Coverage Report

Created: 2025-07-11 06:49

/src/instance_enumerate_fuzzer.c
Line
Count
Source (jump to first uncovered line)
1
/* Copyright 2023 Google LLC
2
Licensed under the Apache License, Version 2.0 (the "License");
3
you may not use this file except in compliance with the License.
4
You may obtain a copy of the License at
5
      http://www.apache.org/licenses/LICENSE-2.0
6
Unless required by applicable law or agreed to in writing, software
7
distributed under the License is distributed on an "AS IS" BASIS,
8
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9
See the License for the specific language governing permissions and
10
limitations under the License.
11
*/
12
13
#include <stdint.h>
14
#include <stdio.h>
15
#include <stdlib.h>
16
17
#include "cJSON.h"
18
#include "loader.h"
19
#include "fuzz_header.h"
20
21
#define MAX_SIZE = 64000
22
6
int LLVMFuzzerInitialize(int *argc, char ***argv) {
23
6
  setenv("HOME", "/tmp", 1);
24
6
  system("mkdir -p $HOME/.local/share/vulkan/implicit_layer.d");
25
6
  system("mkdir -p $HOME/.local/share/vulkan/loader_settings.d");
26
6
  return 0;
27
6
}
28
29
/*
30
 * Create config files for given path and data.
31
 */
32
53.9k
int create_config_file(const char* config_path, const char* config_filename, const uint8_t* data, size_t size) {
33
53.9k
  char filename[512];
34
53.9k
  char path[256];
35
36
37
53.9k
  sprintf(path, "%s/%s", getenv("HOME"), config_path);
38
53.9k
  sprintf(filename, "%s/%s", path, config_filename);
39
40
53.9k
  FILE *fp = fopen(filename, "wb");
41
53.9k
  if (!fp) {
42
0
    return 1;
43
0
  }
44
53.9k
  fwrite(data, size, 1, fp);
45
53.9k
  fclose(fp);
46
47
53.9k
  return 0;
48
53.9k
}
49
50
/*
51
 * Remove config file
52
 */
53
53.9k
void remove_config_file(const char* config_path, const char* config_filename) {
54
53.9k
  char filename[512];
55
53.9k
  sprintf(filename, "%s/%s/%s", getenv("HOME"), config_path, config_filename);
56
53.9k
  unlink(filename);
57
53.9k
}
58
59
/*
60
 * Targets the instance extension enumeration.
61
 */
62
6.79k
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
63
64
# ifdef SPLIT_INPUT
65
  if (size < 2*sizeof(size_t)) {
66
    return 0;
67
  }
68
69
  // Split the loaders into two different parts so the files
70
  // are independently seeded with fuzz data.
71
  size_t first_size = (*(size_t*)data) % 64000;
72
  size_t second_size = (*(size_t*)(data + sizeof(size_t))) % 64000;
73
74
  data += 2*sizeof(size_t); // Move past the first two integers
75
  size -= 2*sizeof(size_t); // Adjust size to account for the first two integers
76
  size_t total_size_needed = first_size + second_size;
77
  if (size <= total_size_needed) {
78
    return 0;
79
  }
80
  int result = create_config_file(".local/share/vulkan/implicit_layer.d", "complex_layer.json", data, first_size);
81
  if (result) {
82
    return 0;
83
  }
84
85
  data += first_size;
86
87
  result = create_config_file(".local/share/vulkan/loader_settings.d", "vk_loader_settings.json", data, second_size);
88
  if (result) {
89
    return 0;
90
  }
91
#else
92
6.79k
  int result = create_config_file(".local/share/vulkan/implicit_layer.d", "complex_layer.json", data, size);
93
6.79k
  if (result) {
94
0
    return 0;
95
0
  }
96
97
6.79k
  result = create_config_file(".local/share/vulkan/loader_settings.d", "vk_loader_settings.json", data, size);
98
6.79k
  if (result) {
99
0
    return 0;
100
0
  }
101
6.79k
#endif
102
103
104
  //printf("Status: %d\n", (int)ms);
105
6.79k
  setenv("VK_LOADER_LAYERS_ENABLE", "all", 1);
106
107
6.79k
  uint32_t pPropertyCount;
108
6.79k
  VkExtensionProperties pProperties = {0};
109
110
6.79k
  vkEnumerateInstanceExtensionProperties("test_auto", &pPropertyCount, &pProperties);
111
112
  // Clean up config files
113
6.79k
  remove_config_file(".local/share/vulkan/implicit_layer.d", "complex_layer.json");
114
6.79k
  remove_config_file(".local/share/vulkan/loader_settings.d", "vk_loader_settings.json");
115
116
6.79k
  return 0;
117
6.79k
}