1// This file is distributed under the University of Illinois Open Source 2// License. See LICENSE.TXT for details. 3 4// This test computes a checksum of the data (all but the last 4 bytes), 5// and then compares the last 4 bytes with the computed value. 6// A fuzzer with cmp traces is expected to defeat this check. 7#include <cstdint> 8#include <cstdlib> 9#include <cstring> 10#include <cstdio> 11 12// A modified jenkins_one_at_a_time_hash initialized by non-zero, 13// so that simple_hash(0) != 0. See also 14// https://en.wikipedia.org/wiki/Jenkins_hash_function 15static uint32_t simple_hash(const uint8_t *Data, size_t Size) { 16 uint32_t Hash = 0x12039854; 17 for (uint32_t i = 0; i < Size; i++) { 18 Hash += Data[i]; 19 Hash += (Hash << 10); 20 Hash ^= (Hash >> 6); 21 } 22 Hash += (Hash << 3); 23 Hash ^= (Hash >> 11); 24 Hash += (Hash << 15); 25 return Hash; 26} 27 28extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { 29 if (Size < 14) 30 return 0; 31 32 uint32_t Hash = simple_hash(&Data[0], Size - 4); 33 uint32_t Want = reinterpret_cast<const uint32_t *>(&Data[Size - 4])[0]; 34 if (Hash != Want) 35 return 0; 36 fprintf(stderr, "BINGO; simple_hash defeated: %x == %x\n", (unsigned int)Hash, 37 (unsigned int)Want); 38 exit(1); 39 return 0; 40} 41