Coverage Report

Created: 2025-08-24 06:48

/src/wuffs/fuzz/c/fuzzlib/fuzzlib.c
Line
Count
Source (jump to first uncovered line)
1
// Copyright 2018 The Wuffs Authors.
2
//
3
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4
// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5
// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6
// option. This file may not be copied, modified, or distributed
7
// except according to those terms.
8
//
9
// SPDX-License-Identifier: Apache-2.0 OR MIT
10
11
#include <inttypes.h>
12
#include <stdio.h>
13
#include <stdlib.h>
14
#include <string.h>
15
16
#ifndef WUFFS_INCLUDE_GUARD
17
#error "Wuffs' .h files need to be included before this file"
18
#endif
19
20
void  //
21
0
intentional_segfault() {
22
0
  static volatile int* ptr = NULL;
23
0
  *ptr = 0;
24
0
}
Unexecuted instantiation: intentional_segfault
Unexecuted instantiation: intentional_segfault()
25
26
static uint32_t  //
27
39.0k
popcount32(uint32_t x) {
28
39.0k
  static const uint8_t table[256] = {
29
39.0k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
39.0k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
39.0k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
39.0k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
39.0k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
39.0k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
39.0k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
39.0k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
39.0k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
39.0k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
39.0k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
39.0k
  };
46
39.0k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
39.0k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
39.0k
}
png_fuzzer.c:popcount32
Line
Count
Source
27
5.78k
popcount32(uint32_t x) {
28
5.78k
  static const uint8_t table[256] = {
29
5.78k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
5.78k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
5.78k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
5.78k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
5.78k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
5.78k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
5.78k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
5.78k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
5.78k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
5.78k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
5.78k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
5.78k
  };
46
5.78k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
5.78k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
5.78k
}
json_fuzzer.cc:popcount32(unsigned int)
Line
Count
Source
27
5.97k
popcount32(uint32_t x) {
28
5.97k
  static const uint8_t table[256] = {
29
5.97k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
5.97k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
5.97k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
5.97k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
5.97k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
5.97k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
5.97k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
5.97k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
5.97k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
5.97k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
5.97k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
5.97k
  };
46
5.97k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
5.97k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
5.97k
}
gif_fuzzer.c:popcount32
Line
Count
Source
27
2.12k
popcount32(uint32_t x) {
28
2.12k
  static const uint8_t table[256] = {
29
2.12k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
2.12k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
2.12k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
2.12k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
2.12k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
2.12k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
2.12k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
2.12k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
2.12k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
2.12k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
2.12k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
2.12k
  };
46
2.12k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
2.12k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
2.12k
}
xz_fuzzer.c:popcount32
Line
Count
Source
27
8.54k
popcount32(uint32_t x) {
28
8.54k
  static const uint8_t table[256] = {
29
8.54k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
8.54k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
8.54k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
8.54k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
8.54k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
8.54k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
8.54k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
8.54k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
8.54k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
8.54k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
8.54k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
8.54k
  };
46
8.54k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
8.54k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
8.54k
}
jpeg_fuzzer.c:popcount32
Line
Count
Source
27
3.72k
popcount32(uint32_t x) {
28
3.72k
  static const uint8_t table[256] = {
29
3.72k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
3.72k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
3.72k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
3.72k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
3.72k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
