From 7e56b6b6cb021a3b4fc1310e53fac76069410840 Mon Sep 17 00:00:00 2001 From: Victor Zverovich Date: Sun, 11 Oct 2020 07:45:39 -0700 Subject: [PATCH] Fix coding style and remove duplicate fuzzer --- test/fuzzing/CMakeLists.txt | 1 - test/fuzzing/build.sh | 18 ++--- test/fuzzing/chrono_duration.cpp | 120 ++++++++++++++----------------- test/fuzzing/fuzzer_common.h | 69 ++++++++---------- test/fuzzing/main.cpp | 17 ++--- test/fuzzing/named_arg.cpp | 107 ++++++++++++--------------- test/fuzzing/one_arg.cpp | 102 ++++++++++++-------------- test/fuzzing/sprintf.cpp | 116 ------------------------------ test/fuzzing/two_args.cpp | 106 +++++++++++++-------------- 9 files changed, 245 insertions(+), 411 deletions(-) delete mode 100644 test/fuzzing/sprintf.cpp diff --git a/test/fuzzing/CMakeLists.txt b/test/fuzzing/CMakeLists.txt index 31344fc5..5f589d7a 100644 --- a/test/fuzzing/CMakeLists.txt +++ b/test/fuzzing/CMakeLists.txt @@ -15,7 +15,6 @@ set(SOURCES chrono_duration.cpp named_arg.cpp one_arg.cpp - sprintf.cpp two_args.cpp ) diff --git a/test/fuzzing/build.sh b/test/fuzzing/build.sh index 141a50d9..e54a721d 100755 --- a/test/fuzzing/build.sh +++ b/test/fuzzing/build.sh @@ -9,7 +9,7 @@ # # Copyright (c) 2019 Paul Dreik # -# License: see LICENSE.rst in the fmt root directory +# For the license information refer to format.h. set -e me=$(basename $0) @@ -23,8 +23,8 @@ here=$(pwd) CXXFLAGSALL="-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION= -g" CMAKEFLAGSALL="$root -GNinja -DCMAKE_BUILD_TYPE=Debug -DFMT_DOC=Off -DFMT_TEST=Off -DFMT_FUZZ=On -DCMAKE_CXX_STANDARD=17" -#builds the fuzzers as one would do if using afl or just making -#binaries for reproducing. +# Builds the fuzzers as one would do if using afl or just making +# binaries for reproducing. builddir=$here/build-fuzzers-reproduce mkdir -p $builddir cd $builddir @@ -32,7 +32,7 @@ CXX="ccache g++" CXXFLAGS="$CXXFLAGSALL" cmake \ $CMAKEFLAGSALL cmake --build $builddir -#for performance analysis of the fuzzers +# For performance analysis of the fuzzers. builddir=$here/build-fuzzers-perfanalysis mkdir -p $builddir cd $builddir @@ -43,7 +43,7 @@ $CMAKEFLAGSALL \ cmake --build $builddir -#builds the fuzzers as oss-fuzz does +# Builds the fuzzers as oss-fuzz does. builddir=$here/build-fuzzers-ossfuzz mkdir -p $builddir cd $builddir @@ -56,7 +56,7 @@ cmake $CMAKEFLAGSALL \ cmake --build $builddir -#builds fuzzers for local fuzzing with libfuzzer with asan+usan +# Builds fuzzers for local fuzzing with libfuzzer with asan+usan. builddir=$here/build-fuzzers-libfuzzer mkdir -p $builddir cd $builddir @@ -68,7 +68,7 @@ cmake $CMAKEFLAGSALL \ cmake --build $builddir -#builds fuzzers for local fuzzing with libfuzzer with asan only +# Builds fuzzers for local fuzzing with libfuzzer with asan only. builddir=$here/build-fuzzers-libfuzzer-addr mkdir -p $builddir cd $builddir @@ -80,7 +80,7 @@ cmake $CMAKEFLAGSALL \ cmake --build $builddir -#builds a fast fuzzer for making coverage fast +# Builds a fast fuzzer for making coverage fast. builddir=$here/build-fuzzers-fast mkdir -p $builddir cd $builddir @@ -94,7 +94,7 @@ cmake $CMAKEFLAGSALL \ cmake --build $builddir -#builds fuzzers for local fuzzing with afl +# Builds fuzzers for local fuzzing with afl. builddir=$here/build-fuzzers-afl mkdir -p $builddir cd $builddir diff --git a/test/fuzzing/chrono_duration.cpp b/test/fuzzing/chrono_duration.cpp index 3f25f6be..557d7034 100644 --- a/test/fuzzing/chrono_duration.cpp +++ b/test/fuzzing/chrono_duration.cpp @@ -1,152 +1,140 @@ // Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory +// For the license information refer to format.h. -#include #include -#include -#include -#include -#include +#include + #include "fuzzer_common.h" template -void invoke_inner(fmt::string_view formatstring, const Item item) { +void invoke_inner(fmt::string_view format_str, const Item item) { const std::chrono::duration value(item); try { #if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(formatstring, value); + std::string message = fmt::format(format_str, value); #else fmt::memory_buffer buf; - fmt::format_to(buf, formatstring, value); + fmt::format_to(buf, format_str, value); #endif - } catch (std::exception& /*e*/) { + } catch (std::exception&) { } } -// Item is the underlying type for duration (int, long etc) +// Item is the underlying type for duration (int, long, etc.) template -void invoke_outer(const uint8_t* Data, size_t Size, const int scaling) { - // always use a fixed location of the data - using