Home | History | Annotate | Line # | Download | only in fuzz 
      1  1.1  christos /**
      2  1.1  christos  * Copyright (c) Meta Platforms, Inc. and affiliates.
      3  1.1  christos  * All rights reserved.
      4  1.1  christos  *
      5  1.1  christos  * This source code is licensed under both the BSD-style license (found in the
      6  1.1  christos  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
      7  1.1  christos  * in the COPYING file in the root directory of this source tree).
      8  1.1  christos  * You may select, at your option, one of the above-listed licenses.
      9  1.1  christos  */
     10  1.1  christos 
     11  1.1  christos /**
     12  1.1  christos  * This fuzz target attempts to decompress the fuzzed data with the simple
     13  1.1  christos  * decompression function to ensure the decompressor never crashes.
     14  1.1  christos  */
     15  1.1  christos 
     16  1.1  christos #include "fuzz_data_producer.h"
     17  1.1  christos #define ZSTD_STATIC_LINKING_ONLY
     18  1.1  christos 
     19  1.1  christos #include <stddef.h>
     20  1.1  christos #include <stdlib.h>
     21  1.1  christos #include <stdio.h>
     22  1.1  christos #include "fuzz_helpers.h"
     23  1.1  christos #include "zstd.h"
     24  1.1  christos 
     25  1.1  christos static ZSTD_DCtx *dctx = NULL;
     26  1.1  christos static void* rBuf = NULL;
     27  1.1  christos static size_t bufSize = 0;
     28  1.1  christos 
     29  1.1  christos int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
     30  1.1  christos {
     31  1.1  christos     size_t const neededBufSize = ZSTD_BLOCKSIZE_MAX;
     32  1.1  christos     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
     33  1.1  christos 
     34  1.1  christos     /* Allocate all buffers and contexts if not already allocated */
     35  1.1  christos     if (neededBufSize > bufSize) {
     36  1.1  christos         free(rBuf);
     37  1.1  christos         rBuf = FUZZ_malloc_rand(neededBufSize, producer);
     38  1.1  christos         bufSize = neededBufSize;
     39  1.1  christos     }
     40  1.1  christos     if (!dctx) {
     41  1.1  christos         dctx = ZSTD_createDCtx();
     42  1.1  christos         FUZZ_ASSERT(dctx);
     43  1.1  christos     }
     44  1.1  christos     ZSTD_decompressBegin(dctx);
     45  1.1  christos     ZSTD_decompressBlock(dctx, rBuf, neededBufSize, src, size);
     46  1.1  christos 
     47  1.1  christos     FUZZ_dataProducer_free(producer);
     48  1.1  christos 
     49  1.1  christos #ifndef STATEFUL_FUZZING
     50  1.1  christos     ZSTD_freeDCtx(dctx); dctx = NULL;
     51  1.1  christos #endif
     52  1.1  christos     return 0;
     53  1.1  christos }
     54