| // Copyright 2020 The Pigweed Authors |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); you may not |
| // use this file except in compliance with the License. You may obtain a copy of |
| // the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| // License for the specific language governing permissions and limitations under |
| // the License. |
| |
| // This is a simple example of how to write a fuzzer. The target function is |
| // crafted to demonstrates how the fuzzer can analyze conditional branches and |
| // incrementally cover more and more code until a defect is found. |
| // |
| // See build_and_run_toy_fuzzer.sh for examples of how you can build and run |
| // this example. |
| |
| #include <cstddef> |
| #include <cstdint> |
| #include <string_view> |
| |
| #include "pw_fuzzer/fuzzed_data_provider.h" |
| #include "pw_status/status.h" |
| |
| namespace pw::fuzzer::example { |
| namespace { |
| |
| // The code to fuzz. This would normally be in separate library. |
| Status SomeAPI(std::string_view s1, std::string_view s2) { |
| if (s1 == "hello") { |
| if (s2 == "world") { |
| abort(); |
| } |
| } |
| return OkStatus(); |
| } |
| |
| } // namespace |
| } // namespace pw::fuzzer::example |
| |
| // The fuzz target function |
| extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| FuzzedDataProvider provider(data, size); |
| std::string s1 = provider.ConsumeRandomLengthString(); |
| std::string s2 = provider.ConsumeRemainingBytesAsString(); |
| pw::fuzzer::example::SomeAPI(s1, s2).IgnoreError(); |
| return 0; |
| } |