1 // Copyright 2019 Google Inc. All rights reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include "port/gtest.h"
16 #include "port/protobuf.h"
17 #include "src/libfuzzer/libfuzzer_macro.h"
18 #include "src/mutator_test_proto2.pb.h"
19
20 using protobuf_mutator::protobuf::util::MessageDifferencer;
21 using ::testing::_;
22 using ::testing::AllOf;
23 using ::testing::DoAll;
24 using ::testing::Ref;
25 using ::testing::SaveArg;
26 using ::testing::SaveArgPointee;
27 using ::testing::StrictMock;
28
29 static class MockFuzzer* mock_fuzzer;
30
31 class MockFuzzer {
32 public:
MockFuzzer()33 MockFuzzer() { mock_fuzzer = this; }
~MockFuzzer()34 ~MockFuzzer() { mock_fuzzer = nullptr; }
35 MOCK_METHOD(void, PostProcess,
36 (protobuf_mutator::Msg * message, unsigned int seed));
37 MOCK_METHOD(void, TestOneInput, (const protobuf_mutator::Msg& message));
38 };
39
40 protobuf_mutator::libfuzzer::PostProcessorRegistration<protobuf_mutator::Msg>
__anonc751052a0102() 41 reg = {[](protobuf_mutator::Msg* message, unsigned int seed) {
42 mock_fuzzer->PostProcess(message, seed);
43 }};
44
DEFINE_TEXT_PROTO_FUZZER(const protobuf_mutator::Msg & message)45 DEFINE_TEXT_PROTO_FUZZER(const protobuf_mutator::Msg& message) {
46 mock_fuzzer->TestOneInput(message);
47 }
48
49 MATCHER_P(IsMessageEq, msg, "") {
50 return MessageDifferencer::Equals(arg, msg.get());
51 }
52 MATCHER(IsInitialized, "") { return arg.IsInitialized(); }
53
TEST(LibFuzzerTest,LLVMFuzzerTestOneInput)54 TEST(LibFuzzerTest, LLVMFuzzerTestOneInput) {
55 unsigned int seed = 0;
56 testing::StrictMock<MockFuzzer> mock;
57 protobuf_mutator::Msg msg;
58 EXPECT_CALL(mock, PostProcess(_, _))
59 .WillOnce(DoAll(SaveArgPointee<0>(&msg), SaveArg<1>(&seed)));
60 EXPECT_CALL(
61 mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
62 LLVMFuzzerTestOneInput((const uint8_t*)"", 0);
63
64 EXPECT_CALL(mock, PostProcess(_, seed)).WillOnce(SaveArgPointee<0>(&msg));
65 EXPECT_CALL(
66 mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
67 LLVMFuzzerTestOneInput((const uint8_t*)"", 0);
68 }
69
TEST(LibFuzzerTest,LLVMFuzzerCustomMutator)70 TEST(LibFuzzerTest, LLVMFuzzerCustomMutator) {
71 testing::StrictMock<MockFuzzer> mock;
72 protobuf_mutator::Msg msg;
73 EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg));
74 EXPECT_CALL(
75 mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
76
77 uint8_t buff[1024] = {};
78 size_t size = LLVMFuzzerCustomMutator(buff, 0, sizeof(buff), 5);
79 ASSERT_GT(size, 0U);
80 LLVMFuzzerTestOneInput(buff, size);
81 }
82
TEST(LibFuzzerTest,LLVMFuzzerCustomCrossOver)83 TEST(LibFuzzerTest, LLVMFuzzerCustomCrossOver) {
84 testing::StrictMock<MockFuzzer> mock;
85 protobuf_mutator::Msg msg;
86 EXPECT_CALL(mock, PostProcess(_, _)).WillOnce(SaveArgPointee<0>(&msg));
87 EXPECT_CALL(
88 mock, TestOneInput(AllOf(IsMessageEq(std::cref(msg)), IsInitialized())));
89
90 uint8_t buff1[1024] = {};
91 uint8_t buff2[1024] = {};
92 uint8_t buff3[1024] = {};
93 size_t size =
94 LLVMFuzzerCustomCrossOver(buff1, 0, buff2, 0, buff3, sizeof(buff3), 6);
95 ASSERT_GT(size, 0U);
96 LLVMFuzzerTestOneInput(buff3, size);
97 }
98