json/tests/thirdparty/Fuzzer/test/SimpleHashTest.cpp

41 lines
1.2 KiB
C++
Raw Normal View History

2016-12-22 16:08:50 +08:00
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
// This test computes a checksum of the data (all but the last 4 bytes),
// and then compares the last 4 bytes with the computed value.
// A fuzzer with cmp traces is expected to defeat this check.
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <cstdio>
// A modified jenkins_one_at_a_time_hash initialized by non-zero,
// so that simple_hash(0) != 0. See also
// https://en.wikipedia.org/wiki/Jenkins_hash_function
static uint32_t simple_hash(const uint8_t *Data, size_t Size) {
uint32_t Hash = 0x12039854;
for (uint32_t i = 0; i < Size; i++) {
Hash += Data[i];
Hash += (Hash << 10);
Hash ^= (Hash >> 6);
}
Hash += (Hash << 3);
Hash ^= (Hash >> 11);
Hash += (Hash << 15);
return Hash;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size < 14)
return 0;
uint32_t Hash = simple_hash(&Data[0], Size - 4);
uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0];
if (Hash != Want)
return 0;
fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash,
(unsigned int)Want);
exit(1);
return 0;
}