3.72k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
3.72k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
3.72k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
3.72k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
3.72k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
3.72k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
3.72k
  };
46
3.72k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
3.72k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
3.72k
}
cbor_fuzzer.c:popcount32
Line
Count
Source
27
2.11k
popcount32(uint32_t x) {
28
2.11k
  static const uint8_t table[256] = {
29
2.11k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
2.11k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
2.11k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
2.11k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
2.11k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
2.11k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
2.11k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
2.11k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
2.11k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
2.11k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
2.11k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
2.11k
  };
46
2.11k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
2.11k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
2.11k
}
bmp_fuzzer.c:popcount32
Line
Count
Source
27
3.20k
popcount32(uint32_t x) {
28
3.20k
  static const uint8_t table[256] = {
29
3.20k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
3.20k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
3.20k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
3.20k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
3.20k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
3.20k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
3.20k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
3.20k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
3.20k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
3.20k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
3.20k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
3.20k
  };
46
3.20k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
3.20k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
3.20k
}
pixel_swizzler_fuzzer.c:popcount32
Line
Count
Source
27
3.90k
popcount32(uint32_t x) {
28
3.90k
  static const uint8_t table[256] = {
29
3.90k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
3.90k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
3.90k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
3.90k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
3.90k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
3.90k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
3.90k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
3.90k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
3.90k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
3.90k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
3.90k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
3.90k
  };
46
3.90k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
3.90k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
3.90k
}
zlib_fuzzer.c:popcount32
Line
Count
Source
27
1.31k
popcount32(uint32_t x) {
28
1.31k
  static const uint8_t table[256] = {
29
1.31k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
1.31k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
1.31k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
1.31k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
1.31k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
1.31k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
1.31k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
1.31k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
1.31k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
1.31k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
1.31k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
1.31k
  };
46
1.31k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
1.31k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
1.31k
}
targa_fuzzer.c:popcount32
Line
Count
Source
27
1.15k
popcount32(uint32_t x) {
28
1.15k
  static const uint8_t table[256] = {
29
1.15k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
1.15k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
1.15k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
1.15k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
1.15k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
1.15k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
1.15k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
1.15k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
1.15k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
1.15k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
1.15k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
1.15k
  };
46
1.15k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
1.15k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
1.15k
}
bzip2_fuzzer.c:popcount32
Line
Count
Source
27
1.14k
popcount32(uint32_t x) {
28
1.14k
  static const uint8_t table[256] = {
29
1.14k
      0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4,  //
30
1.14k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
31
1.14k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
32
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
33
1.14k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
34
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
35
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
36
1.14k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
37
1.14k
      1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5,  //
38
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
39
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
40
