/* * Copyright (c) Meta Platforms, Inc. and affiliates. * All rights reserved. * * This source code is licensed under both the BSD-style license (found in the * LICENSE file in the root directory of this source tree) and the GPLv2 (found * in the COPYING file in the root directory of this source tree). * You may select, at your option, one of the above-listed licenses. */ /** * This fuzz target attempts to compress the fuzzed data with the simple * compression function with an output buffer that may be too small to * ensure that the compressor never crashes. */ #include #include #include #include "fuzz_helpers.h" #include "zstd.h" #include "zstd_errors.h" #include "zstd_helpers.h" #include "fuzz_data_producer.h" #include "fuzz_third_party_seq_prod.h" static ZSTD_CCtx *cctx = NULL; int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) { FUZZ_SEQ_PROD_SETUP(); /* Give a random portion of src data to the producer, to use for parameter generation. The rest will be used for (de)compression */ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size); size = FUZZ_dataProducer_reserveDataPrefix(producer); size_t const maxSize = ZSTD_compressBound(size); size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, maxSize); int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel); if (!cctx) { cctx = ZSTD_createCCtx(); FUZZ_ASSERT(cctx); } void *rBuf = FUZZ_malloc(bufSize); size_t const ret = ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, cLevel); if (ZSTD_isError(ret)) { FUZZ_ASSERT(ZSTD_getErrorCode(ret) == ZSTD_error_dstSize_tooSmall); } free(rBuf); FUZZ_dataProducer_free(producer); #ifndef STATEFUL_FUZZING ZSTD_freeCCtx(cctx); cctx = NULL; #endif FUZZ_SEQ_PROD_TEARDOWN(); return 0; }