17		#include <vector>
18
19		#include "source/spirv_target_env.h"
20		#include "spirv-tools/libspirv.hpp"
21		#include "test/fuzzers/random_generator.h"
22
23	4.93k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
24	4.93k	if (size < 4) {
25		// There are not enough bytes to constitute a binary that can be
26		// disassembled.
27	2	return 0;
28	2	}
29
30	4.93k	spvtools::fuzzers::RandomGenerator random_gen(data, size);
31	4.93k	const spv_context context = spvContextCreate(random_gen.GetTargetEnv());
32	4.93k	if (context == nullptr) {
33	0	return 0;
34	0	}
35
36	4.93k	std::vector<uint32_t> input;
37	4.93k	input.resize(size >> 2);
38	4.93k	size_t count = 0;
39	10.2M	for (size_t i = 0; (i + 3) < size; i += 4) {
40	10.2M	input[count++] = data[i] \| (data[i + 1] << 8) \| (data[i + 2] << 16) \|
41	10.2M	(data[i + 3]) << 24;
42	10.2M	}
43
44	4.93k	std::vector<char> input_str;
45	4.93k	size_t char_count = input.size() * sizeof(uint32_t) / sizeof(char);
46	4.93k	input_str.resize(char_count);
47	4.93k	memcpy(input_str.data(), input.data(), input.size() * sizeof(uint32_t));
48
49	4.93k	spv_text text = nullptr;
50	4.93k	spv_diagnostic diagnostic = nullptr;
51
52	4.93k	for (uint32_t options = SPV_BINARY_TO_TEXT_OPTION_NONE;
53	621k	options <
54	621k	(SPV_BINARY_TO_TEXT_OPTION_PRINT \| SPV_BINARY_TO_TEXT_OPTION_COLOR \|
55	621k	SPV_BINARY_TO_TEXT_OPTION_INDENT \|
56	621k	SPV_BINARY_TO_TEXT_OPTION_SHOW_BYTE_OFFSET \|
57	621k	SPV_BINARY_TO_TEXT_OPTION_NO_HEADER \|
58	621k	SPV_BINARY_TO_TEXT_OPTION_FRIENDLY_NAMES);
59	616k	options++) {
60	616k	spvBinaryToText(context, input.data(), input.size(), options, &text,
61	616k	&diagnostic);
62	616k	if (diagnostic) {
63	368k	spvDiagnosticDestroy(diagnostic);
64	368k	diagnostic = nullptr;
65	368k	}
66
67	616k	if (text) {
68	124k	spvTextDestroy(text);
69	124k	text = nullptr;
70	124k	}
71	616k	}
72
73	4.93k	spvContextDestroy(context);
74	4.93k	return 0;
75	4.93k	}

Coverage Report

Created: 2025-06-13 06:49