/src/lz4/ossfuzz/compress_hc_fuzzer.c

Source
/**
 * This fuzz target attempts to compress the fuzzed data with the simple
 * compression function with an output buffer that may be too small to
 * ensure that the compressor never crashes.
 */

#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
#include "lz4.h"
#include "lz4hc.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
    size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
    size = FUZZ_dataProducer_remainingBytes(producer);

    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
    int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);

    char* const dst = (char*)malloc(dstCapacity);
    char* const rt = (char*)malloc(size);

    FUZZ_ASSERT(dst);
    FUZZ_ASSERT(rt);

    /* If compression succeeds it must round trip correctly. */
    {
        int const dstSize = LZ4_compress_HC((const char*)data, dst, size,
                                            dstCapacity, level);
        if (dstSize > 0) {
            int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
            FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
            FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
        }
    }

    if (dstCapacity > 0) {
        /* Compression succeeds and must round trip correctly. */
        void* state = malloc(LZ4_sizeofStateHC());
        FUZZ_ASSERT(state);
        int compressedSize = size;
        int const dstSize = LZ4_compress_HC_destSize(state, (const char*)data,
                                                     dst, &compressedSize,
                                                     dstCapacity, level);
        FUZZ_ASSERT(dstSize > 0);
        int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
        FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
        FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
        free(state);
    }

    free(dst);
    free(rt);
    FUZZ_dataProducer_free(producer);

    return 0;
}

Line	Count	Source
1		/**
2		* This fuzz target attempts to compress the fuzzed data with the simple
3		* compression function with an output buffer that may be too small to
4		* ensure that the compressor never crashes.
5		*/
6
7		#include <stddef.h>
8		#include <stdint.h>
9		#include <stdlib.h>
10		#include <string.h>
11
12		#include "fuzz_helpers.h"
13		#include "fuzz_data_producer.h"
14		#include "lz4.h"
15		#include "lz4hc.h"
16
17		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
18	8.29k	{
19	8.29k	FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
20	8.29k	size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
21	8.29k	size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
22	8.29k	size = FUZZ_dataProducer_remainingBytes(producer);
23
24	8.29k	size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
25	8.29k	int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
26
27	8.29k	char* const dst = (char*)malloc(dstCapacity);
28	8.29k	char* const rt = (char*)malloc(size);
29
30	8.29k	FUZZ_ASSERT(dst);
31	8.29k	FUZZ_ASSERT(rt);
32
33		/* If compression succeeds it must round trip correctly. */
34	8.29k	{
35	8.29k	int const dstSize = LZ4_compress_HC((const char*)data, dst, size,
36	8.29k	dstCapacity, level);
37	8.29k	if (dstSize > 0) {
38	3.50k	int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
39	3.50k	FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
40	3.50k	FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
41	3.50k	}
42	8.29k	}
43
44	8.29k	if (dstCapacity > 0) {
45		/* Compression succeeds and must round trip correctly. */
46	8.27k	void* state = malloc(LZ4_sizeofStateHC());
47	8.27k	FUZZ_ASSERT(state);
48	8.27k	int compressedSize = size;
49	8.27k	int const dstSize = LZ4_compress_HC_destSize(state, (const char*)data,
50	8.27k	dst, &compressedSize,
51	8.27k	dstCapacity, level);
52	8.27k	FUZZ_ASSERT(dstSize > 0);
53	8.27k	int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
54	8.27k	FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
55	8.27k	FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
56	8.27k	free(state);
57	8.27k	}
58
59	8.29k	free(dst);
60	8.29k	free(rt);
61	8.29k	FUZZ_dataProducer_free(producer);
62
63	8.29k	return 0;
64	8.29k	}

Coverage Report

Created: 2025-06-20 06:09