1 //===-- get_error_info_fuzzer.cpp -----------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #define SCUDO_FUZZ
10 #include "allocator_config.h"
11 #include "combined.h"
12 #include "common.h"
13
14 #include <fuzzer/FuzzedDataProvider.h>
15
16 #include <string>
17 #include <vector>
18
LLVMFuzzerTestOneInput(uint8_t * Data,size_t Size)19 extern "C" int LLVMFuzzerTestOneInput(uint8_t *Data, size_t Size) {
20 using AllocatorT = scudo::Allocator<scudo::AndroidConfig>;
21 FuzzedDataProvider FDP(Data, Size);
22
23 uintptr_t FaultAddr = FDP.ConsumeIntegral<uintptr_t>();
24 uintptr_t MemoryAddr = FDP.ConsumeIntegral<uintptr_t>();
25
26 std::string MemoryAndTags =
27 FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
28 const char *Memory = MemoryAndTags.c_str();
29 // Assume 16-byte alignment.
30 size_t MemorySize = (MemoryAndTags.length() / 17) * 16;
31 const char *MemoryTags = Memory + MemorySize;
32
33 std::string StackDepotBytes =
34 FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
35
36 std::string RegionInfoBytes =
37 FDP.ConsumeRandomLengthString(FDP.remaining_bytes());
38 std::vector<char> RegionInfo(AllocatorT::getRegionInfoArraySize(), 0);
39 for (size_t i = 0; i < RegionInfoBytes.length() && i < RegionInfo.size();
40 ++i) {
41 RegionInfo[i] = RegionInfoBytes[i];
42 }
43
44 std::string RingBufferBytes = FDP.ConsumeRemainingBytesAsString();
45
46 scudo_error_info ErrorInfo;
47 AllocatorT::getErrorInfo(&ErrorInfo, FaultAddr, StackDepotBytes.data(),
48 StackDepotBytes.size(), RegionInfo.data(),
49 RingBufferBytes.data(), RingBufferBytes.size(),
50 Memory, MemoryTags, MemoryAddr, MemorySize);
51 return 0;
52 }
53