1*3117ece4Schristos /* 2*3117ece4Schristos * Copyright (c) Meta Platforms, Inc. and affiliates. 3*3117ece4Schristos * All rights reserved. 4*3117ece4Schristos * 5*3117ece4Schristos * This source code is licensed under both the BSD-style license (found in the 6*3117ece4Schristos * LICENSE file in the root directory of this source tree) and the GPLv2 (found 7*3117ece4Schristos * in the COPYING file in the root directory of this source tree). 8*3117ece4Schristos * You may select, at your option, one of the above-listed licenses. 9*3117ece4Schristos */ 10*3117ece4Schristos 11*3117ece4Schristos /** 12*3117ece4Schristos * This fuzz target performs a zstd round-trip test (compress & decompress), 13*3117ece4Schristos * compares the result with the original, and calls abort() on corruption. 14*3117ece4Schristos */ 15*3117ece4Schristos 16*3117ece4Schristos #include <stddef.h> 17*3117ece4Schristos #include <stdlib.h> 18*3117ece4Schristos #include <stdio.h> 19*3117ece4Schristos #include <string.h> 20*3117ece4Schristos #include "common/cpu.h" 21*3117ece4Schristos #include "common/huf.h" 22*3117ece4Schristos #include "fuzz_helpers.h" 23*3117ece4Schristos #include "fuzz_data_producer.h" 24*3117ece4Schristos 25*3117ece4Schristos int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) 26*3117ece4Schristos { 27*3117ece4Schristos FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size); 28*3117ece4Schristos /* Select random parameters: #streams, X1 or X2 decoding, bmi2 */ 29*3117ece4Schristos int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1); 30*3117ece4Schristos int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1); 31*3117ece4Schristos int const flags = 0 32*3117ece4Schristos | (ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_bmi2 : 0) 33*3117ece4Schristos | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_optimalDepth : 0) 34*3117ece4Schristos | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_preferRepeat : 0) 35*3117ece4Schristos | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_suspectUncompressible : 0) 36*3117ece4Schristos | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableAsm : 0) 37*3117ece4Schristos | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableFast : 0); 38*3117ece4Schristos /* Select a random cBufSize - it may be too small */ 39*3117ece4Schristos size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500); 40*3117ece4Schristos size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX); 41*3117ece4Schristos HUF_DTable* dt = (HUF_DTable*)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) * sizeof(HUF_DTable)); 42*3117ece4Schristos size_t const wkspSize = HUF_WORKSPACE_SIZE; 43*3117ece4Schristos void* wksp = FUZZ_malloc(wkspSize); 44*3117ece4Schristos void* dBuf = FUZZ_malloc(dBufSize); 45*3117ece4Schristos dt[0] = maxTableLog * 0x01000001; 46*3117ece4Schristos size = FUZZ_dataProducer_remainingBytes(producer); 47*3117ece4Schristos 48*3117ece4Schristos if (symbols == 0) { 49*3117ece4Schristos size_t const err = HUF_readDTableX1_wksp(dt, src, size, wksp, wkspSize, flags); 50*3117ece4Schristos if (ZSTD_isError(err)) 51*3117ece4Schristos goto _out; 52*3117ece4Schristos } else { 53*3117ece4Schristos size_t const err = HUF_readDTableX2_wksp(dt, src, size, wksp, wkspSize, flags); 54*3117ece4Schristos if (ZSTD_isError(err)) 55*3117ece4Schristos goto _out; 56*3117ece4Schristos } 57*3117ece4Schristos if (streams == 0) 58*3117ece4Schristos HUF_decompress1X_usingDTable(dBuf, dBufSize, src, size, dt, flags); 59*3117ece4Schristos else 60*3117ece4Schristos HUF_decompress4X_usingDTable(dBuf, dBufSize, src, size, dt, flags); 61*3117ece4Schristos 62*3117ece4Schristos _out: 63*3117ece4Schristos free(dt); 64*3117ece4Schristos free(wksp); 65*3117ece4Schristos free(dBuf); 66*3117ece4Schristos FUZZ_dataProducer_free(producer); 67*3117ece4Schristos return 0; 68*3117ece4Schristos } 69