Home | History | Annotate | Download | only in libfuzzer 
      1 // Copyright 2017 Google Inc. All rights reserved.
      2 //
      3 // Licensed under the Apache License, Version 2.0 (the "License");
      4 // you may not use this file except in compliance with the License.
      5 // You may obtain a copy of the License at
      6 //
      7 //     http://www.apache.org/licenses/LICENSE-2.0
      8 //
      9 // Unless required by applicable law or agreed to in writing, software
     10 // distributed under the License is distributed on an "AS IS" BASIS,
     11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     12 // See the License for the specific language governing permissions and
     13 // limitations under the License.
     14 
     15 #include "src/libfuzzer/libfuzzer_mutator.h"
     16 
     17 #include <string.h>
     18 #include <cassert>
     19 #include <memory>
     20 #include <string>
     21 
     22 #include "port/protobuf.h"
     23 #include "src/mutator.h"
     24 
     25 extern "C" size_t LLVMFuzzerMutate(uint8_t*, size_t, size_t)
     26     __attribute__((weak));
     27 
     28 namespace protobuf_mutator {
     29 namespace libfuzzer {
     30 
     31 namespace {
     32 
     33 template <class T>
     34 T MutateValue(T v) {
     35   size_t size =
     36       LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&v), sizeof(v), sizeof(v));
     37   memset(reinterpret_cast<uint8_t*>(&v) + size, 0, sizeof(v) - size);
     38   return v;
     39 }
     40 
     41 }  // namespace
     42 
     43 int32_t Mutator::MutateInt32(int32_t value) { return MutateValue(value); }
     44 
     45 int64_t Mutator::MutateInt64(int64_t value) { return MutateValue(value); }
     46 
     47 uint32_t Mutator::MutateUInt32(uint32_t value) { return MutateValue(value); }
     48 
     49 uint64_t Mutator::MutateUInt64(uint64_t value) { return MutateValue(value); }
     50 
     51 float Mutator::MutateFloat(float value) { return MutateValue(value); }
     52 
     53 double Mutator::MutateDouble(double value) { return MutateValue(value); }
     54 
     55 std::string Mutator::MutateString(const std::string& value,
     56                                   size_t size_increase_hint) {
     57   // Randomly return empty strings as LLVMFuzzerMutate does not produce them.
     58   if (!std::uniform_int_distribution<uint8_t>(0, 20)(*random())) return {};
     59   std::string result = value;
     60   result.resize(value.size() + size_increase_hint);
     61   if (result.empty()) result.push_back(0);
     62   result.resize(LLVMFuzzerMutate(reinterpret_cast<uint8_t*>(&result[0]),
     63                                  value.size(), result.size()));
     64   return result;
     65 }
     66 
     67 }  // namespace libfuzzer
     68 }  // namespace protobuf_mutator
     69