1 // This file is distributed under the University of Illinois Open Source 2 // License. See LICENSE.TXT for details. 3 4 // This test computes a checksum of the data (all but the last 4 bytes), 5 // and then compares the last 4 bytes with the computed value. 6 // A fuzzer with cmp traces is expected to defeat this check. 7 #include <cstdint> 8 #include <cstdlib> 9 #include <cstring> 10 #include <cstdio> 11 12 // A modified jenkins_one_at_a_time_hash initialized by non-zero, 13 // so that simple_hash(0) != 0. See also 14 // https://en.wikipedia.org/wiki/Jenkins_hash_function 15 static uint32_t simple_hash(const uint8_t *Data, size_t Size) { 16 uint32_t Hash = 0x12039854; 17 for (uint32_t i = 0; i < Size; i++) { 18 Hash += Data[i]; 19 Hash += (Hash << 10); 20 Hash ^= (Hash >> 6); 21 } 22 Hash += (Hash << 3); 23 Hash ^= (Hash >> 11); 24 Hash += (Hash << 15); 25 return Hash; 26 } 27 28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 29 if (Size < 14) 30 return 0; 31 32 uint32_t Hash = simple_hash(&Data[0], Size - 4); 33 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0]; 34 if (Hash != Want) 35 return 0; 36 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, 37 (unsigned int)Want); 38 exit(1); 39 return 0; 40 } 41