/src/spirv-tools/test/fuzzers/spvtools_dis_fuzzer.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | // Copyright (c) 2019 Google Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <cstdint> |
16 | | #include <cstring> // memcpy |
17 | | #include <vector> |
18 | | |
19 | | #include "source/spirv_target_env.h" |
20 | | #include "spirv-tools/libspirv.hpp" |
21 | | #include "test/fuzzers/random_generator.h" |
22 | | |
23 | 4.93k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
24 | 4.93k | if (size < 4) { |
25 | | // There are not enough bytes to constitute a binary that can be |
26 | | // disassembled. |
27 | 2 | return 0; |
28 | 2 | } |
29 | | |
30 | 4.93k | spvtools::fuzzers::RandomGenerator random_gen(data, size); |
31 | 4.93k | const spv_context context = spvContextCreate(random_gen.GetTargetEnv()); |
32 | 4.93k | if (context == nullptr) { |
33 | 0 | return 0; |
34 | 0 | } |
35 | | |
36 | 4.93k | std::vector<uint32_t> input; |
37 | 4.93k | input.resize(size >> 2); |
38 | 4.93k | size_t count = 0; |
39 | 10.2M | for (size_t i = 0; (i + 3) < size; i += 4) { |
40 | 10.2M | input[count++] = data[i] | (data[i + 1] << 8) | (data[i + 2] << 16) | |
41 | 10.2M | (data[i + 3]) << 24; |
42 | 10.2M | } |
43 | | |
44 | 4.93k | std::vector<char> input_str; |
45 | 4.93k | size_t char_count = input.size() * sizeof(uint32_t) / sizeof(char); |
46 | 4.93k | input_str.resize(char_count); |
47 | 4.93k | memcpy(input_str.data(), input.data(), input.size() * sizeof(uint32_t)); |
48 | | |
49 | 4.93k | spv_text text = nullptr; |
50 | 4.93k | spv_diagnostic diagnostic = nullptr; |
51 | | |
52 | 4.93k | for (uint32_t options = SPV_BINARY_TO_TEXT_OPTION_NONE; |
53 | 621k | options < |
54 | 621k | (SPV_BINARY_TO_TEXT_OPTION_PRINT | SPV_BINARY_TO_TEXT_OPTION_COLOR | |
55 | 621k | SPV_BINARY_TO_TEXT_OPTION_INDENT | |
56 | 621k | SPV_BINARY_TO_TEXT_OPTION_SHOW_BYTE_OFFSET | |
57 | 621k | SPV_BINARY_TO_TEXT_OPTION_NO_HEADER | |
58 | 621k | SPV_BINARY_TO_TEXT_OPTION_FRIENDLY_NAMES); |
59 | 616k | options++) { |
60 | 616k | spvBinaryToText(context, input.data(), input.size(), options, &text, |
61 | 616k | &diagnostic); |
62 | 616k | if (diagnostic) { |
63 | 368k | spvDiagnosticDestroy(diagnostic); |
64 | 368k | diagnostic = nullptr; |
65 | 368k | } |
66 | | |
67 | 616k | if (text) { |
68 | 124k | spvTextDestroy(text); |
69 | 124k | text = nullptr; |
70 | 124k | } |
71 | 616k | } |
72 | | |
73 | 4.93k | spvContextDestroy(context); |
74 | 4.93k | return 0; |
75 | 4.93k | } |