Home | History | Annotate | Line # | Download | only in fuzz 
      1 /*
      2  * Copyright (c) Meta Platforms, Inc. and affiliates.
      3  * All rights reserved.
      4  *
      5  * This source code is licensed under both the BSD-style license (found in the
      6  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
      7  * in the COPYING file in the root directory of this source tree).
      8  * You may select, at your option, one of the above-listed licenses.
      9  */
     10 
     11 /**
     12  * This fuzz target performs a zstd round-trip test (compress & decompress),
     13  * compares the result with the original, and calls abort() on corruption.
     14  */
     15 
     16 #include <stddef.h>
     17 #include <stdlib.h>
     18 #include <stdio.h>
     19 #include <string.h>
     20 #include "common/cpu.h"
     21 #include "common/huf.h"
     22 #include "fuzz_helpers.h"
     23 #include "fuzz_data_producer.h"
     24 
     25 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
     26 {
     27     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
     28     /* Select random parameters: #streams, X1 or X2 decoding, bmi2 */
     29     int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1);
     30     int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1);
     31     int const flags = 0
     32         | (ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_bmi2 : 0)
     33         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_optimalDepth : 0)
     34         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_preferRepeat : 0)
     35         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_suspectUncompressible : 0)
     36         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableAsm : 0)
     37         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableFast : 0);
     38     /* Select a random cBufSize - it may be too small */
     39     size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500);
     40     size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX);
     41     HUF_DTable* dt = (HUF_DTable*)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) * sizeof(HUF_DTable));
     42     size_t const wkspSize = HUF_WORKSPACE_SIZE;
     43     void* wksp = FUZZ_malloc(wkspSize);
     44     void* dBuf = FUZZ_malloc(dBufSize);
     45     dt[0] = maxTableLog * 0x01000001;
     46     size = FUZZ_dataProducer_remainingBytes(producer);
     47 
     48     if (symbols == 0) {
     49         size_t const err = HUF_readDTableX1_wksp(dt, src, size, wksp, wkspSize, flags);
     50         if (ZSTD_isError(err))
     51             goto _out;
     52     } else {
     53         size_t const err = HUF_readDTableX2_wksp(dt, src, size, wksp, wkspSize, flags);
     54         if (ZSTD_isError(err))
     55             goto _out;
     56     }
     57     if (streams == 0)
     58         HUF_decompress1X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
     59     else
     60         HUF_decompress4X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
     61 
     62 _out:
     63     free(dt);
     64     free(wksp);
     65     free(dBuf);
     66     FUZZ_dataProducer_free(producer);
     67     return 0;
     68 }
     69