1.14k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
41
1.14k
      2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6,  //
42
1.14k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
43
1.14k
      3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7,  //
44
1.14k
      4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8,  //
45
1.14k
  };
46
1.14k
  return table[0xFF & (x >> 0)] + table[0xFF & (x >> 8)] +
47
1.14k
         table[0xFF & (x >> 16)] + table[0xFF & (x >> 24)];
48
1.14k
}
49
50
// jenkins_hash_u32 implements
51
// https://en.wikipedia.org/wiki/Jenkins_hash_function
52
static uint32_t  //
53
78.0k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
78.0k
  uint32_t hash = 0;
55
78.0k
  size_t i = 0;
56
474M
  while (i != size) {
57
474M
    hash += data[i++];
58
474M
    hash += hash << 10;
59
474M
    hash ^= hash >> 6;
60
474M
  }
61
78.0k
  hash += hash << 3;
62
78.0k
  hash ^= hash >> 11;
63
78.0k
  hash += hash << 15;
64
78.0k
  return hash;
65
78.0k
}
png_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
11.5k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
11.5k
  uint32_t hash = 0;
55
11.5k
  size_t i = 0;
56
53.0M
  while (i != size) {
57
53.0M
    hash += data[i++];
58
53.0M
    hash += hash << 10;
59
53.0M
    hash ^= hash >> 6;
60
53.0M
  }
61
11.5k
  hash += hash << 3;
62
11.5k
  hash ^= hash >> 11;
63
11.5k
  hash += hash << 15;
64
11.5k
  return hash;
65
11.5k
}
json_fuzzer.cc:jenkins_hash_u32(unsigned char const*, unsigned long)
Line
Count
Source
53
11.9k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
11.9k
  uint32_t hash = 0;
55
11.9k
  size_t i = 0;
56
128M
  while (i != size) {
57
128M
    hash += data[i++];
58
128M
    hash += hash << 10;
59
128M
    hash ^= hash >> 6;
60
128M
  }
61
11.9k
  hash += hash << 3;
62
11.9k
  hash ^= hash >> 11;
63
11.9k
  hash += hash << 15;
64
11.9k
  return hash;
65
11.9k
}
gif_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
4.25k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
4.25k
  uint32_t hash = 0;
55
4.25k
  size_t i = 0;
56
48.1M
  while (i != size) {
57
48.1M
    hash += data[i++];
58
48.1M
    hash += hash << 10;
59
48.1M
    hash ^= hash >> 6;
60
48.1M
  }
61
4.25k
  hash += hash << 3;
62
4.25k
  hash ^= hash >> 11;
63
4.25k
  hash += hash << 15;
64
4.25k
  return hash;
65
4.25k
}
xz_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
17.0k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
17.0k
  uint32_t hash = 0;
55
17.0k
  size_t i = 0;
56
46.4M
  while (i != size) {
57
46.4M
    hash += data[i++];
58
46.4M
    hash += hash << 10;
59
46.4M
    hash ^= hash >> 6;
60
46.4M
  }
61
17.0k
  hash += hash << 3;
62
17.0k
  hash ^= hash >> 11;
63
17.0k
  hash += hash << 15;
64
17.0k
  return hash;
65
17.0k
}
jpeg_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
7.45k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
7.45k
  uint32_t hash = 0;
55
7.45k
  size_t i = 0;
56
25.1M
  while (i != size) {
57
25.1M
    hash += data[i++];
58
25.1M
    hash += hash << 10;
59
25.1M
    hash ^= hash >> 6;
60
25.1M
  }
61
7.45k
  hash += hash << 3;
62
7.45k
  hash ^= hash >> 11;
63
7.45k
  hash += hash << 15;
64
7.45k
  return hash;
65
7.45k
}
cbor_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
4.23k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
4.23k
  uint32_t hash = 0;
55
4.23k
  size_t i = 0;
56
38.7M
  while (i != size) {
57
38.7M
    hash += data[i++];
58
38.7M
    hash += hash << 10;
59
38.7M
    hash ^= hash >> 6;
60
38.7M
  }
61
4.23k
  hash += hash << 3;
62
4.23k
  hash ^= hash >> 11;
63
4.23k
  hash += hash << 15;
64
4.23k
  return hash;
65
4.23k
}
bmp_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
6.40k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
6.40k
  uint32_t hash = 0;
55
6.40k
  size_t i = 0;
56
55.9M
  while (i != size) {
57
55.9M
    hash += data[i++];
58
55.9M
    hash += hash << 10;
59
55.9M
    hash ^= hash >> 6;
60
55.9M
  }
61
6.40k
  hash += hash << 3;
62
6.40k
  hash ^= hash >> 11;
63
6.40k
  hash += hash << 15;
64
6.40k
  return hash;
65
6.40k
}
pixel_swizzler_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
7.81k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
7.81k
  uint32_t hash = 0;
55
7.81k
  size_t i = 0;
56
20.5M
  while (i != size) {
57
20.5M
    hash += data[i++];
58
20.5M
    hash += hash << 10;
59
20.5M
    hash ^= hash >> 6;
60
20.5M
  }
61
7.81k
  hash += hash << 3;
62
7.81k
  hash ^= hash >> 11;
63
7.81k
  hash += hash << 15;
64
7.81k
  return hash;
65
7.81k
}
zlib_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
2.63k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
2.63k
  uint32_t hash = 0;
55
2.63k
  size_t i = 0;
56
20.4M
  while (i != size) {
57
20.4M
    hash += data[i++];
58
20.4M
    hash += hash << 10;
59
20.4M
    hash ^= hash >> 6;
60
20.4M
  }
61
2.63k
  hash += hash << 3;
62
2.63k
  hash ^= hash >> 11;
63
2.63k
  hash += hash << 15;
64
2.63k
  return hash;
65
2.63k
}
targa_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
2.30k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
2.30k
  uint32_t hash = 0;
55
2.30k
  size_t i = 0;
56
30.6M
  while (i != size) {
57
30.6M
    hash += data[i++];
58
30.6M
    hash += hash << 10;
59
30.6M
    hash ^= hash >> 6;
60
30.6M
  }
61
2.30k
  hash += hash << 3;
62
2.30k
  hash ^= hash >> 11;
63
2.30k
  hash += hash << 15;
64
2.30k
  return hash;
65
2.30k
}
bzip2_fuzzer.c:jenkins_hash_u32
Line
Count
Source
53
2.29k
jenkins_hash_u32(const uint8_t* data, size_t size) {
54
2.29k
  uint32_t hash = 0;
55
2.29k
  size_t i = 0;
56
6.81M
  while (i != size) {
57
6.81M
    hash += data[i++];
58
6.81M
    hash += hash << 10;
59
6.81M
    hash ^= hash >> 6;
60
6.81M
  }
61
2.29k
  hash += hash << 3;
62
2.29k
  hash ^= hash >> 11;
63
2.29k
  hash += hash << 15;
64
2.29k
  return hash;
65
2.29k
}
66
67
// memrandomize is like memcpy or memset but it writes pseudo-random values.
