[libFuzzer] make sure that 2-byte arguments of switch() are handled properly

llvm-svn: 243781
author: Kostya Serebryany <kcc@google.com> 2015-07-31 20:58:55 +0000
committer: Kostya Serebryany <kcc@google.com> 2015-07-31 20:58:55 +0000
commit: fe7e41e8f5fbde0c287b316a877a64e2ecd136a5 (patch)
tree: 047ed5ea90fa8467773d2a7e026788135570bb6b /llvm/lib/Fuzzer/test
parent: ad156fb6af9f58c35357405b0ecd83a60185ed84 (diff)
download: bcm5719-llvm-fe7e41e8f5fbde0c287b316a877a64e2ecd136a5.tar.gz
bcm5719-llvm-fe7e41e8f5fbde0c287b316a877a64e2ecd136a5.zip
2 files changed, 22 insertions, 3 deletions
diff --git a/llvm/lib/Fuzzer/test/SwitchTest.cpp b/llvm/lib/Fuzzer/test/SwitchTest.cpp
index 0f2319b2cc9..9f921fb6098 100644
--- a/llvm/lib/Fuzzer/test/SwitchTest.cpp
+++ b/llvm/lib/Fuzzer/test/SwitchTest.cpp
@@ -25,9 +25,28 @@ bool Switch(const uint8_t *Data, size_t Size) {
   return false;
 }
 
+bool ShortSwitch(const uint8_t *Data, size_t Size) {
+  short X;
+  if (Size < sizeof(short)) return false;
+  memcpy(&X, Data, sizeof(short));
+  switch(X) {
+    case 42: Sink = __LINE__; break;
+    case 402: Sink = __LINE__; break;
+    case 4002: Sink = __LINE__; break;
+    case 5002: Sink = __LINE__; break;
+    case 7002: Sink = __LINE__; break;
+    case 9002: Sink = __LINE__; break;
+    case 14002: Sink = __LINE__; break;
+    case 21402: return true;
+  }
+  return false;
+}
+
 extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (Switch<int>(Data, Size) && Size >= 12 &&
-      Switch<uint64_t>(Data + 4, Size - 4)) {
+  if (Size >= 4  && Switch<int>(Data, Size) &&
+      Size >= 12 && Switch<uint64_t>(Data + 4, Size - 4) &&
+      Size >= 14 && ShortSwitch(Data + 12, 2)
+    ) {
     fprintf(stderr, "BINGO; Found the target, exiting\n");
     exit(1);
   }
diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test
index 63cb9573efa..bfb5849bba8 100644
--- a/llvm/lib/Fuzzer/test/fuzzer.test
+++ b/llvm/lib/Fuzzer/test/fuzzer.test
@@ -32,5 +32,5 @@ Done1000000: Done 1000000 runs in
 RUN: not LLVMFuzzer-StrncmpTest -use_traces=1 -seed=1 -runs=10000    2>&1 | FileCheck %s
 RUN:     LLVMFuzzer-StrncmpTest               -seed=1 -runs=1000000  2>&1 | FileCheck %s --check-prefix=Done1000000
 
-RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=100000    2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=1000000  2>&1 | FileCheck %s
 RUN:     LLVMFuzzer-SwitchTest               -seed=1 -runs=1000000  2>&1 | FileCheck %s --check-prefix=Done1000000
author	Kostya Serebryany <kcc@google.com>	2015-07-31 20:58:55 +0000
committer	Kostya Serebryany <kcc@google.com>	2015-07-31 20:58:55 +0000
commit	fe7e41e8f5fbde0c287b316a877a64e2ecd136a5 (patch)
tree	047ed5ea90fa8467773d2a7e026788135570bb6b /llvm/lib/Fuzzer/test
parent	ad156fb6af9f58c35357405b0ecd83a60185ed84 (diff)
download	bcm5719-llvm-fe7e41e8f5fbde0c287b316a877a64e2ecd136a5.tar.gz bcm5719-llvm-fe7e41e8f5fbde0c287b316a877a64e2ecd136a5.zip