1 // Copyright 2021, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #![allow(missing_docs)]
16 #![no_main]
17
18 use libfuzzer_sys::fuzz_target;
19
heap_oob()20 fn heap_oob() {
21 let xs = [0, 1, 2, 3];
22 // SAFETY: This is in fact intentionally unsound, but we hope the fuzzer will catch it.
23 let val = unsafe { *xs.as_ptr().offset(4) };
24 println!("Out-of-bounds heap value: {}", val);
25 }
26
27 fuzz_target!(|data: &[u8]| {
28 let magic_number = 327;
29 if data.len() == magic_number {
30 heap_oob();
31 }
32 });
33