1 // Simple test for a fuzzer.
2 // Try to find the target using the indirect caller-callee pairs.
3 #include <cstdint>
4 #include <cstdlib>
5 #include <cstddef>
6 #include <cstring>
7 #include <iostream>
8
9 typedef void (*F)();
10 static F t[256];
11
f34()12 void f34() {
13 std::cerr << "BINGO\n";
14 exit(1);
15 }
f23()16 void f23() { t[(unsigned)'d'] = f34;}
f12()17 void f12() { t[(unsigned)'c'] = f23;}
f01()18 void f01() { t[(unsigned)'b'] = f12;}
f00()19 void f00() {}
20
21 static F t0[256] = {
22 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
23 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
24 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
25 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
26 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
27 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
28 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
29 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
30 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
31 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
32 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
33 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
34 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
35 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
36 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
37 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
38 };
39
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)40 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
41 if (Size < 4) return 0;
42 // Spoof the counters.
43 for (int i = 0; i < 200; i++) {
44 f23();
45 f12();
46 f01();
47 }
48 memcpy(t, t0, sizeof(t));
49 t[(unsigned)'a'] = f01;
50 t[Data[0]]();
51 t[Data[1]]();
52 t[Data[2]]();
53 t[Data[3]]();
54 return 0;
55 }
56
57