1 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
2 // See https://llvm.org/LICENSE.txt for license information.
3 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
4
5 // This test computes a checksum of the data (all but the last 4 bytes),
6 // and then compares the last 4 bytes with the computed value.
7 // A fuzzer with cmp traces is expected to defeat this check.
8 #include <cstdint>
9 #include <cstdio>
10 #include <cstdlib>
11 #include <cstring>
12
13 // A modified jenkins_one_at_a_time_hash initialized by non-zero,
14 // so that simple_hash(0) != 0. See also
15 // https://en.wikipedia.org/wiki/Jenkins_hash_function
simple_hash(const uint8_t * Data,size_t Size)16 static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
17 uint32_t Hash = 0x12039854;
18 for (uint32_t i = 0; i < Size; i++) {
19 Hash += Data[i];
20 Hash += (Hash << 10);
21 Hash ^= (Hash >> 6);
22 }
23 Hash += (Hash << 3);
24 Hash ^= (Hash >> 11);
25 Hash += (Hash << 15);
26 return Hash;
27 }
28
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)29 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
30 if (Size < 14)
31 return 0;
32
33 uint32_t Hash = simple_hash(&Data[0], Size - 4);
34 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
35 if (Hash != Want)
36 return 0;
37 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
38 (unsigned int)Want);
39 exit(1);
40 return 0;
41 }
42