fmt_fuzzer::Nfixed; +void invoke_outer(const uint8_t* data, size_t size, int scaling) { + // Always use a fixed location of the data. + using fmt_fuzzer::nfixed; - constexpr auto N = sizeof(Item); - static_assert(N <= Nfixed, "fixed size is too small"); - if (Size <= Nfixed + 1) { - return; - } + static_assert(sizeof(Item) <= nfixed, "fixed size is too small"); + if (size <= nfixed + 1) return; - const Item item = fmt_fuzzer::assignFromBuf(Data); + const Item item = fmt_fuzzer::assignFromBuf(data); - // fast forward - Data += Nfixed; - Size -= Nfixed; + // Fast forward. + data += nfixed; + size -= nfixed; - // Data is already allocated separately in libFuzzer so reading past - // the end will most likely be detected anyway - const auto formatstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); + // data is already allocated separately in libFuzzer so reading past the end + // will most likely be detected anyway. + const auto format_str = fmt::string_view(fmt_fuzzer::as_chars(data), size); - // doit_impl(buf.data(),item); - // doit_impl(buf.data(),item); + // yocto, zepto, zetta and yotta are not handled. switch (scaling) { case 1: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 2: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 3: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 4: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 5: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 6: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 7: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 8: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 9: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 10: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 11: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 12: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 13: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 14: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); break; case 15: - invoke_inner(formatstring, item); + invoke_inner(format_str, item); } - // doit_impl(buf.data(),item); - // doit_impl(buf.data(),item); } -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { - if (Size <= 4) { - return 0; - } +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size <= 4) return 0; - const auto representation = Data[0]; - const auto scaling = Data[1]; - Data += 2; - Size -= 2; + const auto representation = data[0]; + const auto scaling = data[1]; + data += 2; + size -= 2; switch (representation) { case 1: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 2: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 3: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 4: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 5: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 6: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 7: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 8: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 9: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 10: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 11: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; case 12: - invoke_outer(Data, Size, scaling); + invoke_outer(data, size, scaling); break; default: break; } - return 0; } diff --git a/test/fuzzing/fuzzer_common.h b/test/fuzzing/fuzzer_common.h index c3d85619..6aef8d8f 100644 --- a/test/fuzzing/fuzzer_common.h +++ b/test/fuzzing/fuzzer_common.h @@ -1,65 +1,52 @@ +// Copyright (c) 2019, Paul Dreik +// For the license information refer to format.h. + #ifndef FUZZER_COMMON_H #define FUZZER_COMMON_H -// Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory - #include // std::uint8_t #include // memcpy -#include // trivially copyable -// one can format to either a string, or a buf. buf is faster, -// but one may be interested in formatting to a string instead to -// verify it works as intended. to avoid a combinatoric explosion, -// select this at compile time instead of dynamically from the fuzz data +// One can format to either a string, or a buffer. The latter is faster, but +// one may be interested in formatting to a string instead to verify it works +// as intended. To avoid a combinatoric explosion, select this at compile time +// instead of dynamically from the fuzz data. #define FMT_FUZZ_FORMAT_TO_STRING 0 -// if fmt is given a buffer that is separately allocated, -// chances that address sanitizer detects out of bound reads is -// much higher. However, it slows down the fuzzing. +// If {fmt} is given a buffer that is separately allocated, chances