1 #include <stdio.h>
2 #include <stddef.h>
3 #include <stdint.h>
4 #include <string.h>
5 #include <assert.h>
6 #include <stdlib.h>
7 #include <inttypes.h>
8 #include "zlib.h"
9
10 static const uint8_t *data;
11 static size_t dataLen;
12
check_compress_level(uint8_t * compr,size_t comprLen,uint8_t * uncompr,size_t uncomprLen,int level)13 static void check_compress_level(uint8_t *compr, size_t comprLen,
14 uint8_t *uncompr, size_t uncomprLen,
15 int level) {
16 compress2(compr, &comprLen, data, dataLen, level);
17 uncompress(uncompr, &uncomprLen, compr, comprLen);
18
19 /* Make sure compress + uncompress gives back the input data. */
20 assert(dataLen == uncomprLen);
21 assert(0 == memcmp(data, uncompr, dataLen));
22 }
23
24 #define put_byte(s, i, c) {s[i] = (unsigned char)(c);}
25
write_zlib_header(uint8_t * s)26 static void write_zlib_header(uint8_t *s) {
27 unsigned level_flags = 0; /* compression level (0..3) */
28 unsigned w_bits = 8; /* window size log2(w_size) (8..16) */
29 unsigned int header = (Z_DEFLATED + ((w_bits-8)<<4)) << 8;
30 header |= (level_flags << 6);
31
32 header += 31 - (header % 31);
33
34 /* s is guaranteed to be longer than 2 bytes. */
35 put_byte(s, 0, (unsigned char)(header >> 8));
36 put_byte(s, 1, (unsigned char)(header & 0xff));
37 }
38
check_decompress(uint8_t * compr,size_t comprLen)39 static void check_decompress(uint8_t *compr, size_t comprLen) {
40 /* We need to write a valid zlib header of size two bytes. Copy the input data
41 in a larger buffer. Do not modify the input data to avoid libFuzzer error:
42 fuzz target overwrites its const input. */
43 size_t copyLen = dataLen + 2;
44 uint8_t *copy = (uint8_t *)malloc(copyLen);
45 memcpy(copy + 2, data, dataLen);
46 write_zlib_header(copy);
47
48 uncompress(compr, &comprLen, copy, copyLen);
49 free(copy);
50 }
51
LLVMFuzzerTestOneInput(const uint8_t * d,size_t size)52 int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
53 /* compressBound does not provide enough space for low compression levels. */
54 size_t comprLen = 100 + 2 * compressBound(size);
55 size_t uncomprLen = size;
56 uint8_t *compr, *uncompr;
57
58 /* Discard inputs larger than 1Mb. */
59 static size_t kMaxSize = 1024 * 1024;
60
61 if (size < 1 || size > kMaxSize)
62 return 0;
63
64 data = d;
65 dataLen = size;
66 compr = (uint8_t *)calloc(1, comprLen);
67 uncompr = (uint8_t *)calloc(1, uncomprLen);
68
69 check_compress_level(compr, comprLen, uncompr, uncomprLen, 1);
70 check_compress_level(compr, comprLen, uncompr, uncomprLen, 3);
71 check_compress_level(compr, comprLen, uncompr, uncomprLen, 6);
72 check_compress_level(compr, comprLen, uncompr, uncomprLen, 7);
73
74 check_decompress(compr, comprLen);
75
76 free(compr);
77 free(uncompr);
78
79 /* This function must return 0. */
80 return 0;
81 }
82