| 1 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
|---|---|
| 2 | // See https://llvm.org/LICENSE.txt for license information. |
| 3 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
| 4 | |
| 5 | // This test computes a checksum of the data (all but the last 4 bytes), |
| 6 | // and then compares the last 4 bytes with the computed value. |
| 7 | // A fuzzer with cmp traces is expected to defeat this check. |
| 8 | #include <cstdint> |
| 9 | #include <cstdio> |
| 10 | #include <cstdlib> |
| 11 | #include <cstring> |
| 12 | |
| 13 | // A modified jenkins_one_at_a_time_hash initialized by non-zero, |
| 14 | // so that simple_hash(0) != 0. See also |
| 15 | // https://en.wikipedia.org/wiki/Jenkins_hash_function |
| 16 | static uint32_t simple_hash(const uint8_t *Data, size_t Size) { |
| 17 | uint32_t Hash = 0x12039854; |
| 18 | for (uint32_t i = 0; i < Size; i++) { |
| 19 | Hash += Data[i]; |
| 20 | Hash += (Hash << 10); |
| 21 | Hash ^= (Hash >> 6); |
| 22 | } |
| 23 | Hash += (Hash << 3); |
| 24 | Hash ^= (Hash >> 11); |
| 25 | Hash += (Hash << 15); |
| 26 | return Hash; |
| 27 | } |
| 28 | |
| 29 | extern "C"int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
| 30 | if (Size < 14) |
| 31 | return 0; |
| 32 | |
| 33 | uint32_t Hash = simple_hash(Data: &Data[0], Size: Size - 4); |
| 34 | uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0]; |
| 35 | if (Hash != Want) |
| 36 | return 0; |
| 37 | fprintf(stderr, format: "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, |
| 38 | (unsigned int)Want); |
| 39 | exit(status: 1); |
| 40 | return 0; |
| 41 | } |
| 42 |