68
static void*  //
69
0
memrandomize(void* dest, uint64_t seed, size_t n) {
70
0
  unsigned short xsubi[3];  // See "man 3 nrand48".
71
0
  xsubi[0] = (seed >> 0) ^ (seed >> 48);
72
0
  xsubi[1] = (seed >> 16);
73
0
  xsubi[2] = (seed >> 32);
74
0
  for (uint8_t* ptr = (uint8_t*)dest; n--;) {
75
0
    *ptr++ = nrand48(xsubi);
76
0
  }
77
0
  return dest;
78
0
}
Unexecuted instantiation: png_fuzzer.c:memrandomize
Unexecuted instantiation: json_fuzzer.cc:memrandomize(void*, unsigned long, unsigned long)
Unexecuted instantiation: gif_fuzzer.c:memrandomize
Unexecuted instantiation: xz_fuzzer.c:memrandomize
Unexecuted instantiation: jpeg_fuzzer.c:memrandomize
Unexecuted instantiation: cbor_fuzzer.c:memrandomize
Unexecuted instantiation: bmp_fuzzer.c:memrandomize
Unexecuted instantiation: pixel_swizzler_fuzzer.c:memrandomize
Unexecuted instantiation: zlib_fuzzer.c:memrandomize
Unexecuted instantiation: targa_fuzzer.c:memrandomize
Unexecuted instantiation: bzip2_fuzzer.c:memrandomize
79
80
const char*  //
81
fuzz(wuffs_base__io_buffer* src, uint64_t hash);
82
83
static const char*  //
84
39.0k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
39.0k
  size_t s2 = size / 2;
87
39.0k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
39.0k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
39.0k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
39.0k
  const bool closed = !(1 & popcount32(hash0));
93
94
39.0k
  wuffs_base__io_buffer src =
95
39.0k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
39.0k
  const char* msg = fuzz(&src, hash);
98
39.0k
  if (msg) {
99
35.6k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
35.6k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
35.6k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
35.6k
  }
110
39.0k
  return msg;
111
39.0k
}
png_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
5.78k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
5.78k
  size_t s2 = size / 2;
87
5.78k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
5.78k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
5.78k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
5.78k
  const bool closed = !(1 & popcount32(hash0));
93
94
5.78k
  wuffs_base__io_buffer src =
95
5.78k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
5.78k
  const char* msg = fuzz(&src, hash);
98
5.78k
  if (msg) {
99
5.78k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
5.78k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
5.78k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
5.78k
  }
110
5.78k
  return msg;
111
5.78k
}
json_fuzzer.cc:llvmFuzzerTestOneInput(unsigned char const*, unsigned long)
Line
Count
Source
84
5.97k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
5.97k
  size_t s2 = size / 2;
87
5.97k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
5.97k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
5.97k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
5.97k
  const bool closed = !(1 & popcount32(hash0));
93
94
5.97k
  wuffs_base__io_buffer src =
95
5.97k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
5.97k
  const char* msg = fuzz(&src, hash);
98
5.97k
  if (msg) {
99
4.78k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
4.78k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
4.78k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
4.78k
  }
110
5.97k
  return msg;
111
5.97k
}
gif_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
2.12k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
2.12k
  size_t s2 = size / 2;
87
2.12k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
2.12k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
2.12k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
2.12k
  const bool closed = !(1 & popcount32(hash0));
93
94
2.12k
  wuffs_base__io_buffer src =
95
2.12k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
2.12k
  const char* msg = fuzz(&src, hash);
98
2.12k
  if (msg) {
99
2.07k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
2.07k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
2.07k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
2.07k
  }
110
2.12k
  return msg;
111
2.12k
}
xz_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
8.54k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
8.54k
  size_t s2 = size / 2;
87
8.54k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
8.54k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
8.54k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
8.54k
  const bool closed = !(1 & popcount32(hash0));
93
94
8.54k
  wuffs_base__io_buffer src =
95
8.54k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
8.54k
  const char* msg = fuzz(&src, hash);
98
8.54k
  if (msg) {
99
8.54k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
8.54k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
8.54k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
8.54k
  }
110
8.54k
  return msg;
111
8.54k
}
jpeg_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
3.72k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
