xref: /llvm-project/libc/fuzzing/stdlib/strtointeger_fuzz.cpp (revision b6bc9d72f65a5086f310f321e969d96e9a559e75) 
1 //===-- strtointeger_fuzz.cpp ---------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 ///
9 /// Fuzzing test for llvm-libc atof implementation.
10 ///
11 //===----------------------------------------------------------------------===//
12 #include "src/stdlib/atoi.h"
13 #include "src/stdlib/atol.h"
14 #include "src/stdlib/atoll.h"
15 #include "src/stdlib/strtol.h"
16 #include "src/stdlib/strtoll.h"
17 #include "src/stdlib/strtoul.h"
18 #include "src/stdlib/strtoull.h"
19 #include <stddef.h>
20 #include <stdint.h>
21 
22 // This takes the randomized bytes in data and interprets the first byte as the
23 // base for the string to integer conversion and the rest of them as a string to
24 // be passed to the string to integer conversion.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
26   size_t container_size = 0;
27   if (size == 0) {
28     container_size = 1;
29   } else {
30     container_size = size;
31   }
32   uint8_t *container = new uint8_t[container_size];
33   if (!container)
34     __builtin_trap();
35 
36   int base = 0;
37   if (size > 0) {
38     base = data[0] % 36;
39     base = base + ((base == 0) ? 0 : 1);
40   }
41   for (size_t i = 1; i < size; ++i) {
42     container[i - 1] = data[i];
43   }
44 
45   container[container_size - 1] = '\0'; // Add null terminator to container.
46 
47   const char *str_ptr = reinterpret_cast<const char *>(container);
48 
49   char *out_ptr = nullptr;
50 
51   auto volatile atoi_output = LIBC_NAMESPACE::atoi(str_ptr);
52   auto volatile atol_output = LIBC_NAMESPACE::atol(str_ptr);
53   auto volatile atoll_output = LIBC_NAMESPACE::atoll(str_ptr);
54   auto volatile strtol_output = LIBC_NAMESPACE::strtol(str_ptr, &out_ptr, base);
55   if (str_ptr + container_size - 1 < out_ptr)
56     __builtin_trap();
57   auto volatile strtoll_output =
58       LIBC_NAMESPACE::strtoll(str_ptr, &out_ptr, base);
59   if (str_ptr + container_size - 1 < out_ptr)
60     __builtin_trap();
61   auto volatile strtoul_output =
62       LIBC_NAMESPACE::strtoul(str_ptr, &out_ptr, base);
63   if (str_ptr + container_size - 1 < out_ptr)
64     __builtin_trap();
65   auto volatile strtoull_output =
66       LIBC_NAMESPACE::strtoull(str_ptr, &out_ptr, base);
67   if (str_ptr + container_size - 1 < out_ptr)
68     __builtin_trap();
69 
70   // If atoi is non-zero and the base is at least 10
71   if (atoi_output != 0 && base >= 10) {
72     // Then all of the other functions should output non-zero values as well.
73     // This is a trivial check meant to silence the "unused variable" warnings.
74     if (atol_output == 0 || atoll_output == 0 || strtol_output == 0 ||
75         strtoll_output == 0 || strtoul_output == 0 || strtoull_output == 0) {
76       __builtin_trap();
77     }
78   }
79 
80   delete[] container;
81   return 0;
82 }
83