Kezdőlap Felfedezés Súgó
Bejelentkezés
taisei-project
/
zstd
tükrözi: https://github.com/taisei-project/zstd
Figyelés 2
Kedvenc 0
Másolás 0
Fájlok Problémák 0 Wiki
Branch: dev
Branch-ok Tag-ek
zstd
/
tests
/
fuzz
/
decompress_dstSize_tooSmall.c

decompress_dstSize_tooSmall.c 2.2 KB
Állandó hivatkozás Előzmények Nyers

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. /*
    2. 

  2.  * Copyright (c) 2016-2021, Facebook, Inc.
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * This source code is licensed under both the BSD-style license (found in the
    6. 

  6.  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
    7. 

  7.  * in the COPYING file in the root directory of this source tree).
    8. 

  8.  * You may select, at your option, one of the above-listed licenses.
    9. 

  9.  */
    10. 

  10. 

  11. /**
    12. 

  12.  * This fuzz target attempts to decompress a valid compressed frame into
    13. 

  13.  * an output buffer that is too small to ensure we always get
    14. 

  14.  * ZSTD_error_dstSize_tooSmall.
    15. 

  15.  */
    16. 

  16. 

  17. #include <stddef.h>
    18. 

  18. #include <stdlib.h>
    19. 

  19. #include <stdio.h>
    20. 

  20. #include "fuzz_helpers.h"
    21. 

  21. #include "zstd.h"
    22. 

  22. #include "zstd_errors.h"
    23. 

  23. #include "zstd_helpers.h"
    24. 

  24. #include "fuzz_data_producer.h"
    25. 

  25. 

  26. static ZSTD_CCtx *cctx = NULL;
    27. 

  27. static ZSTD_DCtx *dctx = NULL;
    28. 

  28. 

  29. int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
    30. 

  30. {
    31. 

  31.     /* Give a random portion of src data to the producer, to use for
    32. 

  32.     parameter generation. The rest will be used for (de)compression */
    33. 

  33.     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
    34. 

  34.     size_t rBufSize = FUZZ_dataProducer_uint32Range(producer, 0, size);
    35. 

  35.     size = FUZZ_dataProducer_remainingBytes(producer);
    36. 

  36.     /* Ensure the round-trip buffer is too small. */
    37. 

  37.     if (rBufSize >= size) {
    38. 

  38.         rBufSize = size > 0 ? size - 1 : 0;
    39. 

  39.     }
    40. 

  40.     size_t const cBufSize = ZSTD_compressBound(size);
    41. 

  41. 

  42.     if (!cctx) {
    43. 

  43.         cctx = ZSTD_createCCtx();
    44. 

  44.         FUZZ_ASSERT(cctx);
    45. 

  45.     }
    46. 

  46.     if (!dctx) {
    47. 

  47.         dctx = ZSTD_createDCtx();
    48. 

  48.         FUZZ_ASSERT(dctx);
    49. 

  49.     }
    50. 

  50. 

  51.     void *cBuf = FUZZ_malloc(cBufSize);
    52. 

  52.     void *rBuf = FUZZ_malloc(rBufSize);
    53. 

  53.     size_t const cSize = ZSTD_compressCCtx(cctx, cBuf, cBufSize, src, size, 1);
    54. 

  54.     FUZZ_ZASSERT(cSize);
    55. 

  55.     size_t const rSize = ZSTD_decompressDCtx(dctx, rBuf, rBufSize, cBuf, cSize);
    56. 

  56.     if (size == 0) {
    57. 

  57.         FUZZ_ASSERT(rSize == 0);
    58. 

  58.     } else {
    59. 

  59.         FUZZ_ASSERT(ZSTD_isError(rSize));
    60. 

  60.         FUZZ_ASSERT(ZSTD_getErrorCode(rSize) == ZSTD_error_dstSize_tooSmall);
    61. 

  61.     }
    62. 

  62.     free(cBuf);
    63. 

  63.     free(rBuf);
    64. 

  64.     FUZZ_dataProducer_free(producer);
    65. 

  65. #ifndef STATEFUL_FUZZING
    66. 

  66.     ZSTD_freeCCtx(cctx); cctx = NULL;
    67. 

  67.     ZSTD_freeDCtx(dctx); dctx = NULL;
    68. 

  68. #endif
    69. 

  69.     return 0;
    70. 

  70. }
    71. 

  71.