[libc] Lay out framework for fuzzing libc functions.

Summary:
Added fuzzing test for strcpy and some documentation related to fuzzing.
This will be the first step in integrating this with oss-fuzz.

Reviewers: sivachandra, abrachet

Reviewed By: sivachandra, abrachet

Subscribers: gchatelet, abrachet, mgorny, MaskRay, tschuett, libc-commits

Tags: #libc-project

Differential Revision: https://reviews.llvm.org/D74091

1 files changed, 38 insertions, 0 deletions

diff --git a/libc/fuzzing/string/strcpy_fuzz.cpp b/libc/fuzzing/string/strcpy_fuzz.cpp
new file mode 100644
index 0000000..51a85d6
--- /dev/null
+++ b/libc/fuzzing/string/strcpy_fuzz.cpp
@@ -0,0 +1,38 @@
+//===--------------------- strcpy_fuzz.cpp --------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// Fuzzing test for llvm-libc strcpy implementation.
+///
+//===----------------------------------------------------------------------===//
+#include "src/string/strcpy.h"
+#include <stdint.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  // Validate input
+  if (!size) return 0;
+  if (data[size - 1] != '\0') return 0;
+  const char *src = (const char *)data;
+
+  char *dest = new char[size];
+  if (!dest) __builtin_trap();
+
+  __llvm_libc::strcpy(dest, src);
+
+  size_t i;
+  for (i = 0; src[i] != '\0'; i++) {
+    // Ensure correctness of strcpy
+    if (dest[i] != src[i]) __builtin_trap();
+  }
+  // Ensure strcpy null terminates dest
+  if (dest[i] != src[i]) __builtin_trap();
+
+  delete[] dest;
+
+  return 0;
+}
+