3.72k
  size_t s2 = size / 2;
87
3.72k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
3.72k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
3.72k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
3.72k
  const bool closed = !(1 & popcount32(hash0));
93
94
3.72k
  wuffs_base__io_buffer src =
95
3.72k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
3.72k
  const char* msg = fuzz(&src, hash);
98
3.72k
  if (msg) {
99
3.72k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
3.72k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
3.72k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
3.72k
  }
110
3.72k
  return msg;
111
3.72k
}
cbor_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
2.11k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
2.11k
  size_t s2 = size / 2;
87
2.11k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
2.11k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
2.11k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
2.11k
  const bool closed = !(1 & popcount32(hash0));
93
94
2.11k
  wuffs_base__io_buffer src =
95
2.11k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
2.11k
  const char* msg = fuzz(&src, hash);
98
2.11k
  if (msg) {
99
1.78k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
1.78k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
1.78k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
1.78k
  }
110
2.11k
  return msg;
111
2.11k
}
bmp_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
3.20k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
3.20k
  size_t s2 = size / 2;
87
3.20k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
3.20k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
3.20k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
3.20k
  const bool closed = !(1 & popcount32(hash0));
93
94
3.20k
  wuffs_base__io_buffer src =
95
3.20k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
3.20k
  const char* msg = fuzz(&src, hash);
98
3.20k
  if (msg) {
99
3.08k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
3.08k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
3.08k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
3.08k
  }
110
3.20k
  return msg;
111
3.20k
}
pixel_swizzler_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
3.90k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
3.90k
  size_t s2 = size / 2;
87
3.90k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
3.90k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
3.90k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
3.90k
  const bool closed = !(1 & popcount32(hash0));
93
94
3.90k
  wuffs_base__io_buffer src =
95
3.90k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
3.90k
  const char* msg = fuzz(&src, hash);
98
3.90k
  if (msg) {
99
2.30k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
2.30k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
2.30k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
2.30k
  }
110
3.90k
  return msg;
111
3.90k
}
zlib_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
1.31k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
1.31k
  size_t s2 = size / 2;
87
1.31k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
1.31k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
1.31k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
1.31k
  const bool closed = !(1 & popcount32(hash0));
93
94
1.31k
  wuffs_base__io_buffer src =
95
1.31k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
1.31k
  const char* msg = fuzz(&src, hash);
98
1.31k
  if (msg) {
99
1.28k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
1.28k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
1.28k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
1.28k
  }
110
1.31k
  return msg;
111
1.31k
}
targa_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
1.15k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
1.15k
  size_t s2 = size / 2;
87
1.15k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
1.15k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
1.15k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
1.15k
  const bool closed = !(1 & popcount32(hash0));
93
94
1.15k
  wuffs_base__io_buffer src =
95
1.15k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
1.15k
  const char* msg = fuzz(&src, hash);
98
1.15k
  if (msg) {
99
1.10k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
1.10k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
1.10k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
1.10k
  }
110
1.15k
  return msg;
111
1.15k
}
bzip2_fuzzer.c:llvmFuzzerTestOneInput
Line
Count
Source
84
1.14k
llvmFuzzerTestOneInput(const uint8_t* data, size_t size) {
85
  // Make a 64-bit hash out of two 32-bit hashes, each on half of the data.
86
1.14k
  size_t s2 = size / 2;
87
1.14k
  uint32_t hash0 = jenkins_hash_u32(data, s2);
88
1.14k
  uint32_t hash1 = jenkins_hash_u32(data + s2, size - s2);
89
1.14k
  uint64_t hash = (((uint64_t)hash0) << 32) | ((uint64_t)hash1);
90
91
  // The ! means that closed will be true for (size == 0).
