• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2 # Copyright 2018 Google Inc.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 #      http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 #
16 ###############################################################################
17 */
18 
19 #include "bzlib.h"
20 #include <stdint.h>
21 #include <stdlib.h>
22 #include <assert.h>
23 #include <string.h>
24 
25 extern int BZ2_bzBuffToBuffCompress(char* dest,
26                            unsigned int* destLen,
27                            char*         source,
28                            unsigned int  sourceLen,
29                            int           blockSize100k,
30                            int           verbosity,
31                            int           workFactor);
32 
33 extern int BZ2_bzBuffToBuffDecompress(char* dest,
34                                       unsigned int* destLen,
35                                       char*         source,
36                                       unsigned int  sourceLen,
37                                       int           small,
38                                       int           verbosity);
39 
40 int
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)41 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
42 {
43     int r, blockSize100k, workFactor, small;
44     unsigned int nZ, nOut;
45 
46     /* Copying @julian-seward1's comment from
47      * https://github.com/google/oss-fuzz/pull/1887#discussion_r226852388
48      *
49      * They just reflect the fact that the worst case output size is 101%
50      * of the input size + 600 bytes (I assume -- this is now nearly 20
51      * years old). Since the buffer is in mallocville, presumably asan
52      * will complain if it gets overrun. I doubt that will happen though.
53      */
54     nZ = size + 600 + (size / 100);
55     char *zbuf = malloc(nZ);
56 
57     blockSize100k = (size % 11) + 1;
58     if (blockSize100k > 9) {
59         blockSize100k = 9;
60     }
61     workFactor = size % 251;
62 
63     // Choose highest compression (blockSize100k=9)
64     r = BZ2_bzBuffToBuffCompress(zbuf, &nZ, (char *)data, size,
65             blockSize100k, /*verbosity=*/0, workFactor);
66     if (r != BZ_OK) {
67 #ifdef __DEBUG__
68         fprintf(stdout, "Compression error: %d\n", r);
69 #endif
70         free(zbuf);
71         return 0;
72     }
73 
74     nOut = size*2;
75     char *outbuf = malloc(nOut);
76     small = size % 2;
77     r = BZ2_bzBuffToBuffDecompress(outbuf, &nOut, zbuf, nZ, small,
78             /*verbosity=*/0);
79     if (r != BZ_OK) {
80 #ifdef __DEBUG__
81         fprintf(stdout, "Decompression error: %d\n", r);
82 #endif
83         free(zbuf);
84         free(outbuf);
85         return 0;
86     }
87 
88     assert(nOut == size);
89     assert(memcmp(data, outbuf, size) == 0);
90     free(zbuf);
91     free(outbuf);
92     return 0;
93 }