1 /* 2 * Copyright 2020 Google Inc. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #include "libprotobuf-mutator/src/libfuzzer/libfuzzer_macro.h" 17 #include "png_fuzz_proto.pb.h" 18 19 template <typename Proto> 20 using FuzzMutatorCallback = std::function<void(Proto*, unsigned int)>; 21 22 template <typename Proto> 23 struct PngProtoCBRegistration 24 { PngProtoCBRegistrationPngProtoCBRegistration25 PngProtoCBRegistration(FuzzMutatorCallback<Proto> const& _callback) 26 { 27 static protobuf_mutator::libfuzzer::PostProcessorRegistration<Proto> reg = {_callback}; 28 } 29 }; 30 31 /// Custom mutation: Otherchunk unknown_type -> known_type 32 static PngProtoCBRegistration<OtherChunk> addCustomChunk = { 33 [](OtherChunk* message, unsigned int seed) __anon52aaefed0102() 34 { 35 // Mutate with a probability of roughly 1/47 36 // 47 has been chosen ad-hoc 37 if (seed % 47 == 0) 38 { 39 // If otherChunk is unknown type, mutate 40 // it to known type 41 if (message->has_unknown_type()) 42 { 43 // This is our custom mutation 44 // We assume (k * 47 mod N) distribute 45 // uniformly, where 46 // - N is total number of known 47 // chunks defined by png proto converter 48 // - k is a factor of seed 49 message->set_known_type(seed); 50 } 51 } 52 } 53 }; 54