| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 |
- /*
- * Copyright (c) 2016-2021, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed under both the BSD-style license (found in the
- * LICENSE file in the root directory of this source tree) and the GPLv2 (found
- * in the COPYING file in the root directory of this source tree).
- * You may select, at your option, one of the above-listed licenses.
- */
- /**
- * This fuzz target performs a zstd round-trip test (compress & decompress) with
- * a raw content dictionary, compares the result with the original, and calls
- * abort() on corruption.
- */
- #include <stddef.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- #include "fuzz_helpers.h"
- #include "zstd_helpers.h"
- #include "fuzz_data_producer.h"
- static ZSTD_CCtx *cctx = NULL;
- static ZSTD_DCtx *dctx = NULL;
- static size_t roundTripTest(void *result, size_t resultCapacity,
- void *compressed, size_t compressedCapacity,
- const void *src, size_t srcSize,
- const void *dict, size_t dictSize,
- FUZZ_dataProducer_t *producer)
- {
- ZSTD_dictContentType_e const dictContentType = ZSTD_dct_rawContent;
- int const refPrefix = FUZZ_dataProducer_uint32Range(producer, 0, 1) != 0;
- size_t cSize;
- FUZZ_setRandomParameters(cctx, srcSize, producer);
- /* Disable checksum so we can use sizes smaller than compress bound. */
- FUZZ_ZASSERT(ZSTD_CCtx_setParameter(cctx, ZSTD_c_checksumFlag, 0));
- if (refPrefix)
- FUZZ_ZASSERT(ZSTD_CCtx_refPrefix_advanced(
- cctx, dict, dictSize,
- ZSTD_dct_rawContent));
- else
- FUZZ_ZASSERT(ZSTD_CCtx_loadDictionary_advanced(
- cctx, dict, dictSize,
- (ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
- ZSTD_dct_rawContent));
- cSize = ZSTD_compress2(cctx, compressed, compressedCapacity, src, srcSize);
- FUZZ_ZASSERT(cSize);
- if (refPrefix)
- FUZZ_ZASSERT(ZSTD_DCtx_refPrefix_advanced(
- dctx, dict, dictSize,
- dictContentType));
- else
- FUZZ_ZASSERT(ZSTD_DCtx_loadDictionary_advanced(
- dctx, dict, dictSize,
- (ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
- dictContentType));
- {
- size_t const ret = ZSTD_decompressDCtx(
- dctx, result, resultCapacity, compressed, cSize);
- return ret;
- }
- }
- int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
- {
- /* Give a random portion of src data to the producer, to use for
- parameter generation. The rest will be used for (de)compression */
- FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
- size = FUZZ_dataProducer_reserveDataPrefix(producer);
- uint8_t const* const srcBuf = src;
- size_t const srcSize = FUZZ_dataProducer_uint32Range(producer, 0, size);
- uint8_t const* const dictBuf = srcBuf + srcSize;
- size_t const dictSize = size - srcSize;
- size_t const decompSize = srcSize;
- void* const decompBuf = FUZZ_malloc(decompSize);
- size_t compSize = ZSTD_compressBound(srcSize);
- void* compBuf;
- /* Half of the time fuzz with a 1 byte smaller output size.
- * This will still succeed because we force the checksum to be disabled,
- * giving us 4 bytes of overhead.
- */
- compSize -= FUZZ_dataProducer_uint32Range(producer, 0, 1);
- compBuf = FUZZ_malloc(compSize);
- if (!cctx) {
- cctx = ZSTD_createCCtx();
- FUZZ_ASSERT(cctx);
- }
- if (!dctx) {
- dctx = ZSTD_createDCtx();
- FUZZ_ASSERT(dctx);
- }
- {
- size_t const result =
- roundTripTest(decompBuf, decompSize, compBuf, compSize, srcBuf, srcSize, dictBuf, dictSize, producer);
- FUZZ_ZASSERT(result);
- FUZZ_ASSERT_MSG(result == srcSize, "Incorrect regenerated size");
- FUZZ_ASSERT_MSG(!FUZZ_memcmp(src, decompBuf, srcSize), "Corruption!");
- }
- free(decompBuf);
- free(compBuf);
- FUZZ_dataProducer_free(producer);
- #ifndef STATEFUL_FUZZING
- ZSTD_freeCCtx(cctx); cctx = NULL;
- ZSTD_freeDCtx(dctx); dctx = NULL;
- #endif
- return 0;
- }
|
