1 /** 2 * This fuzz target attempts to compress the fuzzed data with the simple 3 * compression function with an output buffer that may be too small to 4 * ensure that the compressor never crashes. 5 */ 6 7 #include <stddef.h> 8 #include <stdint.h> 9 #include <stdlib.h> 10 #include <string.h> 11 12 #include "fuzz_helpers.h" 13 #include "fuzz_data_producer.h" 14 #include "lz4.h" 15 LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)16 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 17 { 18 FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); 19 size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer); 20 size = FUZZ_dataProducer_remainingBytes(producer); 21 22 size_t const compressBound = LZ4_compressBound(size); 23 size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound); 24 25 char* const dst = (char*)malloc(dstCapacity); 26 char* const rt = (char*)malloc(size); 27 28 FUZZ_ASSERT(dst); 29 FUZZ_ASSERT(rt); 30 31 /* If compression succeeds it must round trip correctly. */ 32 { 33 int const dstSize = LZ4_compress_default((const char*)data, dst, 34 size, dstCapacity); 35 if (dstSize > 0) { 36 int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size); 37 FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size"); 38 FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!"); 39 } 40 } 41 42 if (dstCapacity > 0) { 43 /* Compression succeeds and must round trip correctly. */ 44 int compressedSize = size; 45 int const dstSize = LZ4_compress_destSize((const char*)data, dst, 46 &compressedSize, dstCapacity); 47 FUZZ_ASSERT(dstSize > 0); 48 int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size); 49 FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size"); 50 FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!"); 51 } 52 53 free(dst); 54 free(rt); 55 FUZZ_dataProducer_free(producer); 56 57 return 0; 58 } 59