/src/miniz/tests/add_in_place_fuzzer.c

Source
#include <stdio.h>
#include <limits.h>
#include "miniz.h"

static const mz_uint files_count = 5;
static const mz_uint max_file_size = 1024 * 1024;
static const char *zip_file_name = "/tmp/miniz-fuzzer-test.zip";

/* Read 32-bit integer from the fuzzer input with range [0, max] */
static mz_uint read_uint32(const mz_uint8 **data, size_t *size, mz_uint max)
{
    mz_uint value = 0;

    if (*size >= sizeof(mz_uint))
    {
        memcpy(&value, *data, sizeof(mz_uint));
        *data += sizeof(mz_uint);
        *size -= sizeof(mz_uint);
        value = MZ_MIN(max == UINT_MAX ? value : value % (max + 1), *size);
    }

    return value;
}

/* Read random-length null terminated string from the fuzzer input */
static mz_bool read_string(const mz_uint8 **data, size_t *size, char *destination, mz_uint max_len)
{
    mz_uint filename_len = read_uint32(data, size, max_len - 1);
    memcpy(destination, *data, filename_len);
    destination[filename_len] = 0;
    *data += filename_len;
    *size -= filename_len;
    return filename_len > 0;
}

/* Get random-length buffer from the fuzzer input */
static mz_bool read_buffer(const mz_uint8 **data, size_t *size, const mz_uint8 **destination, mz_uint *len)
{
    *len = read_uint32(data, size, max_file_size);
    *destination = *data;
    *data += *len;
    *size -= *len;
    return *len > 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    mz_uint i;
    char archive_file_name[FILENAME_MAX];
    const mz_uint8 *file_data;
    mz_uint file_length, flags;
    size_t extracted_size;
    mz_uint8 *extracted_data;
    const char *comment = mz_version();

    /* Remove the temporary file for better reproducibility */
    remove(zip_file_name);

    for (i = 0; i < files_count; ++i)
    {
        /* Fill archive file name */
        if (!read_string(&data, &size, archive_file_name, sizeof(archive_file_name)))
        {
            break;
        }

        /* Prepare file's content */
        if (!read_buffer(&data, &size, &file_data, &file_length))
        {
            break;
        }

        /* Prepare flags for adding file */
        flags = read_uint32(&data, &size, UINT_MAX);

        mz_zip_add_mem_to_archive_file_in_place(zip_file_name, archive_file_name, file_data, file_length, comment,
                                                (mz_uint16)strlen(comment), flags);

        /* Prepare flags for extracting file */
        flags = read_uint32(&data, &size, UINT_MAX);
        extracted_data = mz_zip_extract_archive_file_to_heap(zip_file_name, archive_file_name, &extracted_size, flags);
        free(extracted_data);
    }

    remove(zip_file_name);
    return 0;
}

Line	Count	Source
1		#include <stdio.h>
2		#include <limits.h>
3		#include "miniz.h"
4
5		static const mz_uint files_count = 5;
6		static const mz_uint max_file_size = 1024 * 1024;
7		static const char *zip_file_name = "/tmp/miniz-fuzzer-test.zip";
8
9		/* Read 32-bit integer from the fuzzer input with range [0, max] */
10		static mz_uint read_uint32(const mz_uint8 *data, size_t size, mz_uint max)
11	35.5k	{
12	35.5k	mz_uint value = 0;
13
14	35.5k	if (*size >= sizeof(mz_uint))
15	27.9k	{
16	27.9k	memcpy(&value, *data, sizeof(mz_uint));
17	27.9k	*data += sizeof(mz_uint);
18	27.9k	*size -= sizeof(mz_uint);
19	27.9k	value = MZ_MIN(max == UINT_MAX ? value : value % (max + 1), *size);
20	27.9k	}
21
22	35.5k	return value;
23	35.5k	}
24
25		/* Read random-length null terminated string from the fuzzer input */
26		static mz_bool read_string(const mz_uint8 *data, size_t size, char *destination, mz_uint max_len)
27	11.3k	{
28	11.3k	mz_uint filename_len = read_uint32(data, size, max_len - 1);
29	11.3k	memcpy(destination, *data, filename_len);
30	11.3k	destination[filename_len] = 0;
31	11.3k	*data += filename_len;
32	11.3k	*size -= filename_len;
33	11.3k	return filename_len > 0;
34	11.3k	}
35
36		/* Get random-length buffer from the fuzzer input */
37		static mz_bool read_buffer(const mz_uint8 *data, size_t size, const mz_uint8 *destination, mz_uint len)
38	8.42k	{
39	8.42k	*len = read_uint32(data, size, max_file_size);
40	8.42k	destination = data;
41	8.42k	data += len;
42	8.42k	size -= len;
43	8.42k	return *len > 0;
44	8.42k	}
45
46		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
47	3.85k	{
48	3.85k	mz_uint i;
49	3.85k	char archive_file_name[FILENAME_MAX];
50	3.85k	const mz_uint8 *file_data;
51	3.85k	mz_uint file_length, flags;
52	3.85k	size_t extracted_size;
53	3.85k	mz_uint8 *extracted_data;
54	3.85k	const char *comment = mz_version();
55
56		/* Remove the temporary file for better reproducibility */
57	3.85k	remove(zip_file_name);
58
59	11.6k	for (i = 0; i < files_count; ++i)
60	11.3k	{
61		/* Fill archive file name */
62	11.3k	if (!read_string(&data, &size, archive_file_name, sizeof(archive_file_name)))
63	2.97k	{
64	2.97k	break;
65	2.97k	}
66
67		/* Prepare file's content */
68	8.42k	if (!read_buffer(&data, &size, &file_data, &file_length))
69	582	{
70	582	break;
71	582	}
72
73		/* Prepare flags for adding file */
74	7.84k	flags = read_uint32(&data, &size, UINT_MAX);
75
76	7.84k	mz_zip_add_mem_to_archive_file_in_place(zip_file_name, archive_file_name, file_data, file_length, comment,
77	7.84k	(mz_uint16)strlen(comment), flags);
78
79		/* Prepare flags for extracting file */
80	7.84k	flags = read_uint32(&data, &size, UINT_MAX);
81	7.84k	extracted_data = mz_zip_extract_archive_file_to_heap(zip_file_name, archive_file_name, &extracted_size, flags);
82	7.84k	free(extracted_data);
83	7.84k	}
84
85	3.85k	remove(zip_file_name);
86	3.85k	return 0;
87	3.85k	}

Coverage Report

Created: 2026-01-25 06:58