Rizin
unix-like reverse engineering framework and cli tools
Functions
round_trip_frame_fuzzer.c File Reference
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "fuzz_helpers.h"
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
#include "fuzz_data_producer.h"

Go to the source code of this file.

Functions

int LLVMFuzzerTestOneInput (const uint8_t *data, size_t size)
 

Function Documentation

◆ LLVMFuzzerTestOneInput()

int LLVMFuzzerTestOneInput ( const uint8_t data,
size_t  size 
)

This fuzz target performs a lz4 round-trip test (compress & decompress), compares the result with the original, and calls abort() on corruption.

Definition at line 17 of file round_trip_frame_fuzzer.c.

18 {
19  FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, size);
20  LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
21  size = FUZZ_dataProducer_remainingBytes(producer);
22 
23  size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
24  char* const dst = (char*)malloc(dstCapacity);
25  char* const rt = (char*)malloc(FUZZ_dataProducer_remainingBytes(producer));
26 
27  FUZZ_ASSERT(dst);
28  FUZZ_ASSERT(rt);
29 
30  /* Compression must succeed and round trip correctly. */
31  size_t const dstSize =
32  LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
33  FUZZ_ASSERT(!LZ4F_isError(dstSize));
34  size_t const rtSize = FUZZ_decompressFrame(rt, size, dst, dstSize);
35  FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
36  FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
37 
38  free(dst);
39  free(rt);
40  FUZZ_dataProducer_free(producer);
41 
42  return 0;
43 }
FUZZ_dataProducer_free
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:18
FUZZ_dataProducer_remainingBytes
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:75
FUZZ_dataProducer_preferences
LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t *producer)
Definition: fuzz_data_producer.c:65
FUZZ_dataProducer_create
FUZZ_dataProducer_t * FUZZ_dataProducer_create(const uint8_t *data, size_t size)
Definition: fuzz_data_producer.c:8
FUZZ_ASSERT
#define FUZZ_ASSERT(cond)
Definition: fuzz_helpers.h:46
FUZZ_ASSERT_MSG
#define FUZZ_ASSERT_MSG(cond, msg)
Definition: fuzz_helpers.h:41
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
size
voidpf void uLong size
Definition: ioapi.h:138
malloc
void * malloc(size_t size)
Definition: malloc.c:123
LZ4_compressBound
int LZ4_compressBound(int isize)
Definition: lz4.c:674
dst
char * dst
Definition: lz4.h:724
FUZZ_decompressFrame
size_t FUZZ_decompressFrame(void *dst, const size_t dstCapacity, const void *src, const size_t srcSize)
Definition: lz4_helpers.c:30
LZ4F_compressFrameBound
size_t LZ4F_compressFrameBound(size_t srcSize, const LZ4F_preferences_t *preferencesPtr)
Definition: lz4frame.c:351
LZ4F_isError
unsigned LZ4F_isError(LZ4F_errorCode_t code)
Definition: lz4frame.c:249
LZ4F_compressFrame
size_t LZ4F_compressFrame(void *dstBuffer, size_t dstCapacity, const void *srcBuffer, size_t srcSize, const LZ4F_preferences_t *preferencesPtr)
Definition: lz4frame.c:429
FUZZ_dataProducer_s
Definition: fuzz_data_producer.c:3
LZ4F_preferences_t
Definition: lz4frame.h:192

References dst, free(), FUZZ_ASSERT, FUZZ_ASSERT_MSG, FUZZ_dataProducer_create(), FUZZ_dataProducer_free(), FUZZ_dataProducer_preferences(), FUZZ_dataProducer_remainingBytes(), FUZZ_decompressFrame(), LZ4_compressBound(), LZ4F_compressFrame(), LZ4F_compressFrameBound(), LZ4F_isError(), and malloc().