[libFuzzer] make sure that 2-byte arguments of switch() are handled properly
llvm-svn: 243781
diff --git a/llvm/lib/Fuzzer/test/SwitchTest.cpp b/llvm/lib/Fuzzer/test/SwitchTest.cpp
index 0f2319b..9f921fb 100644
--- a/llvm/lib/Fuzzer/test/SwitchTest.cpp
+++ b/llvm/lib/Fuzzer/test/SwitchTest.cpp
@@ -25,9 +25,28 @@
return false;
}
+bool ShortSwitch(const uint8_t *Data, size_t Size) {
+ short X;
+ if (Size < sizeof(short)) return false;
+ memcpy(&X, Data, sizeof(short));
+ switch(X) {
+ case 42: Sink = __LINE__; break;
+ case 402: Sink = __LINE__; break;
+ case 4002: Sink = __LINE__; break;
+ case 5002: Sink = __LINE__; break;
+ case 7002: Sink = __LINE__; break;
+ case 9002: Sink = __LINE__; break;
+ case 14002: Sink = __LINE__; break;
+ case 21402: return true;
+ }
+ return false;
+}
+
extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
- if (Switch<int>(Data, Size) && Size >= 12 &&
- Switch<uint64_t>(Data + 4, Size - 4)) {
+ if (Size >= 4 && Switch<int>(Data, Size) &&
+ Size >= 12 && Switch<uint64_t>(Data + 4, Size - 4) &&
+ Size >= 14 && ShortSwitch(Data + 12, 2)
+ ) {
fprintf(stderr, "BINGO; Found the target, exiting\n");
exit(1);
}
diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test
index 63cb957..bfb5849 100644
--- a/llvm/lib/Fuzzer/test/fuzzer.test
+++ b/llvm/lib/Fuzzer/test/fuzzer.test
@@ -32,5 +32,5 @@
RUN: not LLVMFuzzer-StrncmpTest -use_traces=1 -seed=1 -runs=10000 2>&1 | FileCheck %s
RUN: LLVMFuzzer-StrncmpTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000
-RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=100000 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-SwitchTest -use_traces=1 -seed=1 -runs=1000000 2>&1 | FileCheck %s
RUN: LLVMFuzzer-SwitchTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=Done1000000