that address +// sanitizer detects out of bound reads is much higher. However, it slows down +// the fuzzing. #define FMT_FUZZ_SEPARATE_ALLOCATION 1 -// To let the the fuzzer mutation be efficient at cross pollinating -// between different types, use a fixed size format. -// The same bit pattern, interpreted as another type, -// is likely interesting. -// For this, we must know the size of the largest possible type in use. +namespace fmt_fuzzer { -// There are some problems on travis, claiming Nfixed is not a constant -// expression which seems to be an issue with older versions of libstdc++ -#if _GLIBCXX_RELEASE >= 7 -# include -namespace fmt_fuzzer { -constexpr auto Nfixed = std::max(sizeof(long double), sizeof(std::intmax_t)); -} -#else -namespace fmt_fuzzer { -constexpr auto Nfixed = 16; -} -#endif +// The size of the largest possible type in use. +// To let the the fuzzer mutation be efficient at cross pollinating between +// different types, use a fixed size format. The same bit pattern, interpreted +// as another type, is likely interesting. +constexpr auto nfixed = 16; -namespace fmt_fuzzer { -// view data as a c char pointer. +// Casts data to a char pointer. template inline const char* as_chars(const T* data) { - return static_cast(static_cast(data)); + return reinterpret_cast(data); } -// view data as a byte pointer +// Casts data to a byte pointer. template inline const std::uint8_t* as_bytes(const T* data) { - return static_cast(static_cast(data)); + return reinterpret_cast(data); } -// blits bytes from Data to form an (assumed trivially constructible) object -// of type Item -template inline Item assignFromBuf(const std::uint8_t* Data) { - Item item{}; - std::memcpy(&item, Data, sizeof(Item)); +// Blits bytes from data to form an (assumed trivially constructible) object +// of type Item. +template inline Item assignFromBuf(const std::uint8_t* data) { + auto item = Item(); + std::memcpy(&item, data, sizeof(Item)); return item; } -// reads a boolean value by looking at the first byte from Data -template <> inline bool assignFromBuf(const std::uint8_t* Data) { - return !!Data[0]; +// Reads a boolean value by looking at the first byte from data. +template <> inline bool assignFromBuf(const std::uint8_t* data) { + return *data != 0; } } // namespace fmt_fuzzer diff --git a/test/fuzzing/main.cpp b/test/fuzzing/main.cpp index 1053eeeb..5360bc62 100644 --- a/test/fuzzing/main.cpp +++ b/test/fuzzing/main.cpp @@ -1,21 +1,22 @@ #include #include -#include #include + #include "fuzzer_common.h" -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size); -int main(int argc, char* argv[]) { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); + +int main(int argc, char** argv) { for (int i = 1; i < argc; ++i) { std::ifstream in(argv[i]); assert(in); in.seekg(0, std::ios_base::end); - const auto pos = in.tellg(); - assert(pos >= 0); + const auto size = in.tellg(); + assert(size >= 0); in.seekg(0, std::ios_base::beg); - std::vector buf(static_cast(pos)); - in.read(buf.data(), static_cast(buf.size())); - assert(in.gcount() == pos); + std::vector buf(static_cast(size)); + in.read(buf.data(), size); + assert(in.gcount() == size); LLVMFuzzerTestOneInput(fmt_fuzzer::as_bytes(buf.data()), buf.size()); } } diff --git a/test/fuzzing/named_arg.cpp b/test/fuzzing/named_arg.cpp index bd0cb686..3b199d6d 100644 --- a/test/fuzzing/named_arg.cpp +++ b/test/fuzzing/named_arg.cpp @@ -1,128 +1,115 @@ // Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory +// For the license information refer to format.h. -#include -#include #include -#include #include #include +#include + #include "fuzzer_common.h" template -void invoke_fmt(const uint8_t* Data, size_t Size, unsigned int argsize) { - constexpr auto N1 = sizeof(Item1); - static_assert(N1 <= fmt_fuzzer::Nfixed, "Nfixed too small"); - if (Size <= fmt_fuzzer::Nfixed) { - return; - } - const Item1 item1 = fmt_fuzzer::assignFromBuf(Data); +void invoke_fmt(const uint8_t* data, size_t size, unsigned int argsize) { + static_assert(sizeof(Item1) <= fmt_fuzzer::nfixed, "nfixed too small"); + if (size <= fmt_fuzzer::nfixed) return; + const Item1 item1 = fmt_fuzzer::assignFromBuf(data); - Data += fmt_fuzzer::Nfixed; - Size -= fmt_fuzzer::Nfixed; + data += fmt_fuzzer::nfixed; + size -= fmt_fuzzer::nfixed; - // how many chars should be used for the argument name? - if (argsize <= 0 || argsize >= Size) { - return; - } + // How many chars should be used for the argument name? + if (argsize <= 0 || argsize >= size) return; - // allocating buffers separately is slower, but increases chances - // of detecting memory errors #if FMT_FUZZ_SEPARATE_ALLOCATION std::vector argnamebuffer(argsize + 1); - std::memcpy(argnamebuffer.data(), Data, argsize); + std::memcpy(argnamebuffer.data(), data, argsize); auto argname = argnamebuffer.data(); #else - auto argname = fmt_fuzzer::as_chars(Data); + auto argname = fmt_fuzzer::as_chars(data); #endif - Data += argsize; - Size -= argsize; + data += argsize; + size -= argsize; #if FMT_FUZZ_SEPARATE_ALLOCATION - // allocates as tight as possible, making it easier to catch buffer overruns. - std::vector fmtstringbuffer(Size); - std::memcpy(fmtstringbuffer.data(), Data, Size); - auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size); + std::vector fmtstringbuffer(size); + std::memcpy(fmtstringbuffer.data(), data, size); + auto format_str = fmt::string_view(fmtstringbuffer.data(), size); #else - auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); + auto format_str = fmt::string_view(fmt_fuzzer::as_chars(data), size); #endif #if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(fmtstring, fmt::arg(argname, item1)); + std::string message = fmt::format(format_str, fmt::arg(argname, item1)); #else - fmt::memory_buffer outbuf; - fmt::format_to(outbuf, fmtstring, fmt::arg(argname, item1)); + fmt::memory_buffer out; + fmt::format_to(out, format_str, fmt::arg(argname, item1)); #endif } -// for dynamic dispatching to an explicit instantiation +// For dynamic dispatching to an explicit instantiation. template void invoke(int index, Callback callback) { switch (index) { case 0: - callback(bool{}); + callback(bool()); break; case 1: - callback(char{}); + callback(char()); break; case 2: using sc = signed char; - callback(sc{}); + callback(sc()); break; case 3: using uc = unsigned char; - callback(uc{}); + callback(uc()); break; case 4: - callback(short{}); + callback(short()); break; case 5: using us = unsigned short; - callback(us{}); + callback(us()); break; case 6: - callback(int{}); + callback(int()); break; case 7: - callback(unsigned{}); + callback(unsigned()); break; case 8: - callback(long{}); + callback(long()); break; case 9: using ul = unsigned long; - callback(ul{}); + callback(ul()); break; case 10: - callback(float{}); + callback(float()); break; case 11: - callback(double{}); + callback(double()); break; case 12: using LD = long double; - callback(LD{}); + callback(LD()); break; } } -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { - if (Size <= 3) { - return 0; - } +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size <= 3) return 0; - // switch types depending on the first byte of the input - const auto first = Data[0] & 0x0F; - const unsigned int second = (Data[0] & 0xF0) >> 4; - Data++; - Size--; - - auto outerfcn = [=](auto param1) { - invoke_fmt(Data, Size, second); - }; + // Switch types depending on the first byte of the input. + const auto first = data[0] & 0x0F; + const unsigned second = (data[0] & 0xF0) >> 4; + data++; + size--; try { - invoke(first, outerfcn); - } catch (std::exception& /*e*/) { + invoke(first, [=](auto param1) { + invoke_fmt(data, size, second); + }); + } catch (std::exception&) { } return 0; } diff --git a/test/fuzzing/one_arg.cpp b/test/fuzzing/one_arg.cpp index 3a1bf5cc..7d7d5ad3 100644 --- a/test/fuzzing/one_arg.cpp +++ b/test/fuzzing/one_arg.cpp @@ -1,131 +1,123 @@ // Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory +// For the license information refer to format.h. -#include #include #include #include #include - #include + #include "fuzzer_common.h" -using fmt_fuzzer::Nfixed; +using fmt_fuzzer::nfixed; template -void invoke_fmt(const uint8_t* Data, size_t Size) { +void invoke_fmt(const uint8_t* data, size_t size) { constexpr auto N = sizeof(Item); - static_assert(N <= Nfixed, "Nfixed is too small"); - if (Size <= Nfixed) { + static_assert(N <= nfixed, "Nfixed is too small"); + if (size <= nfixed) { return; } - const Item item = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; + const Item item = fmt_fuzzer::assignFromBuf(data); + data += nfixed; + size -= nfixed; #if FMT_FUZZ_SEPARATE_ALLOCATION - // allocates as tight as possible, making it easier to catch buffer overruns. - std::vector fmtstringbuffer(Size); - std::memcpy(fmtstringbuffer.data(), Data, Size); - auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size); + std::vector fmtstringbuffer(size); + std::memcpy(fmtstringbuffer.data(), data, size); + auto format_str = fmt::string_view(fmtstringbuffer.data(), size); #else - auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); + auto format_str = fmt::string_view(fmt_fuzzer::as_chars(data), size); #endif #if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(fmtstring, item); + std::string message = fmt::format(format_str, item); #else fmt::memory_buffer message; - fmt::format_to(message, fmtstring, item); + fmt::format_to(message, format_str, item); #endif } -void invoke_fmt_time(const uint8_t* Data, size_t Size) { +void invoke_fmt_time(const uint8_t* data, size_t size) { using Item = std::time_t; - constexpr auto N = sizeof(Item); - static_assert(N <= Nfixed, "Nfixed too small"); - if (Size <= Nfixed) { - return; - } - const Item item = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; + static_assert(sizeof(Item) <= nfixed, "Nfixed too small"); + if (size <= nfixed) return; + const Item item = fmt_fuzzer::assignFromBuf(data); + data += nfixed; + size -= nfixed; #if FMT_FUZZ_SEPARATE_ALLOCATION - // allocates as tight as possible, making it easier to catch buffer overruns. - std::vector fmtstringbuffer(Size); - std::memcpy(fmtstringbuffer.data(), Data, Size); - auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size); + std::vector fmtstringbuffer(size); + std::memcpy(fmtstringbuffer.data(), data, size); + auto format_str = fmt::string_view(fmtstringbuffer.data(), size); #else - auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); + auto format_str = fmt::string_view(fmt_fuzzer::as_chars(data), size); #endif auto* b = std::localtime(&item); if (b) { #if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(fmtstring, *b); + std::string message = fmt::format(format_str, *b); #else fmt::memory_buffer message; - fmt::format_to(message, fmtstring, *b); + fmt::format_to(message, format_str, *b); #endif } } -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { - if (Size <= 3) { - return 0; - } +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size <= 3) return 0; - const auto first = Data[0]; - Data++; - Size--; + const auto first = data[0]; + data++; + size--; try { switch (first) { case 0: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 1: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 2: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 3: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 4: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 5: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 6: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 7: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 8: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 9: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 10: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 11: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 12: - invoke_fmt(Data, Size); + invoke_fmt(data, size); break; case 13: - invoke_fmt_time(Data, Size); + invoke_fmt_time(data, size); break; default: break; } - } catch (std::exception& /*e*/) { + } catch (std::exception&) { } return 0; } diff --git a/test/fuzzing/sprintf.cpp b/test/fuzzing/sprintf.cpp deleted file mode 100644 index aa028756..00000000 --- a/test/fuzzing/sprintf.cpp +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory -#include -#include -#include -#include - -#include "fuzzer_common.h" - -using fmt_fuzzer::Nfixed; - -template -void invoke_fmt(const uint8_t* Data, size_t Size) { - constexpr auto N1 = sizeof(Item1); - constexpr auto N2 = sizeof(Item2); - static_assert(N1 <= Nfixed, "size1 exceeded"); - static_assert(N2 <= Nfixed, "size2 exceeded"); - if (Size <= Nfixed + Nfixed) { - return; - } - Item1 item1 = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; - - Item2 item2 = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; - - auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); - -#if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(fmtstring, item1, item2); -#else - fmt::memory_buffer message; - fmt::format_to(message, fmtstring, item1, item2); -#endif -} - -// for dynamic dispatching to an explicit instantiation -template void invoke(int index, Callback callback) { - switch (index) { - case 0: - callback(bool{}); - break; - case 1: - callback(char{}); - break; - case 2: - using sc = signed char; - callback(sc{}); - break; - case 3: - using uc = unsigned char; - callback(uc{}); - break; - case 4: - callback(short{}); - break; - case 5: - using us = unsigned short; - callback(us{}); - break; - case 6: - callback(int{}); - break; - case 7: - callback(unsigned{}); - break; - case 8: - callback(long{}); - break; - case 9: - using ul = unsigned long; - callback(ul{}); - break; - case 10: - callback(float{}); - break; - case 11: - callback(double{}); - break; - case 12: - using LD = long double; - callback(LD{}); - break; - case 13: - using ptr = void*; - callback(ptr{}); - break; - } -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { - if (Size <= 3) { - return 0; - } - - // switch types depending on the first byte of the input - const auto first = Data[0] & 0x0F; - const auto second = (Data[0] & 0xF0) >> 4; - Data++; - Size--; - - auto outer = [=](auto param1) { - auto inner = [=](auto param2) { - invoke_fmt(Data, Size); - }; - invoke(second, inner); - }; - - try { - invoke(first, outer); - } catch (std::exception& /*e*/) { - } - return 0; -} diff --git a/test/fuzzing/two_args.cpp b/test/fuzzing/two_args.cpp index af3495ce..983c88c2 100644 --- a/test/fuzzing/two_args.cpp +++ b/test/fuzzing/two_args.cpp @@ -1,112 +1,108 @@ // Copyright (c) 2019, Paul Dreik -// License: see LICENSE.rst in the fmt root directory -#include +// For the license information refer to format.h. + #include -#include -#include +#include +#include +#include #include "fuzzer_common.h" -constexpr auto Nfixed = fmt_fuzzer::Nfixed; +constexpr auto nfixed = fmt_fuzzer::nfixed; template -void invoke_fmt(const uint8_t* Data, size_t Size) { - constexpr auto N1 = sizeof(Item1); - constexpr auto N2 = sizeof(Item2); - static_assert(N1 <= Nfixed, "size1 exceeded"); - static_assert(N2 <= Nfixed, "size2 exceeded"); - if (Size <= Nfixed + Nfixed) { - return; - } - const Item1 item1 = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; +void invoke_fmt(const uint8_t* data, size_t size) { + static_assert(sizeof(Item1) <= nfixed, "size1 exceeded"); + static_assert(sizeof(Item2) <= nfixed, "size2 exceeded"); + if (size <= nfixed + nfixed) return; - const Item2 item2 = fmt_fuzzer::assignFromBuf(Data); - Data += Nfixed; - Size -= Nfixed; + const Item1 item1 = fmt_fuzzer::assignFromBuf(data); + data += nfixed; + size -= nfixed; - auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); + const Item2 item2 = fmt_fuzzer::assignFromBuf(data); + data += nfixed; + size -= nfixed; + + auto format_str = fmt::string_view(fmt_fuzzer::as_chars(data), size); #if FMT_FUZZ_FORMAT_TO_STRING - std::string message = fmt::format(fmtstring, item1, item2); + std::string message = fmt::format(format_str, item1, item2); #else fmt::memory_buffer message; - fmt::format_to(message, fmtstring, item1, item2); + fmt::format_to(message, format_str, item1, item2); #endif } -// for dynamic dispatching to an explicit instantiation +// For dynamic dispatching to an explicit instantiation. template void invoke(int index, Callback callback) { switch (index) { case 0: - callback(bool{}); + callback(bool()); break; case 1: - callback(char{}); + callback(char()); break; case 2: using sc = signed char; - callback(sc{}); + callback(sc()); break; case 3: using uc = unsigned char; - callback(uc{}); + callback(uc()); break; case 4: - callback(short{}); + callback(short()); break; case 5: using us = unsigned short; - callback(us{}); + callback(us()); break; case 6: - callback(int{}); + callback(int()); break; case 7: - callback(unsigned{}); + callback(unsigned()); break; case 8: - callback(long{}); + callback(long()); break; case 9: using ul = unsigned long; - callback(ul{}); + callback(ul()); break; case 10: - callback(float{}); + callback(float()); break; case 11: - callback(double{}); + callback(double()); break; case 12: using LD = long double; - callback(LD{}); + callback(LD()); + break; + case 13: + using ptr = void*; + callback(ptr()); break; } } -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { - if (Size <= 3) { - return 0; - } - - // switch types depending on the first byte of the input - const auto first = Data[0] & 0x0F; - const auto second = (Data[0] & 0xF0) >> 4; - Data++; - Size--; - - auto outer = [=](auto param1) { - auto inner = [=](auto param2) { - invoke_fmt(Data, Size); - }; - invoke(second, inner); - }; +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size <= 3) return 0; + // Switch types depending on the first byte of the input. + const auto first = data[0] & 0x0F; + const auto second = (data[0] & 0xF0) >> 4; + data++; + size--; try { - invoke(first, outer); - } catch (std::exception& /*e*/) { + invoke(first, [=](auto param1) { + invoke(second, [=](auto param2) { + invoke_fmt(data, size); + }); + }); + } catch (std::exception&) { } return 0; }