/src/lz4/ossfuzz/compress_frame_fuzzer.c

Source
/**
 * This fuzz target attempts to compress the fuzzed data with the simple
 * compression function with an output buffer that may be too small to
 * ensure that the compressor never crashes.
 */

#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>

#include "fuzz_helpers.h"
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
#include "fuzz_data_producer.h"

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
    LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
    size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
    size = FUZZ_dataProducer_remainingBytes(producer);

    size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
    size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);

    char* const dst = (char*)malloc(dstCapacity);
    char* const rt = (char*)malloc(size);

    FUZZ_ASSERT(dst!=NULL);
    FUZZ_ASSERT(rt!=NULL);

    /* If compression succeeds it must round trip correctly. */
    size_t const dstSize =
            LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
    if (!LZ4F_isError(dstSize)) {
        size_t const rtSize = FUZZ_decompressFrame(rt, size, dst, dstSize);
        FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
        FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
    }

    free(dst);
    free(rt);
    FUZZ_dataProducer_free(producer);

    return 0;
}

Line	Count	Source
1		/**
2		* This fuzz target attempts to compress the fuzzed data with the simple
3		* compression function with an output buffer that may be too small to
4		* ensure that the compressor never crashes.
5		*/
6
7		#include <stddef.h>
8		#include <stdint.h>
9		#include <stdlib.h>
10		#include <string.h>
11
12		#include "fuzz_helpers.h"
13		#include "lz4.h"
14		#include "lz4frame.h"
15		#include "lz4_helpers.h"
16		#include "fuzz_data_producer.h"
17
18		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
19	6.74k	{
20	6.74k	FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
21	6.74k	LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
22	6.74k	size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
23	6.74k	size = FUZZ_dataProducer_remainingBytes(producer);
24
25	6.74k	size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
26	6.74k	size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
27
28	6.74k	char* const dst = (char*)malloc(dstCapacity);
29	6.74k	char* const rt = (char*)malloc(size);
30
31	6.74k	FUZZ_ASSERT(dst!=NULL);
32	6.74k	FUZZ_ASSERT(rt!=NULL);
33
34		/* If compression succeeds it must round trip correctly. */
35	6.74k	size_t const dstSize =
36	6.74k	LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
37	6.74k	if (!LZ4F_isError(dstSize)) {
38	6.54k	size_t const rtSize = FUZZ_decompressFrame(rt, size, dst, dstSize);
39	6.54k	FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
40	6.54k	FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
41	6.54k	}
42
43	6.74k	free(dst);
44	6.74k	free(rt);
45	6.74k	FUZZ_dataProducer_free(producer);
46
47	6.74k	return 0;
48	6.74k	}

Coverage Report

Created: 2025-10-28 07:08