summaryrefslogtreecommitdiff
path: root/libc/fuzzing/stdlib/qsort_fuzz.cpp
blob: dbbc8e96f924336dd7ef39c03ad3deb33d1e9d90 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//===-- qsort_fuzz.cpp ----------------------------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// Fuzzing test for llvm-libc qsort implementation.
///
//===----------------------------------------------------------------------===//

#include "src/stdlib/qsort.h"
#include <stdint.h>

static int int_compare(const void *l, const void *r) {
  int li = *reinterpret_cast<const int *>(l);
  int ri = *reinterpret_cast<const int *>(r);
  if (li == ri)
    return 0;
  else if (li > ri)
    return 1;
  else
    return -1;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  const size_t array_size = size / sizeof(int);
  if (array_size == 0)
    return 0;

  int *array = new int[array_size];
  const int *data_as_int = reinterpret_cast<const int *>(data);
  for (size_t i = 0; i < array_size; ++i)
    array[i] = data_as_int[i];

  __llvm_libc::qsort(array, array_size, sizeof(int), int_compare);

  for (size_t i = 0; i < array_size - 1; ++i) {
    if (array[i] > array[i + 1])
      __builtin_trap();
  }

  delete[] array;
  return 0;
}