92
1.14k
  const bool closed = !(1 & popcount32(hash0));
93
94
1.14k
  wuffs_base__io_buffer src =
95
1.14k
      wuffs_base__ptr_u8__reader((uint8_t*)data, size, closed);
96
97
1.14k
  const char* msg = fuzz(&src, hash);
98
1.14k
  if (msg) {
99
1.14k
    if (strnlen(msg, 2047) >= 2047) {
100
0
      msg = "fuzzlib: internal error: error message is too long";
101
0
    }
102
1.14k
    if (closed && strstr(msg, "base: short read")) {
103
0
      fprintf(stderr, "short read on a closed io_reader\n");
104
0
      intentional_segfault();
105
1.14k
    } else if (strstr(msg, "internal error:")) {
106
0
      fprintf(stderr, "internal errors shouldn't occur: \"%s\"\n", msg);
107
0
      intentional_segfault();
108
0
    }
109
1.14k
  }
110
1.14k
  return msg;
111
1.14k
}
112
113
#ifdef __cplusplus
114
extern "C" {
115
#endif
116
117
int  //
118
39.0k
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
119
39.0k
  llvmFuzzerTestOneInput(data, size);
120
39.0k
  return 0;
121
39.0k
}
122
123
#ifdef __cplusplus
124
}  // extern "C"
125
#endif
126
127
static wuffs_base__io_buffer  //
128
3.04M
make_limited_reader(wuffs_base__io_buffer b, uint64_t limit) {
129
3.04M
  uint64_t n = b.meta.wi - b.meta.ri;
130
3.04M
  bool closed = b.meta.closed;
131
3.04M
  if (n > limit) {
132
368k
    n = limit;
133
368k
    closed = false;
134
368k
  }
135
136
3.04M
  wuffs_base__io_buffer ret;
137
3.04M
  ret.data.ptr = b.data.ptr + b.meta.ri;
138
3.04M
  ret.data.len = n;
139
3.04M
  ret.meta.wi = n;
140
3.04M
  ret.meta.ri = 0;
141
3.04M
  ret.meta.pos = wuffs_base__u64__sat_add(b.meta.pos, b.meta.ri);
142
3.04M
  ret.meta.closed = closed;
143
3.04M
  return ret;
144
3.04M
}
Unexecuted instantiation: png_fuzzer.c:make_limited_reader
json_fuzzer.cc:make_limited_reader(wuffs_base__io_buffer__struct, unsigned long)
Line
Count
Source
128
2.42M
make_limited_reader(wuffs_base__io_buffer b, uint64_t limit) {
129
2.42M
  uint64_t n = b.meta.wi - b.meta.ri;
130
2.42M
  bool closed = b.meta.closed;
131
2.42M
  if (n > limit) {
132
297k
    n = limit;
133
297k
    closed = false;
134
297k
  }
135
136
2.42M
  wuffs_base__io_buffer ret;
137
2.42M
  ret.data.ptr = b.data.ptr + b.meta.ri;
138
2.42M
  ret.data.len = n;
139
2.42M
  ret.meta.wi = n;
140
2.42M
  ret.meta.ri = 0;
141
2.42M
  ret.meta.pos = wuffs_base__u64__sat_add(b.meta.pos, b.meta.ri);
142
2.42M
  ret.meta.closed = closed;
143
2.42M
  return ret;
144
2.42M
}
Unexecuted instantiation: gif_fuzzer.c:make_limited_reader
Unexecuted instantiation: xz_fuzzer.c:make_limited_reader
Unexecuted instantiation: jpeg_fuzzer.c:make_limited_reader
cbor_fuzzer.c:make_limited_reader
Line
Count
Source
128
618k
make_limited_reader(wuffs_base__io_buffer b, uint64_t limit) {
129
618k
  uint64_t n = b.meta.wi - b.meta.ri;
130
618k
  bool closed = b.meta.closed;
131
618k
  if (n > limit) {
132
71.1k
    n = limit;
133
71.1k
    closed = false;
134
71.1k
  }
135
136
618k
  wuffs_base__io_buffer ret;
137
618k
  ret.data.ptr = b.data.ptr + b.meta.ri;
138
618k
  ret.data.len = n;
139
618k
  ret.meta.wi = n;
140
618k
  ret.meta.ri = 0;
141
618k
  ret.meta.pos = wuffs_base__u64__sat_add(b.meta.pos, b.meta.ri);
