1 /*
2  * Copyright 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include <functional>
17 
18 #include "fuzzer/FuzzedDataProvider.h"
19 #include "utils/BitSet.h"
20 static constexpr uint8_t MAX_OPERATIONS = 50;
21 
22 // We need to handle both 32 and 64 bit bitsets, so we use a function template
23 // here. Sadly, std::function can't be generic, so we generate a vector of
24 // std::functions using this function.
25 template <typename T>
getOperationsForType()26 std::vector<std::function<void(T, uint32_t)>> getOperationsForType() {
27     return {
28             [](T bs, uint32_t val) -> void { bs.markBit(val); },
29             [](T bs, uint32_t val) -> void { bs.valueForBit(val); },
30             [](T bs, uint32_t val) -> void { bs.hasBit(val); },
31             [](T bs, uint32_t val) -> void { bs.clearBit(val); },
32             [](T bs, uint32_t val) -> void { bs.getIndexOfBit(val); },
33             [](T bs, uint32_t) -> void { bs.clearFirstMarkedBit(); },
34             [](T bs, uint32_t) -> void { bs.markFirstUnmarkedBit(); },
35             [](T bs, uint32_t) -> void { bs.clearLastMarkedBit(); },
36             [](T bs, uint32_t) -> void { bs.clear(); },
37             [](T bs, uint32_t) -> void { bs.count(); },
38             [](T bs, uint32_t) -> void { bs.isEmpty(); },
39             [](T bs, uint32_t) -> void { bs.isFull(); },
40             [](T bs, uint32_t) -> void { bs.firstMarkedBit(); },
41             [](T bs, uint32_t) -> void { bs.lastMarkedBit(); },
42     };
43 }
44 
45 // Our operations for 32 and 64 bit bitsets
46 static const std::vector<std::function<void(android::BitSet32, uint32_t)>> thirtyTwoBitOps =
47         getOperationsForType<android::BitSet32>();
48 static const std::vector<std::function<void(android::BitSet64, uint32_t)>> sixtyFourBitOps =
49         getOperationsForType<android::BitSet64>();
50 
runOperationFor32Bit(android::BitSet32 bs,uint32_t bit,uint8_t operation)51 void runOperationFor32Bit(android::BitSet32 bs, uint32_t bit, uint8_t operation) {
52     thirtyTwoBitOps[operation](bs, bit);
53 }
54 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)55 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
56     FuzzedDataProvider dataProvider(data, size);
57     uint32_t thirty_two_base = dataProvider.ConsumeIntegral<uint32_t>();
58     uint64_t sixty_four_base = dataProvider.ConsumeIntegral<uint64_t>();
59     android::BitSet32 b1 = android::BitSet32(thirty_two_base);
60     android::BitSet64 b2 = android::BitSet64(sixty_four_base);
61 
62     size_t opsRun = 0;
63     while (dataProvider.remaining_bytes() > 0 && opsRun++ < MAX_OPERATIONS) {
64         uint32_t bit = dataProvider.ConsumeIntegral<uint32_t>();
65         uint8_t op = dataProvider.ConsumeIntegral<uint8_t>();
66         thirtyTwoBitOps[op % thirtyTwoBitOps.size()](b1, bit);
67         sixtyFourBitOps[op % sixtyFourBitOps.size()](b2, bit);
68     }
69     return 0;
70 }
71