Coverage Report

Created: 2023-03-26 06:14

/src/minizip-ng/test/fuzz/unzip_fuzzer.c
Line
Count
Source (jump to first uncovered line)
1
/* unzip_fuzzer.c - Unzip fuzzer for libFuzzer
2
   part of the minizip-ng project
3
4
   Copyright (C) 2018 The Chromium Authors
5
   Copyright (C) 2018 Anand K. Mistry
6
   Copyright (C) Nathan Moinvaziri
7
     https://github.com/zlib-ng/minizip-ng
8
9
   This program is distributed under the terms of the same license as zlib.
10
   See the accompanying LICENSE file for the full text of the license.
11
*/
12
13
#include "mz.h"
14
#include "mz_strm.h"
15
#include "mz_strm_mem.h"
16
#include "mz_zip.h"
17
18
#ifdef __cplusplus
19
extern "C" {
20
#endif
21
22
/***************************************************************************/
23
24
7.62k
#define MZ_FUZZ_TEST_PWD        "test123"
25
5.82k
#define MZ_FUZZ_TEST_FILENAME   "foo"
26
5.82k
#define MZ_FUZZ_TEST_FILENAMEUC "FOO"
27
28
/***************************************************************************/
29
30
3.82k
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
31
3.82k
    mz_zip_file *file_info = NULL;
32
3.82k
    void *stream = NULL;
33
3.82k
    void *handle = NULL;
34
3.82k
    const char *archive_comment = NULL;
35
3.82k
    char buffer[1024];
36
3.82k
    uint16_t version_madeby = 0;
37
3.82k
    uint64_t num_entries = 0;
38
3.82k
    int64_t entry_pos = 0;
39
3.82k
    int32_t err = MZ_OK;
40
3.82k
    uint8_t encrypted = 0;
41
42
3.82k
    mz_stream_mem_create(&stream);
43
3.82k
    mz_stream_mem_set_buffer(stream, (void *)data, (int32_t)size);
44
45
3.82k
    mz_zip_create(&handle);
46
47
3.82k
    err = mz_zip_open(handle, stream, MZ_OPEN_MODE_READ);
48
49
3.82k
    if (err == MZ_OK) {
50
        /* Some archive properties that are non-fatal for reading the archive. */
51
2.91k
        mz_zip_get_comment(handle, &archive_comment);
52
2.91k
        mz_zip_get_version_madeby(handle, &version_madeby);
53
2.91k
        mz_zip_get_number_entry(handle, &num_entries);
54
55
2.91k
        err = mz_zip_goto_first_entry(handle);
56
12.4k
        while (err == MZ_OK) {
57
11.0k
            err = mz_zip_entry_get_info(handle, &file_info);
58
11.0k
            if (err != MZ_OK)
59
0
                break;
60
61
11.0k
            encrypted = (file_info->flag & MZ_ZIP_FLAG_ENCRYPTED);
62
63
11.0k
            err = mz_zip_entry_read_open(handle, 0, encrypted ? MZ_FUZZ_TEST_PWD : NULL);
64
11.0k
            if (err != MZ_OK)
65
1.40k
                break;
66
67
9.68k
            err = mz_zip_entry_is_open(handle);
68
9.68k
            if (err != MZ_OK)
69
0
                break;
70
71
            /* Return value isn't checked here because we can't predict
72
               what the value will be. */
73
74
9.68k
            mz_zip_entry_is_dir(handle);
75
9.68k
            entry_pos = mz_zip_get_entry(handle);
76
9.68k
            if (entry_pos < 0)
77
0
                break;
78
79
9.68k
            err = mz_zip_entry_read(handle, buffer, sizeof(buffer));
80
9.68k
            if (err < 0)
81
0
                break;
82
83
9.68k
            err = mz_zip_entry_close(handle);
84
9.68k
            if (err != MZ_OK)
85
111
                break;
86
87
9.57k
            err = mz_zip_goto_next_entry(handle);
88
9.57k
        }
89
90
2.91k
        mz_zip_entry_close(handle);
91
92
        /* Return value isn't checked here because we can't predict what the value
93
           will be. */
94
95
2.91k
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 0);
96
2.91k
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 0);
97
2.91k
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 1);
98
2.91k
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 1);
99
100
2.91k
        mz_zip_close(handle);
101
2.91k
    }
102
103
3.82k
    mz_zip_delete(&handle);
104
3.82k
    mz_stream_mem_delete(&stream);
105
106
3.82k
    return 0;
107
3.82k
}
108
109
/***************************************************************************/
110
111
#ifdef __cplusplus
112
}
113
#endif