[libc-commits] [libc] [libc] Add fuzzers for `memcpy` and `memset` (PR #90591)

Clement Courbet via libc-commits libc-commits at lists.llvm.org
Tue Apr 30 07:13:55 PDT 2024


================
@@ -0,0 +1,45 @@
+//===-- memset_fuzz.cpp ---------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// Fuzzing test for llvm-libc memcset implementation.
+///
+//===----------------------------------------------------------------------===//
+#include "protected_pages.h"
+#include "src/string/memset.h"
+#include <stddef.h> // size_t
+#include <stdint.h> // uint8_t
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_size) {
+  static constexpr size_t MAX_SIZE = 1024;
+  static ProtectedPages pages;
+  static const Page write_buffer = pages.GetPageA().WithAccess(PROT_WRITE);
+  // We fill 'size' and 'fill_char' with data coming from lib_fuzzer, this
----------------
legrosbuffle wrote:

This is 2^24 separate data points. However, we're limiting ourselves to `MAX_SIZE` just below, so this becomes 256k states juste below. We could probably just write two nested for loops:

```
for (int size = 0; size < MAX_SIZE; ++i) {
  for (int fill_char = 0; fill_char < 256; ++fill_char) {
    ... run test
  }
}
```

this would be exhaustive and take about as much time as generating the fuzz inputs.


https://github.com/llvm/llvm-project/pull/90591


More information about the libc-commits mailing list