1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#include <cstdint>
#include <filesystem>
#include <type_traits>
#include "64bit/test_64bit_bfbs_generated.h"
#include "64bit/test_64bit_generated.h"
#include "flatbuffers/base.h"
#include "flatbuffers/flatbuffer_builder.h"
#include "flatbuffers/flatbuffers.h"
#include "flatbuffers/reflection.h"
#include "flatbuffers/verifier.h"
#include "test_assert.h"
#include "test_init.h"
OneTimeTestInit OneTimeTestInit::one_time_init_;
static RootTableBinarySchema schema;
static constexpr uint8_t flags_sized_prefixed = 0b00000001;
static const uint64_t kFnvPrime = 0x00000100000001b3ULL;
static const uint64_t kOffsetBasis = 0xcbf29ce484222645ULL;
namespace flatbuffers {
template<typename T, typename = std::enable_if_t<std::is_integral_v<T>>>
uint64_t Hash(T value, uint64_t hash) {
return (hash * kFnvPrime) ^ value;
}
uint64_t Hash(double value, uint64_t hash) {
static_assert(sizeof(double) == sizeof(uint64_t));
return (hash * kFnvPrime) ^ static_cast<uint64_t>(value);
}
uint64_t Hash(const flatbuffers::String *value, uint64_t hash) {
if (value == nullptr) { return hash * kFnvPrime; }
for (auto &c : value->str()) { hash = Hash(static_cast<uint8_t>(c), hash); }
return hash;
}
uint64_t Hash(const LeafStruct *value, uint64_t hash) {
if (value == nullptr) { return hash * kFnvPrime; }
hash = Hash(value->a(), hash);
hash = Hash(value->b(), hash);
return hash;
}
template<typename T> uint64_t Hash(const Vector<T> *value, uint64_t hash) {
if (value == nullptr) { return hash * kFnvPrime; }
for (const T c : *value) { hash = Hash(c, hash); }
return hash;
}
template<typename T> uint64_t Hash(const Vector64<T> *value, uint64_t hash) {
if (value == nullptr) { return hash * kFnvPrime; }
for (const T c : *value) { hash = Hash(c, hash); }
return hash;
}
uint64_t Hash(const RootTable *value, uint64_t hash) {
if (value == nullptr) { return hash * kFnvPrime; }
// Hash all the fields so we can exercise all parts of the code.
hash = Hash(value->far_vector(), hash);
hash = Hash(value->a(), hash);
hash = Hash(value->far_string(), hash);
hash = Hash(value->big_vector(), hash);
hash = Hash(value->near_string(), hash);
hash = Hash(value->nested_root(), hash);
hash = Hash(value->far_struct_vector(), hash);
hash = Hash(value->big_struct_vector(), hash);
return hash;
}
static int AccessBuffer(const uint8_t *data, size_t size,
bool is_size_prefixed) {
const RootTable *root_table =
is_size_prefixed ? GetSizePrefixedRootTable(data) : GetRootTable(data);
TEST_NOTNULL(root_table);
uint64_t hash = kOffsetBasis;
hash = Hash(root_table, hash);
hash = Hash(root_table->nested_root_nested_root(), hash);
return 0;
}
extern "C" int LLVMFuzzerInitialize(int *, char ***argv) {
Verifier verifier(schema.begin(), schema.size());
TEST_EQ(true, reflection::VerifySchemaBuffer(verifier));
return 0;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (size < FLATBUFFERS_MIN_BUFFER_SIZE) { return 0; }
// Take the first bit of data as a flag to control things.
const uint8_t flags = data[0];
data++;
size--;
Verifier::Options options;
options.assert = true;
options.check_alignment = true;
options.check_nested_flatbuffers = true;
Verifier verifier(data, size, options);
const bool is_size_prefixed = flags & flags_sized_prefixed;
// Filter out data that isn't valid.
if ((is_size_prefixed && !VerifySizePrefixedRootTableBuffer(verifier)) ||
!VerifyRootTableBuffer(verifier)) {
return 0;
}
return AccessBuffer(data, size, is_size_prefixed);
}
} // namespace flatbuffers
|
