diff --git a/test/fuzzing/chrono_duration.cpp b/test/fuzzing/chrono_duration.cpp index 2b5410f4d931..c4bd1e76a65e 100644 --- a/test/fuzzing/chrono_duration.cpp +++ b/test/fuzzing/chrono_duration.cpp @@ -20,7 +20,7 @@ void invoke_inner(fmt::string_view formatstring, const Item item) { fmt::memory_buffer buf; fmt::format_to(buf, formatstring, value); #endif - } catch (std::exception& e) { + } catch (std::exception& /*e*/) { } } @@ -36,12 +36,7 @@ void invoke_outer(const uint8_t* Data, std::size_t Size, const int scaling) { return; } -#if __cplusplus >= 201402L - static_assert(std::is_trivially_copyable::value, - "Item must be blittable"); -#endif - Item item{}; - std::memcpy(&item, Data, N); + const Item item = fmt_fuzzer::assignFromBuf(Data); // fast forward Data += Nfixed; @@ -49,7 +44,7 @@ void invoke_outer(const uint8_t* Data, std::size_t Size, const int scaling) { // Data is already allocated separately in libFuzzer so reading past // the end will most likely be detected anyway - const auto formatstring = fmt::string_view((const char*)Data, Size); + const auto formatstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); // doit_impl(buf.data(),item); // doit_impl(buf.data(),item); diff --git a/test/fuzzing/fuzzer_common.h b/test/fuzzing/fuzzer_common.h index 2e64bcc765f7..618ef17e2081 100644 --- a/test/fuzzing/fuzzer_common.h +++ b/test/fuzzing/fuzzer_common.h @@ -1,5 +1,8 @@ #ifndef FUZZER_COMMON_H #define FUZZER_COMMON_H + +#include // memcpy + // Copyright (c) 2019, Paul Dreik // License: see LICENSE.rst in the fmt root directory @@ -34,7 +37,33 @@ namespace fmt_fuzzer { } #endif +namespace fmt_fuzzer { +template +inline const char* as_chars(const T* data) { + return static_cast(static_cast(data)); +} +template +inline const std::uint8_t* as_bytes(const T* data) { + return static_cast(static_cast(data)); +} + +template +inline Item assignFromBuf(const uint8_t* Data) { +#if __cplusplus >= 201402L + static_assert(std::is_trivially_copyable::value, + "Item must be blittable"); +#endif + Item item{}; + std::memcpy(&item, Data, sizeof(Item)); + return item; +} + +template <> inline bool assignFromBuf(const uint8_t* Data) { + return !!Data[0]; +} + +} #endif // FUZZER_COMMON_H diff --git a/test/fuzzing/main.cpp b/test/fuzzing/main.cpp index 37294855d4e1..faff78855618 100644 --- a/test/fuzzing/main.cpp +++ b/test/fuzzing/main.cpp @@ -4,6 +4,7 @@ # include # include # include +#include "fuzzer_common.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size); int main(int argc, char* argv[]) { for (int i = 1; i < argc; ++i) { @@ -11,11 +12,12 @@ int main(int argc, char* argv[]) { assert(in); in.seekg(0, std::ios_base::end); const auto pos = in.tellg(); + assert(pos>=0); in.seekg(0, std::ios_base::beg); - std::vector buf(pos); - in.read(buf.data(), buf.size()); + std::vector buf(static_cast(pos)); + in.read(buf.data(), static_cast(buf.size())); assert(in.gcount() == pos); - LLVMFuzzerTestOneInput((const uint8_t*)buf.data(), buf.size()); + LLVMFuzzerTestOneInput(fmt_fuzzer::as_bytes(buf.data()), buf.size()); } } #endif diff --git a/test/fuzzing/named_arg.cpp b/test/fuzzing/named_arg.cpp index 6db00d2aaba5..247f9495d418 100644 --- a/test/fuzzing/named_arg.cpp +++ b/test/fuzzing/named_arg.cpp @@ -10,18 +10,14 @@ #include "fuzzer_common.h" template -void invoke_fmt(const uint8_t* Data, std::size_t Size, int argsize) { +void invoke_fmt(const uint8_t* Data, std::size_t Size, unsigned int argsize) { constexpr auto N1 = sizeof(Item1); static_assert (N1<=fmt_fuzzer::Nfixed,"Nfixed too small"); if (Size <= fmt_fuzzer::Nfixed) { return; } - Item1 item1{}; - if /*constexpr*/ (std::is_same::value) { - item1 = !!Data[0]; - } else { - std::memcpy(&item1, Data, N1); - } + const Item1 item1 = fmt_fuzzer::assignFromBuf(Data); + Data += fmt_fuzzer::Nfixed; Size -= fmt_fuzzer::Nfixed; @@ -110,7 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) { // switch types depending on the first byte of the input const auto first = Data[0] & 0x0F; - const auto second = (Data[0] & 0xF0) >> 4; + const unsigned int second = (Data[0] & 0xF0) >> 4; Data++; Size--; @@ -120,7 +116,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) { try { invoke(first, outerfcn); - } catch (std::exception& e) { + } catch (std::exception& /*e*/) { } return 0; } diff --git a/test/fuzzing/one_arg.cpp b/test/fuzzing/one_arg.cpp index 36b2cd449bf1..b45f25123305 100644 --- a/test/fuzzing/one_arg.cpp +++ b/test/fuzzing/one_arg.cpp @@ -19,12 +19,7 @@ void invoke_fmt(const uint8_t* Data, std::size_t Size) { if (Size <= Nfixed) { return; } - Item item{}; - if /*constexpr*/ (std::is_same::value) { - item = !!Data[0]; - } else { - std::memcpy(&item, Data, N); - } + const Item item = fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; @@ -52,8 +47,7 @@ void invoke_fmt_time(const uint8_t* Data, std::size_t Size) { if (Size <= Nfixed) { return; } - Item item{}; - std::memcpy(&item, Data, N); + const Item item = fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; #if FMT_FUZZ_SEPARATE_ALLOCATION @@ -131,7 +125,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) { default: break; } - } catch (std::exception& e) { + } catch (std::exception& /*e*/) { } return 0; } diff --git a/test/fuzzing/sprintf.cpp b/test/fuzzing/sprintf.cpp index 312aa4fd2984..7dd022213fd8 100644 --- a/test/fuzzing/sprintf.cpp +++ b/test/fuzzing/sprintf.cpp @@ -9,17 +9,6 @@ using fmt_fuzzer::Nfixed; -template -Item assignFromBuf(const uint8_t* Data, std::size_t Size) { - Item item{}; - std::memcpy(&item, Data, sizeof(Item)); - return item; -} - -template <> bool assignFromBuf(const uint8_t* Data, std::size_t Size) { - return !!Data[0]; -} - template void invoke_fmt(const uint8_t* Data, std::size_t Size) { constexpr auto N1 = sizeof(Item1); @@ -29,15 +18,15 @@ void invoke_fmt(const uint8_t* Data, std::size_t Size) { if (Size <= Nfixed + Nfixed) { return; } - Item1 item1 = assignFromBuf(Data, Size); + Item1 item1 = fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; - Item2 item2 = assignFromBuf(Data, Size); + Item2 item2 = fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; - auto fmtstring = fmt::string_view((const char*)Data, Size); + auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); #if FMT_FUZZ_FORMAT_TO_STRING std::string message = fmt::format(fmtstring, item1, item2); @@ -121,7 +110,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) { try { invoke(first, outer); - } catch (std::exception& e) { + } catch (std::exception& /*e*/) { } return 0; } diff --git a/test/fuzzing/two_args.cpp b/test/fuzzing/two_args.cpp index a61201a94ee2..8cfc4be89f19 100644 --- a/test/fuzzing/two_args.cpp +++ b/test/fuzzing/two_args.cpp @@ -18,25 +18,15 @@ void invoke_fmt(const uint8_t* Data, std::size_t Size) { if (Size <= Nfixed + Nfixed) { return; } - Item1 item1{}; - if /*constexpr*/ (std::is_same::value) { - item1 = !!Data[0]; - } else { - std::memcpy(&item1, Data, N1); - } + const Item1 item1=fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; - Item2 item2{}; - if /*constexpr*/ (std::is_same::value) { - item2 = !!Data[0]; - } else { - std::memcpy(&item2, Data, N2); - } + const Item2 item2=fmt_fuzzer::assignFromBuf(Data); Data += Nfixed; Size -= Nfixed; - auto fmtstring = fmt::string_view((const char*)Data, Size); + auto fmtstring = fmt::string_view(fmt_fuzzer::as_chars(Data), Size); #if FMT_FUZZ_FORMAT_TO_STRING std::string message = fmt::format(fmtstring, item1, item2); @@ -116,7 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, std::size_t Size) { try { invoke(first, outer); - } catch (std::exception& e) { + } catch (std::exception& /*e*/) { } return 0; }