1 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2 // See https://llvm.org/LICENSE.txt for license information.
3 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
4 
5 // Make sure the fuzzer eventually finds all possible values of a variable
6 // within a range.
7 #include <cassert>
8 #include <cstdint>
9 #include <cstdio>
10 #include <cstdlib>
11 #include <cstring>
12 #include <set>
13 
14 const size_t N = 1 << 12;
15 
16 // Define an array of counters that will be understood by libFuzzer
17 // as extra coverage signal. The array must be:
18 //  * uint8_t
19 //  * in the section named __libfuzzer_extra_counters.
20 // The target code may declare more than one such array.
21 //
22 // Use either `Counters[Idx] = 1` or `Counters[Idx]++;`
23 // depending on whether multiple occurrences of the event 'Idx'
24 // is important to distinguish from one occurrence.
25 #ifdef __linux__
26 __attribute__((section("__libfuzzer_extra_counters")))
27 #endif
28 static uint8_t Counters[N];
29 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)30 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
31   static std::set<uint16_t> SeenIdx;
32   if (Size != 4) return 0;
33   uint32_t Idx;
34   memcpy(&Idx, Data, 4);
35   Idx %= N;
36   assert(Counters[Idx] == 0);  // libFuzzer should reset these between the runs.
37   // Or Counters[Idx]=1 if we don't care how many times this happened.
38   Counters[Idx]++;
39   SeenIdx.insert(Idx);
40   if (SeenIdx.size() == N) {
41     fprintf(stderr, "BINGO: found all values\n");
42     abort();
43   }
44   return 0;
45 }
46