1 // This test computes a checksum of the data (all but the last 4 bytes), 2 // and then compares the last 4 bytes with the computed value. 3 // A fuzzer with cmp traces is expected to defeat this check. 4 #include <cstdint> 5 #include <cstdlib> 6 #include <cstring> 7 #include <cstdio> 8 9 // A modified jenkins_one_at_a_time_hash initialized by non-zero, 10 // so that simple_hash(0) != 0. See also 11 // https://en.wikipedia.org/wiki/Jenkins_hash_function 12 static uint32_t simple_hash(const uint8_t *Data, size_t Size) { 13 uint32_t Hash = 0x12039854; 14 for (uint32_t i = 0; i < Size; i++) { 15 Hash += Data[i]; 16 Hash += (Hash << 10); 17 Hash ^= (Hash >> 6); 18 } 19 Hash += (Hash << 3); 20 Hash ^= (Hash >> 11); 21 Hash += (Hash << 15); 22 return Hash; 23 } 24 25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 26 if (Size < 14) 27 return 0; 28 29 uint32_t Hash = simple_hash(&Data[0], Size - 4); 30 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0]; 31 if (Hash != Want) 32 return 0; 33 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, 34 (unsigned int)Want); 35 exit(1); 36 return 0; 37 } 38
