/src/miniz/tests/large_fuzzer.c

Source (jump to first uncovered line)
/* Derived from zlib fuzzers at http://github.com/google/oss-fuzz/tree/master/projects/zlib,
 * see ossfuzz.sh for full license text.
*/

#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <inttypes.h>

#include "miniz.h"

#define CHECK_ERR(err, msg) { \
    if (err != Z_OK) { \
        fprintf(stderr, "%s error: %d\n", msg, err); \
        exit(1); \
    } \
}

static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
static unsigned int diff;

/* Test deflate() with large buffers and dynamic change of compression level */
void test_large_deflate(unsigned char *compr, size_t comprLen,
                        unsigned char *uncompr, size_t uncomprLen)
{
    z_stream c_stream; /* compression stream */
    int err;

    c_stream.zalloc = zalloc;
    c_stream.zfree = zfree;
    c_stream.opaque = NULL;

    err = deflateInit(&c_stream, Z_BEST_COMPRESSION);
    CHECK_ERR(err, "deflateInit");

    c_stream.next_out = compr;
    c_stream.avail_out = (unsigned int)comprLen;

    /* At this point, uncompr is still mostly zeroes, so it should compress
    * very well:
    */
    c_stream.next_in = uncompr;
    c_stream.avail_in = (unsigned int)uncomprLen;
    err = deflate(&c_stream, Z_NO_FLUSH);
    CHECK_ERR(err, "deflate large 1");

    if (c_stream.avail_in != 0)
    {
        fprintf(stderr, "deflate not greedy\n");
        exit(1);
    }

    /* Feed in already compressed data: */
    c_stream.next_in = compr;
    diff = (unsigned int)(c_stream.next_out - compr);
    c_stream.avail_in = diff;

    deflate(&c_stream, Z_NO_FLUSH);
    err = deflate(&c_stream, Z_FINISH);

    if (err != Z_STREAM_END)
    {
        fprintf(stderr, "deflate large should report Z_STREAM_END\n");
        exit(1);
    }
    err = deflateEnd(&c_stream);
    CHECK_ERR(err, "deflateEnd");
}

/* Test inflate() with large buffers */
void test_large_inflate(unsigned char *compr, size_t comprLen,
                        unsigned char *uncompr, size_t uncomprLen)
{
    int err;
    z_stream d_stream; /* decompression stream */

    d_stream.zalloc = zalloc;
    d_stream.zfree = zfree;
    d_stream.opaque = NULL;

    d_stream.next_in = compr;
    d_stream.avail_in = (unsigned int)comprLen;

    err = inflateInit(&d_stream);
    CHECK_ERR(err, "inflateInit");

    for (;;)
    {
        d_stream.next_out = uncompr; /* discard the output */
        d_stream.avail_out = (unsigned int)uncomprLen;
        err = inflate(&d_stream, Z_NO_FLUSH);
        if (err == Z_STREAM_END) break;

        CHECK_ERR(err, "large inflate");
    }

    err = inflateEnd(&d_stream);
    CHECK_ERR(err, "inflateEnd");
}

int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size)
{
    size_t comprLen = 100 + 3 * size;
    size_t uncomprLen = comprLen;
    uint8_t *compr, *uncompr;

    /* Discard inputs larger than 512Kb. */
    static size_t kMaxSize = 512 * 1024;

    if (size < 1 || size > kMaxSize)
    return 0;

    data = d;
    dataLen = size;
    compr = calloc(1, comprLen);
    uncompr = calloc(1, uncomprLen);

    test_large_deflate(compr, comprLen, uncompr, uncomprLen);
    test_large_inflate(compr, comprLen, uncompr, uncomprLen);

    free(compr);
    free(uncompr);

