1 /*
2 * Copyright (c) 2016-2020, Facebook, Inc.
3 * All rights reserved.
4 *
5 * This source code is licensed under both the BSD-style license (found in the
6 * LICENSE file in the root directory of this source tree) and the GPLv2 (found
7 * in the COPYING file in the root directory of this source tree).
8 * You may select, at your option, one of the above-listed licenses.
9 */
10
11 /**
12 * This fuzz target attempts to comprss the fuzzed data with the simple
13 * compression function with an output buffer that may be too small to
14 * ensure that the compressor never crashes.
15 */
16
17 #include <stddef.h>
18 #include <stdlib.h>
19 #include <stdio.h>
20 #include "fuzz_helpers.h"
21 #include "zstd.h"
22 #include "zstd_errors.h"
23 #include "zstd_helpers.h"
24 #include "fuzz_data_producer.h"
25
26 static ZSTD_CCtx *cctx = NULL;
27
LLVMFuzzerTestOneInput(const uint8_t * src,size_t size)28 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
29 {
30 /* Give a random portion of src data to the producer, to use for
31 parameter generation. The rest will be used for (de)compression */
32 FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
33 size = FUZZ_dataProducer_reserveDataPrefix(producer);
34
35 size_t const maxSize = ZSTD_compressBound(size);
36 size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, maxSize);
37
38 int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel);
39
40 if (!cctx) {
41 cctx = ZSTD_createCCtx();
42 FUZZ_ASSERT(cctx);
43 }
44
45 void *rBuf = FUZZ_malloc(bufSize);
46 size_t const ret = ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, cLevel);
47 if (ZSTD_isError(ret)) {
48 FUZZ_ASSERT(ZSTD_getErrorCode(ret) == ZSTD_error_dstSize_tooSmall);
49 }
50 free(rBuf);
51 FUZZ_dataProducer_free(producer);
52 #ifndef STATEFUL_FUZZING
53 ZSTD_freeCCtx(cctx); cctx = NULL;
54 #endif
55 return 0;
56 }
57