diff options
Diffstat (limited to 'third_party/immer/test/flex_vector/fuzzed-2.cpp')
-rw-r--r-- | third_party/immer/test/flex_vector/fuzzed-2.cpp | 188 |
1 files changed, 0 insertions, 188 deletions
diff --git a/third_party/immer/test/flex_vector/fuzzed-2.cpp b/third_party/immer/test/flex_vector/fuzzed-2.cpp deleted file mode 100644 index ba17c1a620ec..000000000000 --- a/third_party/immer/test/flex_vector/fuzzed-2.cpp +++ /dev/null @@ -1,188 +0,0 @@ -// -// immer: immutable data structures for C++ -// Copyright (C) 2016, 2017, 2018 Juan Pedro Bolivar Puente -// -// This software is distributed under the Boost Software License, Version 1.0. -// See accompanying file LICENSE or copy at http://boost.org/LICENSE_1_0.txt -// - -#include "extra/fuzzer/fuzzer_input.hpp" -#include <array> -#include <catch.hpp> -#include <immer/flex_vector.hpp> -#include <iostream> - -#define IMMER_FUZZED_TRACE_ENABLE 0 - -#if IMMER_FUZZED_TRACE_ENABLE -#define IMMER_FUZZED_TRACE(...) std::cout << __VA_ARGS__ << std::endl; -#else -#define IMMER_FUZZED_TRACE(...) -#endif - -namespace { - -template <std::size_t VarCount = 2, unsigned Bits = 2> -int run_input(const std::uint8_t* data, std::size_t size) -{ - using vector_t = - immer::flex_vector<int, immer::default_memory_policy, Bits, Bits>; - using size_t = std::uint8_t; - - auto vars = std::array<vector_t, VarCount>{}; - -#if IMMER_FUZZED_TRACE_ENABLE - std::cout << "/// new test run" << std::endl; - for (auto i = 0u; i < VarCount; ++i) - std::cout << "auto var" << i << " = vector_t{};" << std::endl; -#endif - - auto is_valid_var = [&](auto idx) { return idx >= 0 && idx < VarCount; }; - auto is_valid_index = [](auto& v) { - return [&](auto idx) { return idx >= 0 && idx < v.size(); }; - }; - auto is_valid_size = [](auto& v) { - return [&](auto idx) { return idx >= 0 && idx <= v.size(); }; - }; - auto can_concat = [](auto&& v1, auto&& v2) { - using size_type = decltype(v1.size()); - return v2.size() < (std::numeric_limits<size_type>::max() - v1.size()); - }; - auto can_insert = [](auto&& v1) { - using size_type = decltype(v1.size()); - return v1.size() < std::numeric_limits<size_type>::max(); - }; - - return fuzzer_input{data, size}.run([&](auto& in) { - enum ops - { - op_push_back, - op_update, - op_take, - op_drop, - op_concat, - op_push_back_move, - op_update_move, - op_take_move, - op_drop_move, - }; - auto src = read<std::uint8_t>(in, is_valid_var); - auto dst = read<std::uint8_t>(in, is_valid_var); - switch (read<char>(in)) { - case op_push_back: - if (can_insert(vars[src])) { - IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src - << ".push_back(42);"); - vars[dst] = vars[src].push_back(42); - } - break; - case op_update: { - auto idx = read<size_t>(in, is_valid_index(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".update(" - << +idx - << ", [] (auto x) { return x + 1; });"); - vars[dst] = vars[src].update(idx, [](auto x) { return x + 1; }); - break; - } - case op_take: { - auto idx = read<size_t>(in, is_valid_size(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".take(" - << +idx << ");"); - vars[dst] = vars[src].take(idx); - break; - } - case op_drop: { - auto idx = read<size_t>(in, is_valid_size(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << ".take(" - << +idx << ");"); - vars[dst] = vars[src].drop(idx); - break; - } - case op_concat: { - auto src2 = read<std::uint8_t>(in, is_valid_var); - if (can_concat(vars[src], vars[src2])) { - IMMER_FUZZED_TRACE("var" << +dst << " = var" << +src << " + var" - << +src2 << ";"); - vars[dst] = vars[src] + vars[src2]; - } - break; - } - case op_push_back_move: { - if (can_insert(vars[src])) { - IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src - << ").push_back(21);"); - vars[dst] = std::move(vars[src]).push_back(21); - } - break; - } - case op_update_move: { - auto idx = read<size_t>(in, is_valid_index(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src - << ").update(" << +idx - << ", [] (auto x) { return x + 1; });"); - vars[dst] = - std::move(vars[src]).update(idx, [](auto x) { return x + 1; }); - break; - } - case op_take_move: { - auto idx = read<size_t>(in, is_valid_size(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src - << ").take(" << +idx << ");"); - vars[dst] = std::move(vars[src]).take(idx); - break; - } - case op_drop_move: { - auto idx = read<size_t>(in, is_valid_size(vars[src])); - IMMER_FUZZED_TRACE("var" << +dst << " = std::move(var" << +src - << ").drop(" << +idx << ");"); - vars[dst] = std::move(vars[src]).drop(idx); - break; - } - default: - break; - }; - return true; - }); -} - -} // anonymous namespace - -TEST_CASE("bug: use after free on move-take") -{ - SECTION("") - { - using vector_t = - immer::flex_vector<int, immer::default_memory_policy, 2, 2>; - auto var0 = vector_t{}; - auto var1 = vector_t{}; - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0 + var0; - var0 = var0 + var0; - var0 = var0 + var0; - var0 = var0 + var0; - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var0 = var0.push_back(42); - var1 = var0.push_back(42); - var0 = std::move(var0).take(68); - } - -#if __GNUC__ != 9 - SECTION("") - { - constexpr std::uint8_t input[] = { - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, - 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, - 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, - 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, - 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x41, 0xb5, 0x0, 0x0, - }; - CHECK(run_input(input, sizeof(input)) == 0); - } -#endif -} |