| Ivan Krasin | a610cb5 | 2015-09-08 21:22:52 +0000 | [diff] [blame^] | 1 | // This test computes a checksum of the data (all but the last 4 bytes), |
| 2 | // and then compares the last 4 bytes with the computed value. |
| 3 | // A fuzzer with cmp traces is expected to defeat this check. |
| 4 | #include <cstdint> |
| 5 | #include <cstdlib> |
| 6 | #include <cstring> |
| 7 | #include <cstdio> |
| 8 | |
| 9 | // A modified jenkins_one_at_a_time_hash initialized by non-zero, |
| 10 | // so that simple_hash(0) != 0. See also |
| 11 | // https://en.wikipedia.org/wiki/Jenkins_hash_function |
| 12 | static uint32_t simple_hash(const uint8_t *Data, size_t Size) { |
| 13 | uint32_t Hash = 0x12039854; |
| 14 | for (uint32_t i = 0; i < Size; i++) { |
| 15 | Hash += Data[i]; |
| 16 | Hash += (Hash << 10); |
| 17 | Hash ^= (Hash >> 6); |
| 18 | } |
| 19 | Hash += (Hash << 3); |
| 20 | Hash ^= (Hash >> 11); |
| 21 | Hash += (Hash << 15); |
| 22 | return Hash; |
| 23 | } |
| 24 | |
| 25 | extern "C" void LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { |
| 26 | if (Size < 14) |
| 27 | return; |
| 28 | |
| 29 | uint32_t Hash = simple_hash(&Data[0], Size - 4); |
| 30 | uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0]; |
| 31 | if (Hash != Want) |
| 32 | return; |
| 33 | fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, |
| 34 | (unsigned int)Want); |
| 35 | exit(1); |
| 36 | } |