src/internal/fuzz/mutators_byteslice.go - go - Git at Google

 // Copyright 2021 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package fuzz

 // byteSliceRemoveBytes removes a random chunk of bytes from b.
 func byteSliceRemoveBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	pos0 := m.rand(len(b))
 	pos1 := pos0 + m.chooseLen(len(b)-pos0)
 	copy(b[pos0:], b[pos1:])
 	b = b[:len(b)-(pos1-pos0)]
 	return b
 }

 // byteSliceInsertRandomBytes inserts a chunk of random bytes into b at a random
 // position.
 func byteSliceInsertRandomBytes(m *mutator, b []byte) []byte {
 	pos := m.rand(len(b) + 1)
 	n := m.chooseLen(1024)
 	if len(b)+n >= cap(b) {
 		return nil
 	}
 	b = b[:len(b)+n]
 	copy(b[pos+n:], b[pos:])
 	for i := 0; i < n; i++ {
 		b[pos+i] = byte(m.rand(256))
 	}
 	return b
 }

 // byteSliceDuplicateBytes duplicates a chunk of bytes in b and inserts it into
 // a random position.
 func byteSliceDuplicateBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	src := m.rand(len(b))
 	dst := m.rand(len(b))
 	for dst == src {
 		dst = m.rand(len(b))
 	}
 	n := m.chooseLen(len(b) - src)
 	// Use the end of the slice as scratch space to avoid doing an
 	// allocation. If the slice is too small abort and try something
 	// else.
 	if len(b)+(n*2) >= cap(b) {
 		return nil
 	}
 	end := len(b)
 	// Increase the size of b to fit the duplicated block as well as
 	// some extra working space
 	b = b[:end+(n*2)]
 	// Copy the block of bytes we want to duplicate to the end of the
 	// slice
 	copy(b[end+n:], b[src:src+n])
 	// Shift the bytes after the splice point n positions to the right
 	// to make room for the new block
 	copy(b[dst+n:end+n], b[dst:end])
 	// Insert the duplicate block into the splice point
 	copy(b[dst:], b[end+n:])
 	b = b[:end+n]
 	return b
 }

 // byteSliceOverwriteBytes overwrites a chunk of b with another chunk of b.
 func byteSliceOverwriteBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	src := m.rand(len(b))
 	dst := m.rand(len(b))
 	for dst == src {
 		dst = m.rand(len(b))
 	}
 	n := m.chooseLen(len(b) - src - 1)
 	copy(b[dst:], b[src:src+n])
 	return b
 }

 // byteSliceBitFlip flips a random bit in a random byte in b.
 func byteSliceBitFlip(m *mutator, b []byte) []byte {
 	if len(b) == 0 {
 		return nil
 	}
 	pos := m.rand(len(b))
 	b[pos] ^= 1 << uint(m.rand(8))
 	return b
 }

 // byteSliceXORByte XORs a random byte in b with a random value.
 func byteSliceXORByte(m *mutator, b []byte) []byte {
 	if len(b) == 0 {
 		return nil
 	}
 	pos := m.rand(len(b))
 	// In order to avoid a no-op (where the random value matches
 	// the existing value), use XOR instead of just setting to
 	// the random value.
 	b[pos] ^= byte(1 + m.rand(255))
 	return b
 }

 // byteSliceSwapByte swaps two random bytes in b.
 func byteSliceSwapByte(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	src := m.rand(len(b))
 	dst := m.rand(len(b))
 	for dst == src {
 		dst = m.rand(len(b))
 	}
 	b[src], b[dst] = b[dst], b[src]
 	return b
 }

 // byteSliceArithmeticUint8 adds/subtracts from a random byte in b.
 func byteSliceArithmeticUint8(m *mutator, b []byte) []byte {
 	if len(b) == 0 {
 		return nil
 	}
 	pos := m.rand(len(b))
 	v := byte(m.rand(35) + 1)
 	if m.r.bool() {
 		b[pos] += v
 	} else {
 		b[pos] -= v
 	}
 	return b
 }

