1 //===-- get_error_info_fuzzer.cpp -----------------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #define SCUDO_FUZZ 10 #include "allocator_config.h" 11 #include "combined.h" 12 13 #include <fuzzer/FuzzedDataProvider.h> 14 15 #include <string> 16 #include <vector> 17 18 extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) { 19 using AllocatorT = scudo::Allocator<scudo::AndroidConfig>; 20 FuzzedDataProvider FDP(Data, Size); 21 22 uintptr_t FaultAddr = FDP.ConsumeIntegral<uintptr_t>(); 23 uintptr_t MemoryAddr = FDP.ConsumeIntegral<uintptr_t>(); 24 25 std::string MemoryAndTags = 26 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 27 const char *Memory = MemoryAndTags.c_str(); 28 // Assume 16-byte alignment. 29 size_t MemorySize = (MemoryAndTags.length() / 17) * 16; 30 const char *MemoryTags = Memory + MemorySize; 31 32 std::string StackDepotBytes = 33 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 34 std::vector<char> StackDepot(sizeof(scudo::StackDepot), 0); 35 for (size_t i = 0; i < StackDepotBytes.length() && i < StackDepot.size(); 36 ++i) { 37 StackDepot[i] = StackDepotBytes[i]; 38 } 39 40 std::string RegionInfoBytes = 41 FDP.ConsumeRandomLengthString(FDP.remaining_bytes()); 42 std::vector<char> RegionInfo(AllocatorT::getRegionInfoArraySize(), 0); 43 for (size_t i = 0; i < RegionInfoBytes.length() && i < RegionInfo.size(); 44 ++i) { 45 RegionInfo[i] = RegionInfoBytes[i]; 46 } 47 48 std::string RingBufferBytes = FDP.ConsumeRemainingBytesAsString(); 49 std::vector<char> RingBuffer(AllocatorT::getRingBufferSize(), 0); 50 for (size_t i = 0; i < RingBufferBytes.length() && i < RingBuffer.size(); 51 ++i) { 52 RingBuffer[i] = RingBufferBytes[i]; 53 } 54 55 scudo_error_info ErrorInfo; 56 AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepot.data(), 57 RegionInfo.data(), RingBuffer.data(), Memory, 58 MemoryTags, MemoryAddr, MemorySize); 59 return 0; 60 } 61