summaryrefslogtreecommitdiffstats
path: root/llvm/lib
diff options
context:
space:
mode:
Diffstat (limited to 'llvm/lib')
-rw-r--r--llvm/lib/Fuzzer/FuzzerInterface.h5
-rw-r--r--llvm/lib/Fuzzer/FuzzerInternal.h1
-rw-r--r--llvm/lib/Fuzzer/FuzzerLoop.cpp5
-rw-r--r--llvm/lib/Fuzzer/FuzzerMutate.cpp6
-rw-r--r--llvm/lib/Fuzzer/test/CustomMutatorTest.cpp16
5 files changed, 21 insertions, 12 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerInterface.h b/llvm/lib/Fuzzer/FuzzerInterface.h
index 48a5c1bf71e..30620e51396 100644
--- a/llvm/lib/Fuzzer/FuzzerInterface.h
+++ b/llvm/lib/Fuzzer/FuzzerInterface.h
@@ -70,9 +70,10 @@ int main(int argc, char **argv) {
*/
int FuzzerDriver(int argc, char **argv, UserCallback Callback);
-// Same interface as LLVMFuzzerTestOneInput.
+// Mutates raw data in [Data, Data+Size] inplace.
+// Returns the new size, which is not greater than MaxSize.
// Can be used inside the user-supplied LLVMFuzzerTestOneInput.
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed);
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize);
} // namespace fuzzer
diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h
index ded25da847d..466ef975fa2 100644
--- a/llvm/lib/Fuzzer/FuzzerInternal.h
+++ b/llvm/lib/Fuzzer/FuzzerInternal.h
@@ -322,6 +322,7 @@ public:
// Merge Corpora[1:] into Corpora[0].
void Merge(const std::vector<std::string> &Corpora);
+ MutationDispatcher &GetMD() { return MD; }
private:
void AlarmCallback();
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index 1c2c369e53d..ca9643892ba 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@@ -60,6 +60,11 @@ static void MissingWeakApiFunction(const char *FnName) {
// Only one Fuzzer per process.
static Fuzzer *F;
+size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize) {
+ assert(F);
+ return F->GetMD().Mutate(Data, Size, MaxSize);
+}
+
Fuzzer::Fuzzer(UserCallback CB, MutationDispatcher &MD, FuzzingOptions Options)
: CB(CB), MD(MD), Options(Options) {
SetDeathCallback();
diff --git a/llvm/lib/Fuzzer/FuzzerMutate.cpp b/llvm/lib/Fuzzer/FuzzerMutate.cpp
index b3442219b16..252955e13e3 100644
--- a/llvm/lib/Fuzzer/FuzzerMutate.cpp
+++ b/llvm/lib/Fuzzer/FuzzerMutate.cpp
@@ -34,12 +34,6 @@ MutationDispatcher::Mutator MutationDispatcher::Mutators[] = {
"AddFromPersAutoDict"},
};
-size_t Mutate(uint8_t *Data, size_t Size, size_t MaxSize, unsigned int Seed) {
- Random R(Seed);
- MutationDispatcher MD(R);
- return MD.Mutate(Data, Size, MaxSize);
-}
-
static char FlipRandomBit(char X, Random &Rand) {
int Bit = Rand(8);
char Mask = 1 << Bit;
diff --git a/llvm/lib/Fuzzer/test/CustomMutatorTest.cpp b/llvm/lib/Fuzzer/test/CustomMutatorTest.cpp
index 84077d7368d..ef4851e1bf6 100644
--- a/llvm/lib/Fuzzer/test/CustomMutatorTest.cpp
+++ b/llvm/lib/Fuzzer/test/CustomMutatorTest.cpp
@@ -7,11 +7,19 @@
#include "FuzzerInterface.h"
+static volatile int Sink;
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
assert(Data);
- if (Size > 0 && Data[0] == 'F') {
- std::cout << "BINGO; Found the target, exiting\n";
- exit(1);
+ if (Size > 0 && Data[0] == 'H') {
+ Sink = 1;
+ if (Size > 1 && Data[1] == 'i') {
+ Sink = 2;
+ if (Size > 2 && Data[2] == '!') {
+ std::cout << "BINGO; Found the target, exiting\n";
+ exit(1);
+ }
+ }
}
return 0;
}
@@ -23,5 +31,5 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size,
std::cerr << "In LLVMFuzzerCustomMutator\n";
Printed = true;
}
- return fuzzer::Mutate(Data, Size, MaxSize, Seed);
+ return fuzzer::Mutate(Data, Size, MaxSize);
}
OpenPOWER on IntegriCloud