Rizin
unix-like reverse engineering framework and cli tools
Functions
compress_frame_fuzzer.c File Reference
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "fuzz_helpers.h"
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
#include "fuzz_data_producer.h"

Go to the source code of this file.

Functions

int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 

Function Documentation

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t data,
size_t  size 
)

This fuzz target attempts to compress the fuzzed data with the simple compression function with an output buffer that may be too small to ensure that the compressor never crashes.

Definition at line 18 of file compress_frame_fuzzer.c.

19 {
20  FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
21  LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
22  size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
23  size = FUZZ_dataProducer_remainingBytes(producer);
24 
25  size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
26  size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
27 
28  char* const dst = (char*)malloc(dstCapacity);
29  char* const rt = (char*)malloc(size);
30 
31  FUZZ_ASSERT(dst!=NULL);
32  FUZZ_ASSERT(rt!=NULL);
33 
34  /* If compression succeeds it must round trip correctly. */
35  size_t const dstSize =
36  LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
37  if (!LZ4F_isError(dstSize)) {
38  size_t const rtSize = FUZZ_decompressFrame(rt, size, dst, dstSize);
39  FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
40  FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
41  }
42 
43  free(dst);
44  free(rt);
45  FUZZ_dataProducer_free(producer);
46 
47  return 0;
48 }
compressBound
uLong ZEXPORT compressBound(uLong sourceLen)
Definition: compress.c:81
NULL
#define NULL
Definition: cris-opc.c:27
FUZZ_dataProducer_free
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:18
FUZZ_getRange_from_uint32
uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
Definition: fuzz_data_producer.c:34
FUZZ_dataProducer_remainingBytes
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:75
FUZZ_dataProducer_preferences
LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:65
FUZZ_dataProducer_create
FUZZ_dataProducer_t * FUZZ_dataProducer_create(const uint8_t *data, size_t size)
Definition: fuzz_data_producer.c:8
FUZZ_dataProducer_retrieve32
uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:20
FUZZ_ASSERT
#define FUZZ_ASSERT(cond)
Definition: fuzz_helpers.h:46
FUZZ_ASSERT_MSG
#define FUZZ_ASSERT_MSG(cond, msg)
Definition: fuzz_helpers.h:41
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
size
voidpf void uLong size
Definition: ioapi.h:138
malloc
void * malloc(size_t size)
Definition: malloc.c:123
dst
char * dst
Definition: lz4.h:724
FUZZ_decompressFrame
size_t FUZZ_decompressFrame(void *dst, const size_t dstCapacity, const void *src, const size_t srcSize)
Definition: lz4_helpers.c:30
LZ4F_compressFrameBound
size_t LZ4F_compressFrameBound(size_t srcSize, const LZ4F_preferences_t *preferencesPtr)
Definition: lz4frame.c:351
LZ4F_isError
unsigned LZ4F_isError(LZ4F_errorCode_t code)
Definition: lz4frame.c:249
LZ4F_compressFrame
size_t LZ4F_compressFrame(void *dstBuffer, size_t dstCapacity, const void *srcBuffer, size_t srcSize, const LZ4F_preferences_t *preferencesPtr)
Definition: lz4frame.c:429
FUZZ_dataProducer_s
Definition: fuzz_data_producer.c:3
LZ4F_preferences_t
Definition: lz4frame.h:192

References compressBound(), dst, free(), FUZZ_ASSERT, FUZZ_ASSERT_MSG, FUZZ_dataProducer_create(), FUZZ_dataProducer_free(), FUZZ_dataProducer_preferences(), FUZZ_dataProducer_remainingBytes(), FUZZ_dataProducer_retrieve32(), FUZZ_decompressFrame(), FUZZ_getRange_from_uint32(), LZ4F_compressFrame(), LZ4F_compressFrameBound(), LZ4F_isError(), malloc(), and NULL.