 // byteSliceArithmeticUint16 adds/subtracts from a random uint16 in b.
 func byteSliceArithmeticUint16(m *mutator, b []byte) []byte {
 	if len(b) < 2 {
 		return nil
 	}
 	v := uint16(m.rand(35) + 1)
 	if m.r.bool() {
 		v = 0 - v
 	}
 	pos := m.rand(len(b) - 1)
 	enc := m.randByteOrder()
 	enc.PutUint16(b[pos:], enc.Uint16(b[pos:])+v)
 	return b
 }

 // byteSliceArithmeticUint32 adds/subtracts from a random uint32 in b.
 func byteSliceArithmeticUint32(m *mutator, b []byte) []byte {
 	if len(b) < 4 {
 		return nil
 	}
 	v := uint32(m.rand(35) + 1)
 	if m.r.bool() {
 		v = 0 - v
 	}
 	pos := m.rand(len(b) - 3)
 	enc := m.randByteOrder()
 	enc.PutUint32(b[pos:], enc.Uint32(b[pos:])+v)
 	return b
 }

 // byteSliceArithmeticUint64 adds/subtracts from a random uint64 in b.
 func byteSliceArithmeticUint64(m *mutator, b []byte) []byte {
 	if len(b) < 8 {
 		return nil
 	}
 	v := uint64(m.rand(35) + 1)
 	if m.r.bool() {
 		v = 0 - v
 	}
 	pos := m.rand(len(b) - 7)
 	enc := m.randByteOrder()
 	enc.PutUint64(b[pos:], enc.Uint64(b[pos:])+v)
 	return b
 }

 // byteSliceOverwriteInterestingUint8 overwrites a random byte in b with an interesting
 // value.
 func byteSliceOverwriteInterestingUint8(m *mutator, b []byte) []byte {
 	if len(b) == 0 {
 		return nil
 	}
 	pos := m.rand(len(b))
 	b[pos] = byte(interesting8[m.rand(len(interesting8))])
 	return b
 }

 // byteSliceOverwriteInterestingUint16 overwrites a random uint16 in b with an interesting
 // value.
 func byteSliceOverwriteInterestingUint16(m *mutator, b []byte) []byte {
 	if len(b) < 2 {
 		return nil
 	}
 	pos := m.rand(len(b) - 1)
 	v := uint16(interesting16[m.rand(len(interesting16))])
 	m.randByteOrder().PutUint16(b[pos:], v)
 	return b
 }

 // byteSliceOverwriteInterestingUint32 overwrites a random uint16 in b with an interesting
 // value.
 func byteSliceOverwriteInterestingUint32(m *mutator, b []byte) []byte {
 	if len(b) < 4 {
 		return nil
 	}
 	pos := m.rand(len(b) - 3)
 	v := uint32(interesting32[m.rand(len(interesting32))])
 	m.randByteOrder().PutUint32(b[pos:], v)
 	return b
 }

 // byteSliceInsertConstantBytes inserts a chunk of constant bytes into a random position in b.
 func byteSliceInsertConstantBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	dst := m.rand(len(b))
 	// TODO(rolandshoemaker,katiehockman): 4096 was mainly picked
 	// randomly. We may want to either pick a much larger value
 	// (AFL uses 32768, paired with a similar impl to chooseLen
 	// which biases towards smaller lengths that grow over time),
 	// or set the max based on characteristics of the corpus
 	// (libFuzzer sets a min/max based on the min/max size of
 	// entries in the corpus and then picks uniformly from
 	// that range).
 	n := m.chooseLen(4096)
 	if len(b)+n >= cap(b) {
 		return nil
 	}
 	b = b[:len(b)+n]
 	copy(b[dst+n:], b[dst:])
 	rb := byte(m.rand(256))
 	for i := dst; i < dst+n; i++ {
 		b[i] = rb
 	}
 	return b
 }