142
618k
  ret.meta.closed = closed;
143
618k
  return ret;
144
618k
}
Unexecuted instantiation: bmp_fuzzer.c:make_limited_reader
Unexecuted instantiation: pixel_swizzler_fuzzer.c:make_limited_reader
Unexecuted instantiation: zlib_fuzzer.c:make_limited_reader
Unexecuted instantiation: targa_fuzzer.c:make_limited_reader
Unexecuted instantiation: bzip2_fuzzer.c:make_limited_reader
145
146
#ifdef WUFFS_CONFIG__FUZZLIB_MAIN
147
148
#include <dirent.h>
149
#include <errno.h>
150
#include <fcntl.h>
151
#include <stdbool.h>
152
#include <sys/mman.h>
153
#include <sys/stat.h>
154
#include <unistd.h>
155
156
struct {
157
  int remaining_argc;
158
  char** remaining_argv;
159
160
  bool color;
161
} g_flags = {0};
162
163
const char*  //
164
parse_flags(int argc, char** argv) {
165
  int c = (argc > 0) ? 1 : 0;  // Skip argv[0], the program name.
166
  for (; c < argc; c++) {
167
    char* arg = argv[c];
168
    if (*arg++ != '-') {
169
      break;
170
    }
171
172
    // A double-dash "--foo" is equivalent to a single-dash "-foo". As special
173
    // cases, a bare "-" is not a flag (some programs may interpret it as
174
    // stdin) and a bare "--" means to stop parsing flags.
175
    if (*arg == '\x00') {
176
      break;
177
    } else if (*arg == '-') {
178
      arg++;
179
      if (*arg == '\x00') {
180
        c++;
181
        break;
182
      }
183
    }
184
185
    if (!strcmp(arg, "c") || !strcmp(arg, "color")) {
186
      g_flags.color = true;
187
      continue;
188
    }
189
190
    return "main: unrecognized flag argument";
191
  }
192
193
  g_flags.remaining_argc = argc - c;
194
  g_flags.remaining_argv = argv + c;
195
  return NULL;
196
}
197
198
static int g_num_files_processed;
199
200
static struct {
201
  char buf[PATH_MAX];
202
  size_t len;
203
} g_relative_cwd;
204
205
void  //
206
errorf(const char* msg) {
207
  if (g_flags.color) {
208
    printf("\e[31m%s\e[0m\n", msg);
209
  } else {
210
    printf("%s\n", msg);
211
  }
212
}
213
214
static int  //
215
visit(char* filename);
216
217
static int  //
218
visit_dir(int fd) {
219
  int cwd_fd = open(".", O_RDONLY, 0);
220
  if (fchdir(fd)) {
221
    errorf("failed");
222
    fprintf(stderr, "FAIL: fchdir: %s\n", strerror(errno));
223
    return 1;
224
  }
225
226
  DIR* d = fdopendir(fd);
227
  if (!d) {
228
    errorf("failed");
229
    fprintf(stderr, "FAIL: fdopendir: %s\n", strerror(errno));
230
    return 1;
231
  }
232
233
  printf("dir\n");
234
  while (true) {
235
    struct dirent* e = readdir(d);
236
    if (!e) {
237
      break;
238
    }
239
    if ((e->d_name[0] == '\x00') || (e->d_name[0] == '.')) {
240
      continue;
241
    }
242
    int v = visit(e->d_name);
243
    if (v) {
244
      return v;
245
    }
246
  }
247
248
  if (closedir(d)) {
249
    fprintf(stderr, "FAIL: closedir: %s\n", strerror(errno));
250
    return 1;
251
  }
252
  if (fchdir(cwd_fd)) {
253
    fprintf(stderr, "FAIL: fchdir: %s\n", strerror(errno));
254
    return 1;
255
  }
256
  if (close(cwd_fd)) {
257
    fprintf(stderr, "FAIL: close: %s\n", strerror(errno));
258
    return 1;
259
  }
260
  return 0;
261
}
262
263
static int  //
264
