1 files changed, 52 insertions, 0 deletions

diff --git a/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc b/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc
new file mode 100644
index 000000000..99b04df67
--- /dev/null
+++ b/pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc
@@ -0,0 +1,52 @@
+// Copyright 2020 The Pigweed Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+// This is a simple example of how to write a fuzzer. The target function is
+// crafted to demonstrates how the fuzzer can analyze conditional branches and
+// incrementally cover more and more code until a defect is found.
+//
+// See build_and_run_toy_fuzzer.sh for examples of how you can build and run
+// this example.
+
+#include <cstddef>
+#include <cstdint>
+#include <string_view>
+
+#include "pw_fuzzer/fuzzed_data_provider.h"
+#include "pw_status/status.h"
+
+namespace pw::fuzzer::example {
+namespace {
+
+// The code to fuzz. This would normally be in separate library.
+Status SomeAPI(std::string_view s1, std::string_view s2) {
+  if (s1 == "hello") {
+    if (s2 == "world") {
+      abort();
+    }
+  }
+  return OkStatus();
+}
+
+}  // namespace
+}  // namespace pw::fuzzer::example
+
+// The fuzz target function
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  FuzzedDataProvider provider(data, size);
+  std::string s1 = provider.ConsumeRandomLengthString();
+  std::string s2 = provider.ConsumeRemainingBytesAsString();
+  pw::fuzzer::example::SomeAPI(s1, s2).IgnoreError();
+  return 0;
+}