1 //===-- get_error_info_fuzzer.cpp -----------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 
9 #define SCUDO_FUZZ
10 #include "allocator_config.h"
11 #include "combined.h"
12 
13 #include <fuzzer/FuzzedDataProvider.h>
14 
15 #include <string>
16 #include <vector>
17 
LLVMFuzzerTestOneInput(uint8_t * Data,size_t Size)18 extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) {
19   using AllocatorT = scudo::Allocator<scudo::AndroidConfig>;
20   FuzzedDataProvider FDP(Data, Size);
21 
22   uintptr_t FaultAddr = FDP.ConsumeIntegral<uintptr_t>();
23   uintptr_t MemoryAddr = FDP.ConsumeIntegral<uintptr_t>();
24 
25   std::string MemoryAndTags =
26       FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
27   const char *Memory = MemoryAndTags.c_str();
28   // Assume 16-byte alignment.
29   size_t MemorySize = (MemoryAndTags.length() / 17) * 16;
30   const char *MemoryTags = Memory + MemorySize;
31 
32   std::string StackDepotBytes =
33       FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
34   std::vector<char> StackDepot(sizeof(scudo::StackDepot), 0);
35   for (size_t i = 0; i < StackDepotBytes.length() && i < StackDepot.size();
36        ++i) {
37     StackDepot[i] = StackDepotBytes[i];
38   }
39 
40   std::string RegionInfoBytes =
41       FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
42   std::vector<char> RegionInfo(AllocatorT::getRegionInfoArraySize(), 0);
43   for (size_t i = 0; i < RegionInfoBytes.length() && i < RegionInfo.size();
44        ++i) {
45     RegionInfo[i] = RegionInfoBytes[i];
46   }
47 
48   std::string RingBufferBytes = FDP.ConsumeRemainingBytesAsString();
49 
50   scudo_error_info ErrorInfo;
51   AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepot.data(),
52                            RegionInfo.data(), RingBufferBytes.data(),
53                            RingBufferBytes.size(), Memory, MemoryTags,
54                            MemoryAddr, MemorySize);
55   return 0;
56 }
57