/src/lzma-fuzz/lzmadec_fuzzer.cc
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * |
3 | | * @copyright Copyright (c) 2019 Joachim Bauch <mail@joachim-bauch.de> |
4 | | * |
5 | | * @license GNU GPL version 3 or any later version |
6 | | * |
7 | | * This program is free software: you can redistribute it and/or modify |
8 | | * it under the terms of the GNU General Public License as published by |
9 | | * the Free Software Foundation, either version 3 of the License, or |
10 | | * (at your option) any later version. |
11 | | * |
12 | | * This program is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU General Public License |
18 | | * along with this program. If not, see <https://www.gnu.org/licenses/>. |
19 | | * |
20 | | */ |
21 | | |
22 | | #include <stdint.h> |
23 | | #include <stdlib.h> |
24 | | #include <string.h> |
25 | | |
26 | | #include "LzmaDec.h" |
27 | | |
28 | | #include "common-alloc.h" |
29 | | |
30 | | static const size_t kBufferSize = 8192; |
31 | | |
32 | | static const size_t kMaxDictionarySize = 32 * 1024 * 1024; |
33 | | |
34 | | // Limit maximum size to avoid running into timeouts with too large data. |
35 | | static const size_t kMaxInputSize = 100 * 1024; |
36 | | |
37 | 5.09k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
38 | 5.09k | if (size < LZMA_PROPS_SIZE || size > kMaxInputSize) { |
39 | 14 | return 0; |
40 | 14 | } |
41 | | |
42 | 5.07k | CLzmaProps props; |
43 | 5.07k | if (LzmaProps_Decode(&props, data, LZMA_PROPS_SIZE) != SZ_OK) { |
44 | 2 | return 0; |
45 | 2 | } |
46 | | |
47 | | // Avoid using too much memory. |
48 | 5.07k | if (props.dicSize > kMaxDictionarySize) { |
49 | 30 | return 0; |
50 | 30 | } |
51 | | |
52 | 5.04k | CLzmaDec dec; |
53 | 5.04k | LzmaDec_Construct(&dec); |
54 | 5.04k | if (LzmaDec_Allocate(&dec, data, LZMA_PROPS_SIZE, &CommonAlloc) != SZ_OK) { |
55 | 0 | return 0; |
56 | 0 | } |
57 | | |
58 | 5.04k | data += LZMA_PROPS_SIZE; |
59 | 5.04k | size -= LZMA_PROPS_SIZE; |
60 | | |
61 | 5.04k | LzmaDec_Init(&dec); |
62 | 198k | while (size > 0) { |
63 | 198k | Byte buf[kBufferSize]; |
64 | 198k | SRes res; |
65 | 198k | SizeT srcLen = size; |
66 | 198k | SizeT destLen = kBufferSize; |
67 | 198k | ELzmaStatus status; |
68 | 198k | res = LzmaDec_DecodeToBuf(&dec, buf, &destLen, data, &srcLen, |
69 | 198k | LZMA_FINISH_ANY, &status); |
70 | 198k | if (res != SZ_OK || status == LZMA_STATUS_FINISHED_WITH_MARK || |
71 | 198k | status == LZMA_STATUS_NEEDS_MORE_INPUT) { |
72 | 4.85k | goto exit; |
73 | 4.85k | } |
74 | | |
75 | 193k | size -= srcLen; |
76 | 193k | data += srcLen; |
77 | 193k | } |
78 | | |
79 | 5.04k | exit: |
80 | 5.04k | LzmaDec_Free(&dec, &CommonAlloc); |
81 | 5.04k | return 0; |
82 | 5.04k | } |