 // byteSliceOverwriteConstantBytes overwrites a chunk of b with constant bytes.
 func byteSliceOverwriteConstantBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	dst := m.rand(len(b))
 	n := m.chooseLen(len(b) - dst)
 	rb := byte(m.rand(256))
 	for i := dst; i < dst+n; i++ {
 		b[i] = rb
 	}
 	return b
 }

 // byteSliceShuffleBytes shuffles a chunk of bytes in b.
 func byteSliceShuffleBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	dst := m.rand(len(b))
 	n := m.chooseLen(len(b) - dst)
 	if n <= 2 {
 		return nil
 	}
 	// Start at the end of the range, and iterate backwards
 	// to dst, swapping each element with another element in
 	// dst:dst+n (Fisher-Yates shuffle).
 	for i := n - 1; i > 0; i-- {
 		j := m.rand(i + 1)
 		b[dst+i], b[dst+j] = b[dst+j], b[dst+i]
 	}
 	return b
 }

 // byteSliceSwapBytes swaps two chunks of bytes in b.
 func byteSliceSwapBytes(m *mutator, b []byte) []byte {
 	if len(b) <= 1 {
 		return nil
 	}
 	src := m.rand(len(b))
 	dst := m.rand(len(b))
 	for dst == src {
 		dst = m.rand(len(b))
 	}
 	// Choose the random length as len(b) - max(src, dst)
 	// so that we don't attempt to swap a chunk that extends
 	// beyond the end of the slice
 	max := dst
 	if src > max {
 		max = src
 	}
 	n := m.chooseLen(len(b) - max - 1)
 	// Check that neither chunk intersect, so that we don't end up
 	// duplicating parts of the input, rather than swapping them
 	if src > dst && dst+n >= src || dst > src && src+n >= dst {
 		return nil
 	}
 	// Use the end of the slice as scratch space to avoid doing an
 	// allocation. If the slice is too small abort and try something
 	// else.
 	if len(b)+n >= cap(b) {
 		return nil
 	}
 	end := len(b)
 	b = b[:end+n]
 	copy(b[end:], b[dst:dst+n])
 	copy(b[dst:], b[src:src+n])
 	copy(b[src:], b[end:])
 	b = b[:end]
 	return b
 }
	// Copyright 2021 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package fuzz

	// byteSliceRemoveBytes removes a random chunk of bytes from b.
	func byteSliceRemoveBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	pos0 := m.rand(len(b))
	pos1 := pos0 + m.chooseLen(len(b)-pos0)
	copy(b[pos0:], b[pos1:])
	b = b[:len(b)-(pos1-pos0)]
	return b
	}

	// byteSliceInsertRandomBytes inserts a chunk of random bytes into b at a random
	// position.
	func byteSliceInsertRandomBytes(m *mutator, b []byte) []byte {
	pos := m.rand(len(b) + 1)
	n := m.chooseLen(1024)
	if len(b)+n >= cap(b) {
	return nil
	}
	b = b[:len(b)+n]
	copy(b[pos+n:], b[pos:])
	for i := 0; i < n; i++ {
	b[pos+i] = byte(m.rand(256))
	}
	return b
	}

	// byteSliceDuplicateBytes duplicates a chunk of bytes in b and inserts it into
	// a random position.
	func byteSliceDuplicateBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	src := m.rand(len(b))
	dst := m.rand(len(b))
	for dst == src {
	dst = m.rand(len(b))
	}
	n := m.chooseLen(len(b) - src)
	// Use the end of the slice as scratch space to avoid doing an
	// allocation. If the slice is too small abort and try something
	// else.
	if len(b)+(n*2) >= cap(b) {
	return nil
	}
	end := len(b)
	// Increase the size of b to fit the duplicated block as well as
	// some extra working space
	b = b[:end+(n*2)]
	// Copy the block of bytes we want to duplicate to the end of the
	// slice
	copy(b[end+n:], b[src:src+n])
	// Shift the bytes after the splice point n positions to the right
	// to make room for the new block
	copy(b[dst+n:end+n], b[dst:end])
	// Insert the duplicate block into the splice point
	copy(b[dst:], b[end+n:])
	b = b[:end+n]
	return b
	}

