/src/bzip2_decompress_target.c

Source
/*
# Copyright 2018 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
###############################################################################
*/

#include "bzlib.h"
#include <stdint.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>
#include <limits.h>

extern int BZ2_bzBuffToBuffDecompress(char* dest,
                                      unsigned int* destLen,
                                      char*         source,
                                      unsigned int  sourceLen,
                                      int           small,
                                      int           verbosity);

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    int r, small;
    unsigned int nOut;

    // Reject inputs that would cause integer overflow in size*2
    // since nOut is unsigned int and the API uses unsigned int for sizes
    if (size > UINT_MAX / 2) {
        return 0;
    }

    // See: https://github.com/google/bzip2-rpc/blob/master/unzcrash.c#L39
    nOut = (unsigned int)(size * 2);
    char *outbuf = malloc(nOut);
    if (!outbuf) {
        return 0;
    }
    small = size % 2;
    r = BZ2_bzBuffToBuffDecompress(outbuf, &nOut, (char *)data, (unsigned int)size,
            small, /*verbosity=*/0);

    if (r != BZ_OK) {
#ifdef __DEBUG__
        fprintf(stdout, "Decompression error: %d\n", r);
#endif
    }
    free(outbuf);
    return 0;
}

Line	Count	Source
1		/*
2		# Copyright 2018 Google Inc.
3		#
4		# Licensed under the Apache License, Version 2.0 (the "License");
5		# you may not use this file except in compliance with the License.
6		# You may obtain a copy of the License at
7		#
8		# http://www.apache.org/licenses/LICENSE-2.0
9		#
10		# Unless required by applicable law or agreed to in writing, software
11		# distributed under the License is distributed on an "AS IS" BASIS,
12		# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		# See the License for the specific language governing permissions and
14		# limitations under the License.
15		#
16		###############################################################################
17		*/
18
19		#include "bzlib.h"
20		#include <stdint.h>
21		#include <stdlib.h>
22		#include <assert.h>
23		#include <string.h>
24		#include <limits.h>
25
26		extern int BZ2_bzBuffToBuffDecompress(char* dest,
27		unsigned int* destLen,
28		char* source,
29		unsigned int sourceLen,
30		int small,
31		int verbosity);
32
33		int
34		LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
35	2.76k	{
36	2.76k	int r, small;
37	2.76k	unsigned int nOut;
38
39		// Reject inputs that would cause integer overflow in size*2
40		// since nOut is unsigned int and the API uses unsigned int for sizes
41	2.76k	if (size > UINT_MAX / 2) {
42	0	return 0;
43	0	}
44
45		// See: https://github.com/google/bzip2-rpc/blob/master/unzcrash.c#L39
46	2.76k	nOut = (unsigned int)(size * 2);
47	2.76k	char *outbuf = malloc(nOut);
48	2.76k	if (!outbuf) {
49	0	return 0;
50	0	}
51	2.76k	small = size % 2;
52	2.76k	r = BZ2_bzBuffToBuffDecompress(outbuf, &nOut, (char *)data, (unsigned int)size,
53	2.76k	small, /verbosity=/0);
54
55	2.76k	if (r != BZ_OK) {
56		#ifdef __DEBUG__
57		fprintf(stdout, "Decompression error: %d\n", r);
58		#endif
59	2.75k	}
60	2.76k	free(outbuf);
61	2.76k	return 0;
62	2.76k	}

Coverage Report

Created: 2026-04-12 06:41