1 files changed, 53 insertions, 0 deletions

diff --git a/fuzzers/disassembler_dex_fuzzer.cc b/fuzzers/disassembler_dex_fuzzer.cc
new file mode 100644
index 0000000..5968c98
--- /dev/null
+++ b/fuzzers/disassembler_dex_fuzzer.cc
@@ -0,0 +1,53 @@
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "base/logging.h"
+#include "components/zucchini/buffer_view.h"
+#include "components/zucchini/disassembler.h"
+#include "components/zucchini/disassembler_dex.h"
+
+namespace {
+
+struct Environment {
+  Environment() { logging::SetMinLogLevel(logging::LOG_FATAL); }
+};
+
+}  // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  static Environment env;
+  if (!size)
+    return 0;
+  // Prepare data.
+  std::vector<uint8_t> mutable_data(data, data + size);
+  zucchini::MutableBufferView mutable_image(mutable_data.data(),
+                                            mutable_data.size());
+
+  // Create disassembler. Early exit on failure.
+  auto disassembler_dex =
+      zucchini::Disassembler::Make<zucchini::DisassemblerDex>(
+          zucchini::ConstBufferView(mutable_image));
+  if (!disassembler_dex)
+    return 0;
+
+  std::vector<zucchini::Reference> references;
+  // Read all references in the file.
+  auto groups = disassembler_dex->MakeReferenceGroups();
+  for (const auto& group : groups) {
+    auto reader = group.GetReader(disassembler_dex.get());
+    for (auto ref = reader->GetNext(); ref.has_value();
+         ref = reader->GetNext()) {
+      references.push_back(ref.value());
+    }
+    reader.reset();
+    auto writer = group.GetWriter(mutable_image, disassembler_dex.get());
+    for (const auto& ref : references)
+      writer->PutNext(ref);
+    references.clear();
+  }
+  return 0;
+}