2015-01-30 00:58:29 +08:00
|
|
|
//===- FuzzerCrossOver.cpp - Cross over two test inputs -------------------===//
|
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
// Cross over test inputs.
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
2015-05-23 06:35:31 +08:00
|
|
|
#include <cstring>
|
|
|
|
|
2016-09-21 10:05:39 +08:00
|
|
|
#include "FuzzerDefs.h"
|
2016-09-21 09:50:50 +08:00
|
|
|
#include "FuzzerMutate.h"
|
|
|
|
#include "FuzzerRandom.h"
|
2015-01-30 00:58:29 +08:00
|
|
|
|
|
|
|
namespace fuzzer {
|
|
|
|
|
2015-05-23 06:35:31 +08:00
|
|
|
// Cross Data1 and Data2, store the result (up to MaxOutSize bytes) in Out.
|
2015-09-04 05:24:19 +08:00
|
|
|
size_t MutationDispatcher::CrossOver(const uint8_t *Data1, size_t Size1,
|
|
|
|
const uint8_t *Data2, size_t Size2,
|
|
|
|
uint8_t *Out, size_t MaxOutSize) {
|
2015-05-27 03:29:33 +08:00
|
|
|
assert(Size1 || Size2);
|
2015-07-24 09:06:40 +08:00
|
|
|
MaxOutSize = Rand(MaxOutSize) + 1;
|
2015-05-23 06:35:31 +08:00
|
|
|
size_t OutPos = 0;
|
|
|
|
size_t Pos1 = 0;
|
|
|
|
size_t Pos2 = 0;
|
|
|
|
size_t *InPos = &Pos1;
|
|
|
|
size_t InSize = Size1;
|
|
|
|
const uint8_t *Data = Data1;
|
|
|
|
bool CurrentlyUsingFirstData = true;
|
|
|
|
while (OutPos < MaxOutSize && (Pos1 < Size1 || Pos2 < Size2)) {
|
|
|
|
// Merge a part of Data into Out.
|
|
|
|
size_t OutSizeLeft = MaxOutSize - OutPos;
|
|
|
|
if (*InPos < InSize) {
|
|
|
|
size_t InSizeLeft = InSize - *InPos;
|
|
|
|
size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft);
|
2015-07-24 09:06:40 +08:00
|
|
|
size_t ExtraSize = Rand(MaxExtraSize) + 1;
|
2015-05-23 06:35:31 +08:00
|
|
|
memcpy(Out + OutPos, Data + *InPos, ExtraSize);
|
|
|
|
OutPos += ExtraSize;
|
|
|
|
(*InPos) += ExtraSize;
|
2015-01-30 00:58:29 +08:00
|
|
|
}
|
2015-05-23 06:35:31 +08:00
|
|
|
// Use the other input data on the next iteration.
|
|
|
|
InPos = CurrentlyUsingFirstData ? &Pos2 : &Pos1;
|
|
|
|
InSize = CurrentlyUsingFirstData ? Size2 : Size1;
|
|
|
|
Data = CurrentlyUsingFirstData ? Data2 : Data1;
|
|
|
|
CurrentlyUsingFirstData = !CurrentlyUsingFirstData;
|
2015-01-30 00:58:29 +08:00
|
|
|
}
|
2015-05-23 06:35:31 +08:00
|
|
|
return OutPos;
|
2015-01-30 00:58:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace fuzzer
|