1*2946cd70SChandler Carruth // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2*2946cd70SChandler Carruth // See https://llvm.org/LICENSE.txt for license information.
3*2946cd70SChandler Carruth // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
410ab2aceSGeorge Karpenkov
510ab2aceSGeorge Karpenkov // Simple test for a fuzzer.
610ab2aceSGeorge Karpenkov // Try to find the target using the indirect caller-callee pairs.
710ab2aceSGeorge Karpenkov #include <cstddef>
810ab2aceSGeorge Karpenkov #include <cstdint>
910ab2aceSGeorge Karpenkov #include <cstdlib>
1010ab2aceSGeorge Karpenkov #include <cstring>
1110ab2aceSGeorge Karpenkov #include <iostream>
1210ab2aceSGeorge Karpenkov
1310ab2aceSGeorge Karpenkov typedef void (*F)();
1410ab2aceSGeorge Karpenkov static F t[256];
1510ab2aceSGeorge Karpenkov
f34()1610ab2aceSGeorge Karpenkov void f34() {
1710ab2aceSGeorge Karpenkov std::cerr << "BINGO\n";
1810ab2aceSGeorge Karpenkov exit(1);
1910ab2aceSGeorge Karpenkov }
f23()2010ab2aceSGeorge Karpenkov void f23() { t[(unsigned)'d'] = f34;}
f12()2110ab2aceSGeorge Karpenkov void f12() { t[(unsigned)'c'] = f23;}
f01()2210ab2aceSGeorge Karpenkov void f01() { t[(unsigned)'b'] = f12;}
f00()2310ab2aceSGeorge Karpenkov void f00() {}
2410ab2aceSGeorge Karpenkov
2510ab2aceSGeorge Karpenkov static F t0[256] = {
2610ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
2710ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
2810ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
2910ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3010ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3110ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3210ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3310ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3410ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3510ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3610ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3710ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3810ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
3910ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
4010ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
4110ab2aceSGeorge Karpenkov f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
4210ab2aceSGeorge Karpenkov };
4310ab2aceSGeorge Karpenkov
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)4410ab2aceSGeorge Karpenkov extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
4510ab2aceSGeorge Karpenkov if (Size < 4) return 0;
4610ab2aceSGeorge Karpenkov // Spoof the counters.
4710ab2aceSGeorge Karpenkov for (int i = 0; i < 200; i++) {
4810ab2aceSGeorge Karpenkov f23();
4910ab2aceSGeorge Karpenkov f12();
5010ab2aceSGeorge Karpenkov f01();
5110ab2aceSGeorge Karpenkov }
5210ab2aceSGeorge Karpenkov memcpy(t, t0, sizeof(t));
5310ab2aceSGeorge Karpenkov t[(unsigned)'a'] = f01;
5410ab2aceSGeorge Karpenkov t[Data[0]]();
5510ab2aceSGeorge Karpenkov t[Data[1]]();
5610ab2aceSGeorge Karpenkov t[Data[2]]();
5710ab2aceSGeorge Karpenkov t[Data[3]]();
5810ab2aceSGeorge Karpenkov return 0;
5910ab2aceSGeorge Karpenkov }
6010ab2aceSGeorge Karpenkov
61