pw_fuzzer/examples/libfuzzer/toy_fuzzer.cc - pigweed/pigweed - Git at Google

 // Copyright 2020 The Pigweed Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
 // use this file except in compliance with the License. You may obtain a copy of
 // the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 // License for the specific language governing permissions and limitations under
 // the License.

 // This is a simple example of how to write a fuzzer. The target function is
 // crafted to demonstrates how the fuzzer can analyze conditional branches and
 // incrementally cover more and more code until a defect is found.
 //
 // See build_and_run_toy_fuzzer.sh for examples of how you can build and run
 // this example.

 #include <cstddef>
 #include <cstdint>
 #include <string_view>

 #include "pw_fuzzer/fuzzed_data_provider.h"
 #include "pw_status/status.h"

 namespace pw::fuzzer::example {
 namespace {

 // The code to fuzz. This would normally be in separate library.
 Status SomeAPI(std::string_view s1, std::string_view s2) {
   if (s1 == "hello") {
     if (s2 == "world") {
       abort();
     }
   }
   return OkStatus();
 }

 }  // namespace
 }  // namespace pw::fuzzer::example

 // The fuzz target function
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   FuzzedDataProvider provider(data, size);
   std::string s1 = provider.ConsumeRandomLengthString();
   std::string s2 = provider.ConsumeRemainingBytesAsString();
   pw::fuzzer::example::SomeAPI(s1, s2).IgnoreError();
   return 0;
 }
	// Copyright 2020 The Pigweed Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License"); you may not
	// use this file except in compliance with the License. You may obtain a copy of
	// the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	// License for the specific language governing permissions and limitations under
	// the License.

	// This is a simple example of how to write a fuzzer. The target function is
	// crafted to demonstrates how the fuzzer can analyze conditional branches and
	// incrementally cover more and more code until a defect is found.
	//
	// See build_and_run_toy_fuzzer.sh for examples of how you can build and run
	// this example.

	#include <cstddef>
	#include <cstdint>
	#include <string_view>

	#include "pw_fuzzer/fuzzed_data_provider.h"
	#include "pw_status/status.h"

	namespace pw::fuzzer::example {
	namespace {

	// The code to fuzz. This would normally be in separate library.
	Status SomeAPI(std::string_view s1, std::string_view s2) {
	if (s1 == "hello") {
	if (s2 == "world") {
	abort();
	}
	}
	return OkStatus();
	}

	} // namespace
	} // namespace pw::fuzzer::example

	// The fuzz target function
	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	FuzzedDataProvider provider(data, size);
	std::string s1 = provider.ConsumeRandomLengthString();
	std::string s2 = provider.ConsumeRemainingBytesAsString();
	pw::fuzzer::example::SomeAPI(s1, s2).IgnoreError();
	return 0;
	}