132 lines
3.1 KiB
C++
132 lines
3.1 KiB
C++
// Copyright (c) 2019, Paul Dreik
|
|
// License: see LICENSE.rst in the fmt root directory
|
|
|
|
#include <fmt/core.h>
|
|
#include <cstdint>
|
|
#include <stdexcept>
|
|
#include <type_traits>
|
|
#include <vector>
|
|
|
|
#include <fmt/chrono.h>
|
|
#include "fuzzer_common.h"
|
|
|
|
using fmt_fuzzer::Nfixed;
|
|
|
|
template <typename Item>
|
|
void invoke_fmt(const uint8_t* Data, std::size_t Size) {
|
|
constexpr auto N = sizeof(Item);
|
|
static_assert(N <= Nfixed, "Nfixed is too small");
|
|
if (Size <= Nfixed) {
|
|
return;
|
|
}
|
|
const Item item = fmt_fuzzer::assignFromBuf<Item>(Data);
|
|
Data += Nfixed;
|
|
Size -= Nfixed;
|
|
|
|
#if FMT_FUZZ_SEPARATE_ALLOCATION
|
|
// allocates as tight as possible, making it easier to catch buffer overruns.
|
|
std::vector<char> fmtstringbuffer(Size);
|
|
std::memcpy(fmtstringbuffer.data(), Data, Size);
|
|
auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size);
|
|
#else
|
|
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
|
|
#endif
|
|
|
|
#if FMT_FUZZ_FORMAT_TO_STRING
|
|
std::string message = fmt::format(fmtstring, item);
|
|
#else
|
|
fmt::memory_buffer message;
|
|
fmt::format_to(message, fmtstring, item);
|
|
#endif
|
|
}
|
|
|
|
void invoke_fmt_time(const uint8_t* Data, std::size_t Size) {
|
|
using Item = std::time_t;
|
|
constexpr auto N = sizeof(Item);
|
|
static_assert(N <= Nfixed, "Nfixed too small");
|
|
if (Size <= Nfixed) {
|
|
return;
|
|
}
|
|
const Item item = fmt_fuzzer::assignFromBuf<Item>(Data);
|
|
Data += Nfixed;
|
|
Size -= Nfixed;
|
|
#if FMT_FUZZ_SEPARATE_ALLOCATION
|
|
// allocates as tight as possible, making it easier to catch buffer overruns.
|
|
std::vector<char> fmtstringbuffer(Size);
|
|
std::memcpy(fmtstringbuffer.data(), Data, Size);
|
|
auto fmtstring = fmt::string_view(fmtstringbuffer.data(), Size);
|
|
#else
|
|
auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size);
|
|
#endif
|
|
auto* b = std::localtime(&item);
|
|
if (b) {
|
|
#if FMT_FUZZ_FORMAT_TO_STRING
|
|
std::string message = fmt::format(fmtstring, *b);
|
|
#else
|
|
fmt::memory_buffer message;
|
|
fmt::format_to(message, fmtstring, *b);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) {
|
|
if (Size <= 3) {
|
|
return 0;
|
|
}
|
|
|
|
const auto first = Data[0];
|
|
Data++;
|
|
Size--;
|
|
|
|
try {
|
|
switch (first) {
|
|
case 0:
|
|
invoke_fmt<bool>(Data, Size);
|
|
break;
|
|
case 1:
|
|
invoke_fmt<char>(Data, Size);
|
|
break;
|
|
case 2:
|
|
invoke_fmt<unsigned char>(Data, Size);
|
|
break;
|
|
case 3:
|
|
invoke_fmt<signed char>(Data, Size);
|
|
break;
|
|
case 4:
|
|
invoke_fmt<short>(Data, Size);
|
|
break;
|
|
case 5:
|
|
invoke_fmt<unsigned short>(Data, Size);
|
|
break;
|
|
case 6:
|
|
invoke_fmt<int>(Data, Size);
|
|
break;
|
|
case 7:
|
|
invoke_fmt<unsigned int>(Data, Size);
|
|
break;
|
|
case 8:
|
|
invoke_fmt<long>(Data, Size);
|
|
break;
|
|
case 9:
|
|
invoke_fmt<unsigned long>(Data, Size);
|
|
break;
|
|
case 10:
|
|
invoke_fmt<float>(Data, Size);
|
|
break;
|
|
case 11:
|
|
invoke_fmt<double>(Data, Size);
|
|
break;
|
|
case 12:
|
|
invoke_fmt<long double>(Data, Size);
|
|
break;
|
|
case 13:
|
|
invoke_fmt_time(Data, Size);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
} catch (std::exception& /*e*/) {
|
|
}
|
|
return 0;
|
|
}
|