1 //===- FuzzerCrossOver.cpp - Cross over two test inputs -------------------===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // Cross over test inputs. 10 //===----------------------------------------------------------------------===// 11 12 #include "FuzzerDefs.h" 13 #include "FuzzerMutate.h" 14 #include "FuzzerRandom.h" 15 #include <cstring> 16 17 namespace fuzzer { 18 19 // Cross Data1 and Data2, store the result (up to MaxOutSize bytes) in Out. 20 size_t MutationDispatcher::CrossOver(const uint8_t *Data1, size_t Size1, 21 const uint8_t *Data2, size_t Size2, 22 uint8_t *Out, size_t MaxOutSize) { 23 assert(Size1 || Size2); 24 MaxOutSize = Rand(MaxOutSize) + 1; 25 size_t OutPos = 0; 26 size_t Pos1 = 0; 27 size_t Pos2 = 0; 28 size_t *InPos = &Pos1; 29 size_t InSize = Size1; 30 const uint8_t *Data = Data1; 31 bool CurrentlyUsingFirstData = true; 32 while (OutPos < MaxOutSize && (Pos1 < Size1 || Pos2 < Size2)) { 33 // Merge a part of Data into Out. 34 size_t OutSizeLeft = MaxOutSize - OutPos; 35 if (*InPos < InSize) { 36 size_t InSizeLeft = InSize - *InPos; 37 size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft); 38 size_t ExtraSize = Rand(MaxExtraSize) + 1; 39 memcpy(Out + OutPos, Data + *InPos, ExtraSize); 40 OutPos += ExtraSize; 41 (*InPos) += ExtraSize; 42 } 43 // Use the other input data on the next iteration. 44 InPos = CurrentlyUsingFirstData ? &Pos2 : &Pos1; 45 InSize = CurrentlyUsingFirstData ? Size2 : Size1; 46 Data = CurrentlyUsingFirstData ? Data2 : Data1; 47 CurrentlyUsingFirstData = !CurrentlyUsingFirstData; 48 } 49 return OutPos; 50 } 51 52 } // namespace fuzzer 53