/src/miniz/tests/flush_fuzzer.c

Source (jump to first uncovered line)
/* Derived from zlib fuzzers at http://github.com/google/oss-fuzz/tree/master/projects/zlib,
 * see ossfuzz.sh for full license text.
 */

#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <stdlib.h>
#include <inttypes.h>

#include "miniz.h"

#define CHECK_ERR(err, msg)                              \
    {                                                    \
        if (err != Z_OK)                                 \
        {                                                \
            fprintf(stderr, "%s error: %d\n", msg, err); \
            exit(1);                                     \
        }                                                \
    }

static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;

void test_flush(unsigned char *compr, size_t *comprLen)
{
    z_stream c_stream; /* compression stream */
    int err;
    unsigned int len = dataLen;

    c_stream.zalloc = zalloc;
    c_stream.zfree = zfree;
    c_stream.opaque = NULL;

    err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
    CHECK_ERR(err, "deflateInit");

    c_stream.next_in = (Bytef *)data;
    c_stream.next_out = compr;
    c_stream.avail_in = 3;
    c_stream.avail_out = (unsigned int)*comprLen;
    err = deflate(&c_stream, Z_FULL_FLUSH);
    CHECK_ERR(err, "deflate flush 1");

    compr[3]++; /* force an error in first compressed block */
    c_stream.avail_in = len - 3;

    err = deflate(&c_stream, Z_FINISH);

    if (err != Z_STREAM_END)
    {
        CHECK_ERR(err, "deflate flush 2");
    }

    err = deflateEnd(&c_stream);
    CHECK_ERR(err, "deflateEnd");

    *comprLen = (size_t)c_stream.total_out;
}

int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size)
{
    size_t comprLen = 100 + 2 * compressBound(size);
    size_t uncomprLen = size;
    uint8_t *compr, *uncompr;

    /* Discard inputs larger than 1Mb. */
    static const size_t kMaxSize = 1024 * 1024;

    /* This test requires at least 3 bytes of input data. */
    if (size <= 3 || size > kMaxSize)
        return 0;

    data = d;
    dataLen = size;
    compr = calloc(1, comprLen);
    uncompr = calloc(1, uncomprLen);

    test_flush(compr, &comprLen);

    free(compr);
    free(uncompr);

    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Derived from zlib fuzzers at http://github.com/google/oss-fuzz/tree/master/projects/zlib,
2		* see ossfuzz.sh for full license text.
3		*/
4
5		#include <stdio.h>
6		#include <stddef.h>
7		#include <stdint.h>
8		#include <string.h>
9		#include <stdlib.h>
10		#include <inttypes.h>
11
12		#include "miniz.h"
13
14		#define CHECK_ERR(err, msg) \
15	5.07k	{ \
16	5.07k	if (err != Z_OK) \
17	5.07k	{ \
18	0	fprintf(stderr, "%s error: %d\n", msg, err); \
19	0	exit(1); \
20	0	} \
21	5.07k	}
22
23		static const uint8_t *data;
24		static size_t dataLen;
25		static alloc_func zalloc = NULL;
26		static free_func zfree = NULL;
27
28		void test_flush(unsigned char compr, size_t comprLen)
29	1.69k	{
30	1.69k	z_stream c_stream; /* compression stream */
31	1.69k	int err;
32	1.69k	unsigned int len = dataLen;
33
34	1.69k	c_stream.zalloc = zalloc;
35	1.69k	c_stream.zfree = zfree;
36	1.69k	c_stream.opaque = NULL;
37
38	1.69k	err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
39	1.69k	CHECK_ERR(err, "deflateInit");
40
41	1.69k	c_stream.next_in = (Bytef *)data;
42	1.69k	c_stream.next_out = compr;
43	1.69k	c_stream.avail_in = 3;
44	1.69k	c_stream.avail_out = (unsigned int)*comprLen;
45	1.69k	err = deflate(&c_stream, Z_FULL_FLUSH);
46	1.69k	CHECK_ERR(err, "deflate flush 1");
47
48	1.69k	compr[3]++; /* force an error in first compressed block */
49	1.69k	c_stream.avail_in = len - 3;
50
51	1.69k	err = deflate(&c_stream, Z_FINISH);
52
53	1.69k	if (err != Z_STREAM_END)
54	0	{
55	0	CHECK_ERR(err, "deflate flush 2");
56	0	}
57
58	1.69k	err = deflateEnd(&c_stream);
59	1.69k	CHECK_ERR(err, "deflateEnd");
60
61	1.69k	*comprLen = (size_t)c_stream.total_out;
62	1.69k	}
63
64		int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size)
65	1.69k	{
66	1.69k	size_t comprLen = 100 + 2 * compressBound(size);
67	1.69k	size_t uncomprLen = size;
68	1.69k	uint8_t compr, uncompr;
69
70		/* Discard inputs larger than 1Mb. */
71	1.69k	static const size_t kMaxSize = 1024 * 1024;
72
73		/* This test requires at least 3 bytes of input data. */
74	1.69k	if (size <= 3 \|\| size > kMaxSize)
75	3	return 0;
76
77	1.69k	data = d;
78	1.69k	dataLen = size;
79	1.69k	compr = calloc(1, comprLen);
80	1.69k	uncompr = calloc(1, uncomprLen);
81
82	1.69k	test_flush(compr, &comprLen);
83
84	1.69k	free(compr);
85	1.69k	free(uncompr);
86
87	1.69k	return 0;
88	1.69k	}

Coverage Report

Created: 2025-08-28 07:01