File: pffft_fuzzer.cc

package info (click to toggle)
chromium 120.0.6099.224-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 6,112,112 kB
  • sloc: cpp: 32,907,025; ansic: 8,148,123; javascript: 3,679,536; python: 2,031,248; asm: 959,718; java: 804,675; xml: 617,256; sh: 111,417; objc: 100,835; perl: 88,443; cs: 53,032; makefile: 29,579; fortran: 24,137; php: 21,162; tcl: 21,147; sql: 20,809; ruby: 17,735; pascal: 12,864; yacc: 8,045; lisp: 3,388; lex: 1,323; ada: 727; awk: 329; jsp: 267; csh: 117; exp: 43; sed: 37
file content (85 lines) | stat: -rw-r--r-- 2,578 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <algorithm>
#include <array>
#include <cassert>
#include <cstring>

#include "third_party/pffft/src/pffft.h"

namespace {

#if defined(TRANSFORM_REAL)
// Real FFT.
constexpr pffft_transform_t kTransform = PFFFT_REAL;
constexpr size_t kSizeOfOneSample = sizeof(float);
#elif defined(TRANSFORM_COMPLEX)
// Complex FFT.
constexpr pffft_transform_t kTransform = PFFFT_COMPLEX;
constexpr size_t kSizeOfOneSample = 2 * sizeof(float);  // Real plus imaginary.
#else
#error FFT transform type not defined.
#endif

bool IsValidSize(size_t n) {
  if (n == 0) {
    return false;
  }
  // PFFFT only supports transforms for inputs of length N of the form
  // N = (2^a)*(3^b)*(5^c) where a >= 5, b >=0, c >= 0.
  constexpr std::array<int, 3> kFactors = {2, 3, 5};
  std::array<int, kFactors.size()> factorization{};
  for (size_t i = 0; i < kFactors.size(); ++i) {
    const int factor = kFactors[i];
    while (n % factor == 0) {
      n /= factor;
      factorization[i]++;
    }
  }
  return factorization[0] >= 5 && n == 1;
}

float* AllocatePffftBuffer(size_t number_of_bytes) {
  return static_cast<float*>(pffft_aligned_malloc(number_of_bytes));
}

}  // namespace

// Entry point for LibFuzzer.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Set the number of FFT points to use |data| as input vector.
  // The latter is truncated if the number of bytes is not an integer
  // multiple of the size of one sample (which is either a real or a complex
  // floating point number).
  const size_t fft_size = size / kSizeOfOneSample;
  if (!IsValidSize(fft_size)) {
    return 0;
  }

  const size_t number_of_bytes = fft_size * kSizeOfOneSample;
  assert(number_of_bytes <= size);

  // Allocate input and output buffers.
  float* in = AllocatePffftBuffer(number_of_bytes);
  float* out = AllocatePffftBuffer(number_of_bytes);

  // Copy input data.
  std::memcpy(in, reinterpret_cast<const float*>(data), number_of_bytes);

  // Setup FFT.
  PFFFT_Setup* pffft_setup = pffft_new_setup(fft_size, kTransform);

  // Call different PFFFT functions to maximize the coverage.
  pffft_transform(pffft_setup, in, out, nullptr, PFFFT_FORWARD);
  pffft_zconvolve_accumulate(pffft_setup, out, out, out, 1.f);
  pffft_transform_ordered(pffft_setup, in, out, nullptr, PFFFT_BACKWARD);

  // Release memory.
  pffft_aligned_free(in);
  pffft_aligned_free(out);
  pffft_destroy_setup(pffft_setup);

  return 0;
}