infix/fuzz__helpers_8h_source.html

#pragma once

#include "common/infix_internals.h"

#include <infix/infix.h>

#include <stdbool.h>

#include <stddef.h>

#include <stdint.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>


// Configuration Constants

// These values control the complexity and depth of the generated types to

// prevent excessively long or deep recursion, which could slow down fuzzing.

#define MAX_RECURSION_DEPTH 32

#define MAX_MEMBERS 16

#define MAX_ARRAY_ELEMENTS 128

#define MAX_TYPES_IN_POOL 16

#define MAX_ARGS_IN_SIGNATURE 16

#define MAX_TOTAL_FUZZ_FIELDS 256  // Prevents DoS in the generator itself.


// Fuzzer Input Management


typedef struct {

    const uint8_t * data;

    size_t size;

} fuzzer_input;


static inline const uint8_t * consume_bytes(fuzzer_input * in, size_t n) {

    if (in->size < n)

        return NULL;

    const uint8_t * ptr = in->data;

    in->data += n;

    in->size -= n;

    return ptr;

}


#define DEFINE_CONSUME_T(type)                                         \

    static inline bool consume_##type(fuzzer_input * in, type * out) { \

        const uint8_t * bytes = consume_bytes(in, sizeof(type));       \

        if (!bytes)                                                    \

            return false;                                              \

        memcpy(out, bytes, sizeof(type));                              \

        return true;                                                   \

    }


// Define consumer functions for the primitive types needed by the harnesses.

DEFINE_CONSUME_T(uint8_t)

DEFINE_CONSUME_T(size_t)


infix_type * generate_random_type(infix_arena_t * arena, fuzzer_input * in, int depth, size_t * total_fields);

arena
infix_arena_t * arena
Definition 005_layouts.c:57

DEFINE_CONSUME_T
#define DEFINE_CONSUME_T(type)
A macro to create a type-safe consumer for any given Plain Old Data (POD) type.
Definition fuzz_helpers.h:80

generate_random_type
infix_type * generate_random_type(infix_arena_t *arena, fuzzer_input *in, int depth, size_t *total_fields)
Recursively generates a randomized infix_type from the fuzzer's input data, allocating all objects fr...
Definition fuzz_helpers.c:29

consume_bytes
static const uint8_t * consume_bytes(fuzzer_input *in, size_t n)
Safely consume 'n' bytes from the input buffer.
Definition fuzz_helpers.h:65

infix.h

infix_internals.h
Declarations for internal-only functions, types, and constants.

fuzzer_input
A helper structure to safely consume bytes from the fuzzer's input buffer.
Definition fuzz_helpers.h:51

fuzzer_input::size
size_t size
Definition fuzz_helpers.h:53

fuzzer_input::data
const uint8_t * data
Definition fuzz_helpers.h:52

infix_arena_t
Definition infix_internals.h:130

infix_type_t
The central structure for describing any data type in the FFI system.
Definition infix.h:161