visit_reg(int fd, off_t size) {
265
  if ((size < 0) || (0x7FFFFFFF < size)) {
266
    errorf("failed");
267
    fprintf(stderr, "FAIL: file size out of bounds");
268
    return 1;
269
  }
270
271
  void* data = NULL;
272
  if (size > 0) {
273
    data = mmap(NULL, size, PROT_READ, MAP_SHARED, fd, 0);
274
    if (data == MAP_FAILED) {
275
      errorf("failed");
276
      fprintf(stderr, "FAIL: mmap: %s\n", strerror(errno));
277
      return 1;
278
    }
279
  }
280
281
  const char* msg = llvmFuzzerTestOneInput((const uint8_t*)(data), size);
282
  if (msg) {
283
    errorf(msg);
284
  } else if (g_flags.color) {
285
    printf("\e[32mok\e[0m\n");
286
  } else {
287
    printf("ok\n");
288
  }
289
290
  if ((size > 0) && munmap(data, size)) {
291
    fprintf(stderr, "FAIL: mmap: %s\n", strerror(errno));
292
    return 1;
293
  }
294
  if (close(fd)) {
295
    fprintf(stderr, "FAIL: close: %s\n", strerror(errno));
296
    return 1;
297
  }
298
  return 0;
299
}
300
301
static int  //
302
visit(char* filename) {
303
  g_num_files_processed++;
304
  if (!filename || (filename[0] == '\x00')) {
305
    fprintf(stderr, "FAIL: invalid filename\n");
306
    return 1;
307
  }
308
  int n = printf("- %s%s", g_relative_cwd.buf, filename);
309
  printf("%*s", (60 > n) ? (60 - n) : 1, "");
310
  fflush(stdout);
311
312
  struct stat z;
313
  int fd = open(filename, O_RDONLY, 0);
314
  if (fd == -1) {
315
    errorf("failed");
316
    fprintf(stderr, "FAIL: open: %s\n", strerror(errno));
317
    return 1;
318
  }
319
  if (fstat(fd, &z)) {
320
    errorf("failed");
321
    fprintf(stderr, "FAIL: fstat: %s\n", strerror(errno));
322
    return 1;
323
  }
324
325
  if (S_ISREG(z.st_mode)) {
326
    return visit_reg(fd, z.st_size);
327
  } else if (!S_ISDIR(z.st_mode)) {
328
    printf("skipped\n");
329
    return 0;
330
  }
331
332
  size_t old_len = g_relative_cwd.len;
333
  size_t filename_len = strlen(filename);
334
  size_t new_len = old_len + strlen(filename);
335
  bool slash = filename[filename_len - 1] != '/';
336
  if (slash) {
337
    new_len++;
338
  }
339
  if ((filename_len >= PATH_MAX) || (new_len >= PATH_MAX)) {
340
    errorf("failed");
341
    fprintf(stderr, "FAIL: path is too long\n");
342
    return 1;
343
  }
344
  memcpy(g_relative_cwd.buf + old_len, filename, filename_len);
345
346
  if (slash) {
347
    g_relative_cwd.buf[new_len - 1] = '/';
348
  }
349
  g_relative_cwd.buf[new_len] = '\x00';
350
  g_relative_cwd.len = new_len;
351
352
  int v = visit_dir(fd);
353
354
  g_relative_cwd.buf[old_len] = '\x00';
355
  g_relative_cwd.len = old_len;
356
  return v;
357
}
358
359
int  //
360
main(int argc, char** argv) {
361
  g_num_files_processed = 0;
362
  g_relative_cwd.len = 0;
363
364
  const char* z = parse_flags(argc, argv);
365
  if (z) {
366
    fprintf(stderr, "FAIL: %s\n", z);
367
    return 1;
368
  }
369
  for (int i = 0; i < g_flags.remaining_argc; i++) {
370
    int v = visit(g_flags.remaining_argv[i]);
371
    if (v) {
372
      return v;
373
    }
374
  }
375
376
  printf("PASS: %d files processed\n", g_num_files_processed);
377
  return 0;
378
}
379
380
#endif  // WUFFS_CONFIG__FUZZLIB_MAIN