From e6918187568dbd01842d8d1d2c808ce16a894239 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 21 Apr 2024 13:54:28 +0200 Subject: Adding upstream version 18.2.2. Signed-off-by: Daniel Baumann --- src/fmt/test/fuzzing/chrono-duration.cc | 136 ++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 src/fmt/test/fuzzing/chrono-duration.cc (limited to 'src/fmt/test/fuzzing/chrono-duration.cc') diff --git a/src/fmt/test/fuzzing/chrono-duration.cc b/src/fmt/test/fuzzing/chrono-duration.cc new file mode 100644 index 000000000..d66068d9c --- /dev/null +++ b/src/fmt/test/fuzzing/chrono-duration.cc @@ -0,0 +1,136 @@ +// Copyright (c) 2019, Paul Dreik +// For the license information refer to format.h. + +#include + +#include + +#include "fuzzer-common.h" + +template +void invoke_inner(fmt::string_view format_str, Rep rep) { + auto value = std::chrono::duration(rep); + try { +#if FMT_FUZZ_FORMAT_TO_STRING + std::string message = fmt::format(format_str, value); +#else + auto buf = fmt::memory_buffer(); + fmt::format_to(std::back_inserter(buf), format_str, value); +#endif + } catch (std::exception&) { + } +} + +// Rep is a duration's representation type. +template +void invoke_outer(const uint8_t* data, size_t size, int period) { + // Always use a fixed location of the data. + static_assert(sizeof(Rep) <= fixed_size, "fixed size is too small"); + if (size <= fixed_size + 1) return; + + const Rep rep = assign_from_buf(data); + data += fixed_size; + size -= fixed_size; + + // data is already allocated separately in libFuzzer so reading past the end + // will most likely be detected anyway. + const auto format_str = fmt::string_view(as_chars(data), size); + + // yocto, zepto, zetta and yotta are not handled. + switch (period) { + case 1: + invoke_inner(format_str, rep); + break; + case 2: + invoke_inner(format_str, rep); + break; + case 3: + invoke_inner(format_str, rep); + break; + case 4: + invoke_inner(format_str, rep); + break; + case 5: + invoke_inner(format_str, rep); + break; + case 6: + invoke_inner(format_str, rep); + break; + case 7: + invoke_inner(format_str, rep); + break; + case 8: + invoke_inner(format_str, rep); + break; + case 9: + invoke_inner(format_str, rep); + break; + case 10: + invoke_inner(format_str, rep); + break; + case 11: + invoke_inner(format_str, rep); + break; + case 12: + invoke_inner(format_str, rep); + break; + case 13: + invoke_inner(format_str, rep); + break; + case 14: + invoke_inner(format_str, rep); + break; + case 15: + invoke_inner(format_str, rep); + break; + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size <= 4) return 0; + + const auto representation = data[0]; + const auto period = data[1]; + data += 2; + size -= 2; + + switch (representation) { + case 1: + invoke_outer(data, size, period); + break; + case 2: + invoke_outer(data, size, period); + break; + case 3: + invoke_outer(data, size, period); + break; + case 4: + invoke_outer(data, size, period); + break; + case 5: + invoke_outer(data, size, period); + break; + case 6: + invoke_outer(data, size, period); + break; + case 7: + invoke_outer(data, size, period); + break; + case 8: + invoke_outer(data, size, period); + break; + case 9: + invoke_outer(data, size, period); + break; + case 10: + invoke_outer(data, size, period); + break; + case 11: + invoke_outer(data, size, period); + break; + case 12: + invoke_outer(data, size, period); + break; + } + return 0; +} -- cgit v1.2.3