diff options
Diffstat (limited to 'pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc')
-rw-r--r-- | pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc b/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc new file mode 100644 index 000000000..99b04df67 --- /dev/null +++ b/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc @@ -0,0 +1,52 @@ +// Copyright 2020 The Pigweed Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +// This is a simple example of how to write a fuzzer. The target function is +// crafted to demonstrates how the fuzzer can analyze conditional branches and +// incrementally cover more and more code until a defect is found. +// +// See build_and_run_toy_fuzzer.sh for examples of how you can build and run +// this example. + +#include <cstddef> +#include <cstdint> +#include <string_view> + +#include "pw_fuzzer/fuzzed_data_provider.h" +#include "pw_status/status.h" + +namespace pw::fuzzer::example { +namespace { + +// The code to fuzz. This would normally be in separate library. +Status SomeAPI(std::string_view s1, std::string_view s2) { + if (s1 == "hello") { + if (s2 == "world") { + abort(); + } + } + return OkStatus(); +} + +} // namespace +} // namespace pw::fuzzer::example + +// The fuzz target function +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider provider(data, size); + std::string s1 = provider.ConsumeRandomLengthString(); + std::string s2 = provider.ConsumeRemainingBytesAsString(); + pw::fuzzer::example::SomeAPI(s1, s2).IgnoreError(); + return 0; +} |