123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- /*
- * Copyright (c) 2016-2021, Facebook, Inc.
- * All rights reserved.
- *
- * This source code is licensed under both the BSD-style license (found in the
- * LICENSE file in the root directory of this source tree) and the GPLv2 (found
- * in the COPYING file in the root directory of this source tree).
- * You may select, at your option, one of the above-listed licenses.
- */
- /**
- * This fuzz target attempts to comprss the fuzzed data with the simple
- * compression function with an output buffer that may be too small to
- * ensure that the compressor never crashes.
- */
- #include <stddef.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include "fuzz_helpers.h"
- #include "zstd.h"
- #include "zstd_errors.h"
- #include "zstd_helpers.h"
- #include "fuzz_data_producer.h"
- static ZSTD_CCtx *cctx = NULL;
- int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
- {
- /* Give a random portion of src data to the producer, to use for
- parameter generation. The rest will be used for (de)compression */
- FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
- size = FUZZ_dataProducer_reserveDataPrefix(producer);
- size_t const maxSize = ZSTD_compressBound(size);
- size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, maxSize);
- int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
- if (!cctx) {
- cctx = ZSTD_createCCtx();
- FUZZ_ASSERT(cctx);
- }
- void *rBuf = FUZZ_malloc(bufSize);
- size_t const ret = ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, cLevel);
- if (ZSTD_isError(ret)) {
- FUZZ_ASSERT(ZSTD_getErrorCode(ret) == ZSTD_error_dstSize_tooSmall);
- }
- free(rBuf);
- FUZZ_dataProducer_free(producer);
- #ifndef STATEFUL_FUZZING
- ZSTD_freeCCtx(cctx); cctx = NULL;
- #endif
- return 0;
- }
|