1// Simple test for a fuzzer. 2// Try to find the target using the indirect caller-callee pairs. 3#include <cstdint> 4#include <cstdlib> 5#include <cstddef> 6#include <cstring> 7#include <iostream> 8 9typedef void (*F)(); 10static F t[256]; 11 12void f34() { 13 std::cerr << "BINGO\n"; 14 exit(1); 15} 16void f23() { t[(unsigned)'d'] = f34;} 17void f12() { t[(unsigned)'c'] = f23;} 18void f01() { t[(unsigned)'b'] = f12;} 19void f00() {} 20 21static F t0[256] = { 22 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 23 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 24 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 25 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 26 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 27 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 28 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 29 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 30 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 31 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 32 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 33 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 34 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 35 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 36 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 37 f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, 38}; 39 40extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 41 if (Size < 4) return 0; 42 // Spoof the counters. 43 for (int i = 0; i < 200; i++) { 44 f23(); 45 f12(); 46 f01(); 47 } 48 memcpy(t, t0, sizeof(t)); 49 t[(unsigned)'a'] = f01; 50 t[Data[0]](); 51 t[Data[1]](); 52 t[Data[2]](); 53 t[Data[3]](); 54 return 0; 55} 56 57