    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Derived from zlib fuzzers at http://github.com/google/oss-fuzz/tree/master/projects/zlib,
2		* see ossfuzz.sh for full license text.
3		*/
4
5		#include <stdio.h>
6		#include <stddef.h>
7		#include <stdint.h>
8		#include <string.h>
9		#include <stdlib.h>
10		#include <inttypes.h>
11
12		#include "miniz.h"
13
14	2.73k	#define CHECK_ERR(err, msg) { \
15	2.73k	if (err != Z_OK) { \
16	0	fprintf(stderr, "%s error: %d\n", msg, err); \
17	0	exit(1); \
18	0	} \
19	2.73k	}
20
21		static const uint8_t *data;
22		static size_t dataLen;
23		static alloc_func zalloc = NULL;
24		static free_func zfree = NULL;
25		static unsigned int diff;
26
27		/* Test deflate() with large buffers and dynamic change of compression level */
28		void test_large_deflate(unsigned char *compr, size_t comprLen,
29		unsigned char *uncompr, size_t uncomprLen)
30	547	{
31	547	z_stream c_stream; /* compression stream */
32	547	int err;
33
34	547	c_stream.zalloc = zalloc;
35	547	c_stream.zfree = zfree;
36	547	c_stream.opaque = NULL;
37
38	547	err = deflateInit(&c_stream, Z_BEST_COMPRESSION);
39	547	CHECK_ERR(err, "deflateInit");
40
41	547	c_stream.next_out = compr;
42	547	c_stream.avail_out = (unsigned int)comprLen;
43
44		/* At this point, uncompr is still mostly zeroes, so it should compress
45		* very well:
46		*/
47	547	c_stream.next_in = uncompr;
48	547	c_stream.avail_in = (unsigned int)uncomprLen;
49	547	err = deflate(&c_stream, Z_NO_FLUSH);
50	547	CHECK_ERR(err, "deflate large 1");
51
52	547	if (c_stream.avail_in != 0)
53	0	{
54	0	fprintf(stderr, "deflate not greedy\n");
55	0	exit(1);
56	0	}
57
58		/* Feed in already compressed data: */
59	547	c_stream.next_in = compr;
60	547	diff = (unsigned int)(c_stream.next_out - compr);
61	547	c_stream.avail_in = diff;
62
63	547	deflate(&c_stream, Z_NO_FLUSH);
64	547	err = deflate(&c_stream, Z_FINISH);
65
66	547	if (err != Z_STREAM_END)
67	0	{
68	0	fprintf(stderr, "deflate large should report Z_STREAM_END\n");
69	0	exit(1);
70	0	}
71	547	err = deflateEnd(&c_stream);
72	547	CHECK_ERR(err, "deflateEnd");
73	547	}
74
75		/* Test inflate() with large buffers */
76		void test_large_inflate(unsigned char *compr, size_t comprLen,
77		unsigned char *uncompr, size_t uncomprLen)
78	547	{
79	547	int err;
80	547	z_stream d_stream; /* decompression stream */
81
82	547	d_stream.zalloc = zalloc;
83	547	d_stream.zfree = zfree;
84	547	d_stream.opaque = NULL;
85
86	547	d_stream.next_in = compr;
87	547	d_stream.avail_in = (unsigned int)comprLen;
88
89	547	err = inflateInit(&d_stream);
90	547	CHECK_ERR(err, "inflateInit");
91
92	547	for (;;)
93	547	{
94	547	d_stream.next_out = uncompr; /* discard the output */
95	547	d_stream.avail_out = (unsigned int)uncomprLen;
96	547	err = inflate(&d_stream, Z_NO_FLUSH);
97	547	if (err == Z_STREAM_END) break;
98
99	0	CHECK_ERR(err, "large inflate");
100	0	}
101
102	547	err = inflateEnd(&d_stream);
103	547	CHECK_ERR(err, "inflateEnd");
104	547	}
105
106		int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size)
107	551	{
108	551	size_t comprLen = 100 + 3 * size;
109	551	size_t uncomprLen = comprLen;
110	551	uint8_t compr, uncompr;
111
112		/* Discard inputs larger than 512Kb. */
113	551	static size_t kMaxSize = 512 * 1024;
114
115	551	if (size < 1 \|\| size > kMaxSize)
116	4	return 0;
117
118	547	data = d;
119	547	dataLen = size;
120	547	compr = calloc(1, comprLen);
121	547	uncompr = calloc(1, uncomprLen);
122
123	547	test_large_deflate(compr, comprLen, uncompr, uncomprLen);
124	547	test_large_inflate(compr, comprLen, uncompr, uncomprLen);
125
126	547	free(compr);
127	547	free(uncompr);
128
129	547	return 0;
130	551	}

Coverage Report

Created: 2023-03-26 06:40