fmt-11.0.2/test/fuzzing/fuzzer-common.h

   1 // Copyright (c) 2019, Paul Dreik
   2 // For the license information refer to format.h.
   3
   4 #ifndef FUZZER_COMMON_H
   5 #define FUZZER_COMMON_H
   6
   7 #include <fmt/base.h>
   8
   9 #include <cstdint>  // std::uint8_t
  10 #include <cstring>  // memcpy
  11 #include <vector>
  12
  13 // One can format to either a string, or a buffer. The latter is faster, but
  14 // one may be interested in formatting to a string instead to verify it works
  15 // as intended. To avoid a combinatoric explosion, select this at compile time
  16 // instead of dynamically from the fuzz data.
  17 #define FMT_FUZZ_FORMAT_TO_STRING 0
  18
  19 // If {fmt} is given a buffer that is separately allocated, chances that address
  20 // sanitizer detects out of bound reads is much higher. However, it slows down
  21 // the fuzzing.
  22 #define FMT_FUZZ_SEPARATE_ALLOCATION 1
  23
  24 // The size of the largest possible type in use.
  25 // To let the the fuzzer mutation be efficient at cross pollinating between
  26 // different types, use a fixed size format. The same bit pattern, interpreted
  27 // as another type, is likely interesting.
  28 constexpr auto fixed_size = 16;
  29
  30 // Casts data to a char pointer.
  31 template <typename T> inline const char* as_chars(const T* data) {
  32   return reinterpret_cast<const char*>(data);
  33 }
  34
  35 // Casts data to a byte pointer.
  36 template <typename T> inline const std::uint8_t* as_bytes(const T* data) {
  37   return reinterpret_cast<const std::uint8_t*>(data);
  38 }
  39
  40 // Blits bytes from data to form an (assumed trivially constructible) object
  41 // of type Item.
  42 template <class Item> inline Item assign_from_buf(const std::uint8_t* data) {
  43   auto item = Item();
  44   std::memcpy(&item, data, sizeof(Item));
  45   return item;
  46 }
  47
  48 // Reads a boolean value by looking at the first byte from data.
  49 template <> inline bool assign_from_buf<bool>(const std::uint8_t* data) {
  50   return *data != 0;
  51 }
  52
  53 struct data_to_string {
  54 #if FMT_FUZZ_SEPARATE_ALLOCATION
  55   std::vector<char> buffer;
  56
  57   data_to_string(const uint8_t* data, size_t size, bool add_terminator = false)
  58       : buffer(size + (add_terminator ? 1 : 0)) {
  59     if (size) {
  60       std::memcpy(buffer.data(), data, size);
  61     }
  62   }
  63
  64   fmt::string_view get() const { return {buffer.data(), buffer.size()}; }
  65 #else
  66   fmt::string_view sv;
  67
  68   data_to_string(const uint8_t* data, size_t size, bool = false)
  69       : str(as_chars(data), size) {}
  70
  71   fmt::string_view get() const { return sv; }
  72 #endif
  73
  74   const char* data() const { return get().data(); }
  75 };
  76
  77 #endif  // FUZZER_COMMON_H