1 // This test computes a checksum of the data (all but the last 4 bytes),
2 // and then compares the last 4 bytes with the computed value.
3 // A fuzzer with cmp traces is expected to defeat this check.
4 #include <cstdint>
5 #include <cstdlib>
6 #include <cstring>
7 #include <cstdio>
8
9 // A modified jenkins_one_at_a_time_hash initialized by non-zero,
10 // so that simple_hash(0) != 0. See also
11 // https://en.wikipedia.org/wiki/Jenkins_hash_function
simple_hash(const uint8_t * Data,size_t Size)12 static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
13 uint32_t Hash = 0x12039854;
14 for (uint32_t i = 0; i < Size; i++) {
15 Hash += Data[i];
16 Hash += (Hash << 10);
17 Hash ^= (Hash >> 6);
18 }
19 Hash += (Hash << 3);
20 Hash ^= (Hash >> 11);
21 Hash += (Hash << 15);
22 return Hash;
23 }
24
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
26 if (Size < 14)
27 return 0;
28
29 uint32_t Hash = simple_hash(&Data[0], Size - 4);
30 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
31 if (Hash != Want)
32 return 0;
33 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
34 (unsigned int)Want);
35 exit(1);
36 return 0;
37 }
38