1 // Copyright (c) 2019, Paul Dreik
2 // For the license information refer to format.h.
3
4 #ifndef FUZZER_COMMON_H
5 #define FUZZER_COMMON_H
6
7 #include <cstdint> // std::uint8_t
8 #include <cstring> // memcpy
9 #include <vector>
10
11 #include <fmt/core.h>
12
13 // One can format to either a string, or a buffer. The latter is faster, but
14 // one may be interested in formatting to a string instead to verify it works
15 // as intended. To avoid a combinatoric explosion, select this at compile time
16 // instead of dynamically from the fuzz data.
17 #define FMT_FUZZ_FORMAT_TO_STRING 0
18
19 // If {fmt} is given a buffer that is separately allocated, chances that address
20 // sanitizer detects out of bound reads is much higher. However, it slows down
21 // the fuzzing.
22 #define FMT_FUZZ_SEPARATE_ALLOCATION 1
23
24 // The size of the largest possible type in use.
25 // To let the the fuzzer mutation be efficient at cross pollinating between
26 // different types, use a fixed size format. The same bit pattern, interpreted
27 // as another type, is likely interesting.
28 constexpr auto fixed_size = 16;
29
30 // Casts data to a char pointer.
as_chars(const T * data)31 template <typename T> inline const char* as_chars(const T* data) {
32 return reinterpret_cast<const char*>(data);
33 }
34
35 // Casts data to a byte pointer.
as_bytes(const T * data)36 template <typename T> inline const std::uint8_t* as_bytes(const T* data) {
37 return reinterpret_cast<const std::uint8_t*>(data);
38 }
39
40 // Blits bytes from data to form an (assumed trivially constructible) object
41 // of type Item.
assign_from_buf(const std::uint8_t * data)42 template <class Item> inline Item assign_from_buf(const std::uint8_t* data) {
43 auto item = Item();
44 std::memcpy(&item, data, sizeof(Item));
45 return item;
46 }
47
48 // Reads a boolean value by looking at the first byte from data.
49 template <> inline bool assign_from_buf<bool>(const std::uint8_t* data) {
50 return *data != 0;
51 }
52
53 struct data_to_string {
54 #if FMT_FUZZ_SEPARATE_ALLOCATION
55 std::vector<char> buffer;
56
57 data_to_string(const uint8_t* data, size_t size, bool add_terminator = false)
58 : buffer(size + (add_terminator ? 1 : 0)) {
59 std::memcpy(buffer.data(), data, size);
60 }
61
getdata_to_string62 fmt::string_view get() const { return {buffer.data(), buffer.size()}; }
63 #else
64 fmt::string_view sv;
65
66 data_to_string(const uint8_t* data, size_t size, bool = false)
67 : str(as_chars(data), size) {}
68
69 fmt::string_view get() const { return sv; }
70 #endif
71
datadata_to_string72 const char* data() const { return get().data(); }
73 };
74
75 #endif // FUZZER_COMMON_H
76