compress_fuzzer.c File Reference

#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
#include "lz4.h"

Go to the source code of this file.

Functions
int	LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)

Function Documentation

LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput	(	const uint8_t *	data,
		size_t	size
	)

This fuzz target attempts to compress the fuzzed data with the simple compression function with an output buffer that may be too small to ensure that the compressor never crashes.

Definition at line 16 of file compress_fuzzer.c.

{
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
    size = FUZZ_dataProducer_remainingBytes(producer);
 
    size_t const compressBound = LZ4_compressBound(size);
    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
 
    char* const dst = (char*)malloc(dstCapacity);
    char* const rt = (char*)malloc(size);
 
    FUZZ_ASSERT(dst);
    FUZZ_ASSERT(rt);
 
    /* If compression succeeds it must round trip correctly. */
    {
        int const dstSize = LZ4_compress_default((const char*)data, dst,
                                                 size, dstCapacity);
        if (dstSize > 0) {
            int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
            FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
            FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
        }
    }
 
    if (dstCapacity > 0) {
        /* Compression succeeds and must round trip correctly. */
        int compressedSize = size;
        int const dstSize = LZ4_compress_destSize((const char*)data, dst,
                                                  &compressedSize, dstCapacity);
        FUZZ_ASSERT(dstSize > 0);
        int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
        FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
        FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
    }
 
    free(dst);
    free(rt);
    FUZZ_dataProducer_free(producer);
 
    return 0;
}

References compressBound(), compressedSize, dst, free(), FUZZ_ASSERT, FUZZ_ASSERT_MSG, FUZZ_dataProducer_create(), FUZZ_dataProducer_free(), FUZZ_dataProducer_remainingBytes(), FUZZ_dataProducer_retrieve32(), FUZZ_getRange_from_uint32(), LZ4_compress_default(), LZ4_compress_destSize(), LZ4_compressBound(), LZ4_decompress_safe(), and malloc().