	// byteSliceOverwriteBytes overwrites a chunk of b with another chunk of b.
	func byteSliceOverwriteBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	src := m.rand(len(b))
	dst := m.rand(len(b))
	for dst == src {
	dst = m.rand(len(b))
	}
	n := m.chooseLen(len(b) - src - 1)
	copy(b[dst:], b[src:src+n])
	return b
	}

	// byteSliceBitFlip flips a random bit in a random byte in b.
	func byteSliceBitFlip(m *mutator, b []byte) []byte {
	if len(b) == 0 {
	return nil
	}
	pos := m.rand(len(b))
	b[pos] ^= 1 << uint(m.rand(8))
	return b
	}

	// byteSliceXORByte XORs a random byte in b with a random value.
	func byteSliceXORByte(m *mutator, b []byte) []byte {
	if len(b) == 0 {
	return nil
	}
	pos := m.rand(len(b))
	// In order to avoid a no-op (where the random value matches
	// the existing value), use XOR instead of just setting to
	// the random value.
	b[pos] ^= byte(1 + m.rand(255))
	return b
	}

	// byteSliceSwapByte swaps two random bytes in b.
	func byteSliceSwapByte(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	src := m.rand(len(b))
	dst := m.rand(len(b))
	for dst == src {
	dst = m.rand(len(b))
	}
	b[src], b[dst] = b[dst], b[src]
	return b
	}

	// byteSliceArithmeticUint8 adds/subtracts from a random byte in b.
	func byteSliceArithmeticUint8(m *mutator, b []byte) []byte {
	if len(b) == 0 {
	return nil
	}
	pos := m.rand(len(b))
	v := byte(m.rand(35) + 1)
	if m.r.bool() {
	b[pos] += v
	} else {
	b[pos] -= v
	}
	return b
	}

	// byteSliceArithmeticUint16 adds/subtracts from a random uint16 in b.
	func byteSliceArithmeticUint16(m *mutator, b []byte) []byte {
	if len(b) < 2 {
	return nil
	}
	v := uint16(m.rand(35) + 1)
	if m.r.bool() {
	v = 0 - v
	}
	pos := m.rand(len(b) - 1)
	enc := m.randByteOrder()
	enc.PutUint16(b[pos:], enc.Uint16(b[pos:])+v)
	return b
	}

	// byteSliceArithmeticUint32 adds/subtracts from a random uint32 in b.
	func byteSliceArithmeticUint32(m *mutator, b []byte) []byte {
	if len(b) < 4 {
	return nil
	}
	v := uint32(m.rand(35) + 1)
	if m.r.bool() {
	v = 0 - v
	}
	pos := m.rand(len(b) - 3)
	enc := m.randByteOrder()
	enc.PutUint32(b[pos:], enc.Uint32(b[pos:])+v)
	return b
	}

	// byteSliceArithmeticUint64 adds/subtracts from a random uint64 in b.
	func byteSliceArithmeticUint64(m *mutator, b []byte) []byte {
	if len(b) < 8 {
	return nil
	}
	v := uint64(m.rand(35) + 1)
	if m.r.bool() {
	v = 0 - v
	}
	pos := m.rand(len(b) - 7)
	enc := m.randByteOrder()
	enc.PutUint64(b[pos:], enc.Uint64(b[pos:])+v)
	return b
	}

	// byteSliceOverwriteInterestingUint8 overwrites a random byte in b with an interesting
	// value.
	func byteSliceOverwriteInterestingUint8(m *mutator, b []byte) []byte {
	if len(b) == 0 {
	return nil
	}
	pos := m.rand(len(b))
	b[pos] = byte(interesting8[m.rand(len(interesting8))])
	return b
	}

