• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under both the BSD-style license (found in the
6  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
7  * in the COPYING file in the root directory of this source tree).
8  * You may select, at your option, one of the above-listed licenses.
9  */
10 
11 /**
12  * This fuzz target performs a zstd round-trip test (compress & decompress),
13  * compares the result with the original, and calls abort() on corruption.
14  */
15 
16 #define HUF_STATIC_LINKING_ONLY
17 
18 #include <stddef.h>
19 #include <stdlib.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include "common/cpu.h"
23 #include "common/huf.h"
24 #include "fuzz_helpers.h"
25 #include "fuzz_data_producer.h"
26 
LLVMFuzzerTestOneInput(const uint8_t * src,size_t size)27 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
28 {
29     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
30     /* Select random parameters: #streams, X1 or X2 decoding, bmi2 */
31     int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1);
32     int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1);
33     int const bmi2 = ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1);
34     /* Select a random cBufSize - it may be too small */
35     size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500);
36     size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX);
37     HUF_DTable* dt = (HUF_DTable*)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) * sizeof(HUF_DTable));
38     size_t const wkspSize = HUF_WORKSPACE_SIZE;
39     void* wksp = FUZZ_malloc(wkspSize);
40     void* dBuf = FUZZ_malloc(dBufSize);
41     dt[0] = maxTableLog * 0x01000001;
42     size = FUZZ_dataProducer_remainingBytes(producer);
43 
44     if (symbols == 0) {
45         size_t const err = HUF_readDTableX1_wksp_bmi2(dt, src, size, wksp, wkspSize, bmi2);
46         if (ZSTD_isError(err))
47             goto _out;
48     } else {
49         size_t const err = HUF_readDTableX2_wksp_bmi2(dt, src, size, wksp, wkspSize, bmi2);
50         if (ZSTD_isError(err))
51             goto _out;
52     }
53     if (streams == 0)
54         HUF_decompress1X_usingDTable_bmi2(dBuf, dBufSize, src, size, dt, bmi2);
55     else
56         HUF_decompress4X_usingDTable_bmi2(dBuf, dBufSize, src, size, dt, bmi2);
57 
58 _out:
59     free(dt);
60     free(wksp);
61     free(dBuf);
62     FUZZ_dataProducer_free(producer);
63     return 0;
64 }
65