1 //===-- get_error_info_fuzzer.cpp -----------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #define SCUDO_FUZZ 10 #include "allocator_config.h" 11 #include "combined.h" 12 #include "common.h" 13 14 #include <fuzzer/FuzzedDataProvider.h> 15 16 #include <string> 17 #include <vector> 18 19 extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) { 20 using AllocatorT = scudo::Allocator<scudo::AndroidConfig>; 21 FuzzedDataProvider FDP(Data, Size); 22 23 uintptr_t FaultAddr = FDP.ConsumeIntegral<uintptr_t>(); 24 uintptr_t MemoryAddr = FDP.ConsumeIntegral<uintptr_t>(); 25 26 std::string MemoryAndTags = 27 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 28 const char *Memory = MemoryAndTags.c_str(); 29 // Assume 16-byte alignment. 30 size_t MemorySize = (MemoryAndTags.length() / 17) * 16; 31 const char *MemoryTags = Memory + MemorySize; 32 33 std::string StackDepotBytes = 34 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 35 36 std::string RegionInfoBytes = 37 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 38 std::vector<char> RegionInfo(AllocatorT::getRegionInfoArraySize(), 0); 39 for (size_t i = 0; i < RegionInfoBytes.length() && i < RegionInfo.size(); 40 ++i) { 41 RegionInfo[i] = RegionInfoBytes[i]; 42 } 43 44 std::string RingBufferBytes = FDP.ConsumeRemainingBytesAsString(); 45 46 scudo_error_info ErrorInfo; 47 AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepotBytes.data(), 48 StackDepotBytes.size(), RegionInfo.data(), 49 RingBufferBytes.data(), RingBufferBytes.size(), 50 Memory, MemoryTags, MemoryAddr, MemorySize); 51 return 0; 52 } 53