| Dylan Katz | 7168f27 | 2020-07-02 11:51:44 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <functional> |
| 18 | |
| 19 | #include "fuzzer/FuzzedDataProvider.h" |
| 20 | #include "utils/LruCache.h" |
| 21 | #include "utils/StrongPointer.h" |
| 22 | |
| 23 | typedef android::LruCache<size_t, size_t> FuzzCache; |
| 24 | |
| 25 | static constexpr uint32_t MAX_CACHE_ENTRIES = 800; |
| 26 | |
| 27 | class NoopRemovedCallback : public android::OnEntryRemoved<size_t, size_t> { |
| 28 | public: |
| 29 | void operator()(size_t&, size_t&) { |
| 30 | // noop |
| 31 | } |
| 32 | }; |
| 33 | |
| 34 | static NoopRemovedCallback callback; |
| 35 | |
| 36 | static const std::vector<std::function<void(FuzzedDataProvider*, FuzzCache*)>> operations = { |
| 37 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->removeOldest(); }, |
| 38 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->peekOldestValue(); }, |
| 39 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->clear(); }, |
| 40 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { cache->size(); }, |
| 41 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { |
| 42 | android::LruCache<size_t, size_t>::Iterator iter(*cache); |
| 43 | while (iter.next()) { |
| 44 | iter.key(); |
| 45 | iter.value(); |
| 46 | } |
| 47 | }, |
| 48 | [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { |
| 49 | size_t key = dataProvider->ConsumeIntegral<size_t>(); |
| 50 | size_t val = dataProvider->ConsumeIntegral<size_t>(); |
| 51 | cache->put(key, val); |
| 52 | }, |
| 53 | [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { |
| 54 | size_t key = dataProvider->ConsumeIntegral<size_t>(); |
| 55 | cache->get(key); |
| 56 | }, |
| 57 | [](FuzzedDataProvider* dataProvider, FuzzCache* cache) -> void { |
| 58 | size_t key = dataProvider->ConsumeIntegral<size_t>(); |
| 59 | cache->remove(key); |
| 60 | }, |
| 61 | [](FuzzedDataProvider*, FuzzCache* cache) -> void { |
| 62 | cache->setOnEntryRemovedListener(&callback); |
| 63 | }}; |
| 64 | |
| 65 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 66 | FuzzedDataProvider dataProvider(data, size); |
| 67 | FuzzCache cache(MAX_CACHE_ENTRIES); |
| 68 | while (dataProvider.remaining_bytes() > 0) { |
| 69 | uint8_t op = dataProvider.ConsumeIntegral<uint8_t>() % operations.size(); |
| 70 | operations[op](&dataProvider, &cache); |
| 71 | } |
| 72 | |
| 73 | return 0; |
| 74 | } |