1 /* 2 * Copyright (c) Meta Platforms, Inc. and affiliates. 3 * All rights reserved. 4 * 5 * This source code is licensed under both the BSD-style license (found in the 6 * LICENSE file in the root directory of this source tree) and the GPLv2 (found 7 * in the COPYING file in the root directory of this source tree). 8 * You may select, at your option, one of the above-listed licenses. 9 */ 10 11 /** 12 * This fuzz target attempts to compress the fuzzed data with the simple 13 * compression function with an output buffer that may be too small to 14 * ensure that the compressor never crashes. 15 */ 16 17 #include <stddef.h> 18 #include <stdlib.h> 19 #include <stdio.h> 20 #include "fuzz_helpers.h" 21 #include "zstd.h" 22 #include "zstd_errors.h" 23 #include "zstd_helpers.h" 24 #include "fuzz_data_producer.h" 25 #include "fuzz_third_party_seq_prod.h" 26 27 static ZSTD_CCtx *cctx = NULL; 28 29 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) 30 { 31 FUZZ_SEQ_PROD_SETUP(); 32 33 /* Give a random portion of src data to the producer, to use for 34 parameter generation. The rest will be used for (de)compression */ 35 FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size); 36 size = FUZZ_dataProducer_reserveDataPrefix(producer); 37 38 size_t const maxSize = ZSTD_compressBound(size); 39 size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, maxSize); 40 41 int const cLevel = FUZZ_dataProducer_int32Range(producer, kMinClevel, kMaxClevel); 42 43 if (!cctx) { 44 cctx = ZSTD_createCCtx(); 45 FUZZ_ASSERT(cctx); 46 } 47 48 void *rBuf = FUZZ_malloc(bufSize); 49 size_t const ret = ZSTD_compressCCtx(cctx, rBuf, bufSize, src, size, cLevel); 50 if (ZSTD_isError(ret)) { 51 FUZZ_ASSERT(ZSTD_getErrorCode(ret) == ZSTD_error_dstSize_tooSmall); 52 } 53 free(rBuf); 54 FUZZ_dataProducer_free(producer); 55 #ifndef STATEFUL_FUZZING 56 ZSTD_freeCCtx(cctx); cctx = NULL; 57 #endif 58 FUZZ_SEQ_PROD_TEARDOWN(); 59 return 0; 60 } 61