1 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2 // See https://llvm.org/LICENSE.txt for license information.
3 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
4 
5 // Find ABCxxFxUxZxxx... (2048+ bytes, 'x' is any byte)
6 #include <assert.h>
7 #include <cstddef>
8 #include <cstdint>
9 #include <cstdlib>
10 #include <cstring>
11 #include <cstdio>
12 
13 const size_t N = 2048;
14 typedef const uint8_t *IN;
15 
16 static volatile int one = 1;
17 
bad()18 __attribute__((noinline)) void bad() {
19   fprintf(stderr, "BINGO\n");
20   if (one)
21     abort();
22 }
23 
24 extern "C"
f0(IN in)25 __attribute__((noinline)) void f0(IN in) {
26   uint32_t x = in[5] + 251 * in[7] + 251 * 251 * in[9];
27   if (x == 'F' + 251 * 'U' + 251 * 251 * 'Z') {
28     // artificially inflate uncovered control in f0
29     // so that auto-focus is more likely to chose this function.
30     if (one == -1) {
31       if (one == 2) one = 1;    if (one == 3) one = 1;    if (one == 4) one = 1;
32       if (one == 5) one = 1;    if (one == 6) one = 1;    if (one == 7) one = 1;
33       if (one == 8) one = 1;    if (one == 9) one = 1;    if (one == 0) one = 1;
34     }
35     bad();
36   }
37 }
38 
fD(IN in)39 __attribute__((noinline)) void fD(IN in) { f0(in); }
fC(IN in)40 __attribute__((noinline)) void fC(IN in) { if (in[2] == 'C') fD(in); }
fB(IN in)41 __attribute__((noinline)) void fB(IN in) { if (in[1] == 'B') fC(in); }
fA(IN in)42 __attribute__((noinline)) void fA(IN in) { if (in[0] == 'A') fB(in); }
43 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)44 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
45   if (Size < N) return 0;
46   fA((IN)Data);
47   return 0;
48 }
49