File: spvtools_dis_fuzzer.cpp

package info (click to toggle)
spirv-tools 2026.1-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 28,900 kB
  • sloc: cpp: 477,281; javascript: 5,908; python: 3,326; ansic: 488; sh: 450; ruby: 88; makefile: 18; lisp: 9
file content (75 lines) | stat: -rw-r--r-- 2,373 bytes parent folder | download | duplicates (18) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
// Copyright (c) 2019 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <cstdint>
#include <cstring>  // memcpy
#include <vector>

#include "source/spirv_target_env.h"
#include "spirv-tools/libspirv.hpp"
#include "test/fuzzers/random_generator.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size < 4) {
    // There are not enough bytes to constitute a binary that can be
    // disassembled.
    return 0;
  }

  spvtools::fuzzers::RandomGenerator random_gen(data, size);
  const spv_context context = spvContextCreate(random_gen.GetTargetEnv());
  if (context == nullptr) {
    return 0;
  }

  std::vector<uint32_t> input;
  input.resize(size >> 2);
  size_t count = 0;
  for (size_t i = 0; (i + 3) < size; i += 4) {
    input[count++] = data[i] | (data[i + 1] << 8) | (data[i + 2] << 16) |
                     (data[i + 3]) << 24;
  }

  std::vector<char> input_str;
  size_t char_count = input.size() * sizeof(uint32_t) / sizeof(char);
  input_str.resize(char_count);
  memcpy(input_str.data(), input.data(), input.size() * sizeof(uint32_t));

  spv_text text = nullptr;
  spv_diagnostic diagnostic = nullptr;

  for (uint32_t options = SPV_BINARY_TO_TEXT_OPTION_NONE;
       options <
       (SPV_BINARY_TO_TEXT_OPTION_PRINT | SPV_BINARY_TO_TEXT_OPTION_COLOR |
        SPV_BINARY_TO_TEXT_OPTION_INDENT |
        SPV_BINARY_TO_TEXT_OPTION_SHOW_BYTE_OFFSET |
        SPV_BINARY_TO_TEXT_OPTION_NO_HEADER |
        SPV_BINARY_TO_TEXT_OPTION_FRIENDLY_NAMES);
       options++) {
    spvBinaryToText(context, input.data(), input.size(), options, &text,
                    &diagnostic);
    if (diagnostic) {
      spvDiagnosticDestroy(diagnostic);
      diagnostic = nullptr;
    }

    if (text) {
      spvTextDestroy(text);
      text = nullptr;
    }
  }

  spvContextDestroy(context);
  return 0;
}