Coverage Report

Created: 2025-10-13 07:11

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/lz4/ossfuzz/compress_fuzzer.c
Line
Count
Source
1
/**
2
 * This fuzz target attempts to compress the fuzzed data with the simple
3
 * compression function with an output buffer that may be too small to
4
 * ensure that the compressor never crashes.
5
 */
6
7
#include <stddef.h>
8
#include <stdint.h>
9
#include <stdlib.h>
10
#include <string.h>
11
12
#include "fuzz_helpers.h"
13
#include "fuzz_data_producer.h"
14
#include "lz4.h"
15
16
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17
1.95k
{
18
1.95k
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
19
1.95k
    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
20
1.95k
    size = FUZZ_dataProducer_remainingBytes(producer);
21
22
1.95k
    size_t const compressBound = LZ4_compressBound(size);
23
1.95k
    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
24
25
1.95k
    char* const dst = (char*)malloc(dstCapacity);
26
1.95k
    char* const rt = (char*)malloc(size);
27
28
1.95k
    FUZZ_ASSERT(dst);
29
1.95k
    FUZZ_ASSERT(rt);
30
31
    /* If compression succeeds it must round trip correctly. */
32
1.95k
    {
33
1.95k
        int const dstSize = LZ4_compress_default((const char*)data, dst,
34
1.95k
                                                 size, dstCapacity);
35
1.95k
        if (dstSize > 0) {
36
1.46k
            int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
37
1.46k
            FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
38
1.46k
            FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
39
1.46k
        }
40
1.95k
    }
41
42
1.95k
    if (dstCapacity > 0) {
43
        /* Compression succeeds and must round trip correctly. */
44
1.94k
        int compressedSize = size;
45
1.94k
        int const dstSize = LZ4_compress_destSize((const char*)data, dst,
46
1.94k
                                                  &compressedSize, dstCapacity);
47
1.94k
        FUZZ_ASSERT(dstSize > 0);
48
1.94k
        int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
49
1.94k
        FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
50
1.94k
        FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
51
1.94k
    }
52
53
1.95k
    free(dst);
54
1.95k
    free(rt);
55
1.95k
    FUZZ_dataProducer_free(producer);
56
57
1.95k
    return 0;
58
1.95k
}