	// byteSliceOverwriteInterestingUint16 overwrites a random uint16 in b with an interesting
	// value.
	func byteSliceOverwriteInterestingUint16(m *mutator, b []byte) []byte {
	if len(b) < 2 {
	return nil
	}
	pos := m.rand(len(b) - 1)
	v := uint16(interesting16[m.rand(len(interesting16))])
	m.randByteOrder().PutUint16(b[pos:], v)
	return b
	}

	// byteSliceOverwriteInterestingUint32 overwrites a random uint16 in b with an interesting
	// value.
	func byteSliceOverwriteInterestingUint32(m *mutator, b []byte) []byte {
	if len(b) < 4 {
	return nil
	}
	pos := m.rand(len(b) - 3)
	v := uint32(interesting32[m.rand(len(interesting32))])
	m.randByteOrder().PutUint32(b[pos:], v)
	return b
	}

	// byteSliceInsertConstantBytes inserts a chunk of constant bytes into a random position in b.
	func byteSliceInsertConstantBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	dst := m.rand(len(b))
	// TODO(rolandshoemaker,katiehockman): 4096 was mainly picked
	// randomly. We may want to either pick a much larger value
	// (AFL uses 32768, paired with a similar impl to chooseLen
	// which biases towards smaller lengths that grow over time),
	// or set the max based on characteristics of the corpus
	// (libFuzzer sets a min/max based on the min/max size of
	// entries in the corpus and then picks uniformly from
	// that range).
	n := m.chooseLen(4096)
	if len(b)+n >= cap(b) {
	return nil
	}
	b = b[:len(b)+n]
	copy(b[dst+n:], b[dst:])
	rb := byte(m.rand(256))
	for i := dst; i < dst+n; i++ {
	b[i] = rb
	}
	return b
	}

	// byteSliceOverwriteConstantBytes overwrites a chunk of b with constant bytes.
	func byteSliceOverwriteConstantBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	dst := m.rand(len(b))
	n := m.chooseLen(len(b) - dst)
	rb := byte(m.rand(256))
	for i := dst; i < dst+n; i++ {
	b[i] = rb
	}
	return b
	}

	// byteSliceShuffleBytes shuffles a chunk of bytes in b.
	func byteSliceShuffleBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	dst := m.rand(len(b))
	n := m.chooseLen(len(b) - dst)
	if n <= 2 {
	return nil
	}
	// Start at the end of the range, and iterate backwards
	// to dst, swapping each element with another element in
	// dst:dst+n (Fisher-Yates shuffle).
	for i := n - 1; i > 0; i-- {
	j := m.rand(i + 1)
	b[dst+i], b[dst+j] = b[dst+j], b[dst+i]
	}
	return b
	}

	// byteSliceSwapBytes swaps two chunks of bytes in b.
	func byteSliceSwapBytes(m *mutator, b []byte) []byte {
	if len(b) <= 1 {
	return nil
	}
	src := m.rand(len(b))
	dst := m.rand(len(b))
	for dst == src {
	dst = m.rand(len(b))
	}
	// Choose the random length as len(b) - max(src, dst)
	// so that we don't attempt to swap a chunk that extends
	// beyond the end of the slice
	max := dst
	if src > max {
	max = src
	}
	n := m.chooseLen(len(b) - max - 1)
	// Check that neither chunk intersect, so that we don't end up
	// duplicating parts of the input, rather than swapping them
	if src > dst && dst+n >= src \|\| dst > src && src+n >= dst {
	return nil
	}
	// Use the end of the slice as scratch space to avoid doing an
	// allocation. If the slice is too small abort and try something
	// else.
	if len(b)+n >= cap(b) {
	return nil
	}
	end := len(b)
	b = b[:end+n]
	copy(b[end:], b[dst:dst+n])
	copy(b[dst:], b[src:src+n])
	copy(b[src:], b[end:])
	b = b[:end]
	return b
	}