Coverage Report

Created: 2023-03-26 06:14

/src/minizip-ng/test/fuzz/zip_fuzzer.c
Line
Count
Source (jump to first uncovered line)
1
/* zip_fuzzer.c - Zip fuzzer for libFuzzer
2
   part of the minizip-ng project
3
4
   Copyright (C) 2018 The Chromium Authors
5
   Copyright (C) 2018 Anand K. Mistry
6
   Copyright (C) Nathan Moinvaziri
7
     https://github.com/zlib-ng/minizip-ng
8
9
   This program is distributed under the terms of the same license as zlib.
10
   See the accompanying LICENSE file for the full text of the license.
11
*/
12
13
#include "mz.h"
14
#include "mz_strm.h"
15
#include "mz_strm_mem.h"
16
#include "mz_zip.h"
17
18
#ifdef __cplusplus
19
extern "C" {
20
#endif
21
22
/***************************************************************************/
23
24
420
#define MZ_FUZZ_TEST_FILENAME "foo"
25
26
/***************************************************************************/
27
28
210
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
29
210
    mz_zip_file file_info;
30
210
    void *fuzz_stream = NULL;
31
210
    void *stream = NULL;
32
210
    void *handle = NULL;
33
210
    int32_t err = MZ_OK;
34
210
    uint16_t value16 = 0;
35
210
    uint8_t value8 = 0;
36
210
    int16_t compress_level = 0;
37
210
    int64_t fuzz_pos = 0;
38
210
    int32_t fuzz_length = 0;
39
210
    uint8_t *fuzz_buf = NULL;
40
41
210
    mz_stream_mem_create(&fuzz_stream);
42
210
    mz_stream_mem_set_buffer(fuzz_stream, (void *)data, (int32_t)size);
43
44
210
    memset(&file_info, 0, sizeof(file_info));
45
46
210
    file_info.flag = MZ_ZIP_FLAG_UTF8;
47
210
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
48
44
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
49
39
            file_info.flag = value16;
50
44
    }
51
210
    file_info.compression_method = MZ_COMPRESS_METHOD_DEFLATE;
52
210
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
53
78
        file_info.compression_method = MZ_COMPRESS_METHOD_STORE;
54
132
    } else if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
55
58
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
56
54
            file_info.compression_method = value16;
57
58
    }
58
59
210
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
60
73
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
61
67
            file_info.zip64 = value16;
62
73
    }
63
64
210
    file_info.filename = MZ_FUZZ_TEST_FILENAME;
65
210
    file_info.filename_size = (uint16_t)strlen(MZ_FUZZ_TEST_FILENAME);
66
67
210
    compress_level = MZ_COMPRESS_LEVEL_DEFAULT;
68
210
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
69
89
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
70
82
            compress_level = value16;
71
89
    }
72
73
210
    mz_stream_mem_create(&stream);
74
210
    mz_zip_create(&handle);
75
76
210
    err = mz_zip_open(handle, stream, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE);
77
210
    if (err == MZ_OK) {
78
210
        err = mz_zip_entry_write_open(handle, &file_info, compress_level, 0, NULL);
79
210
        if (err == MZ_OK) {
80
0
            mz_stream_mem_get_buffer_at_current(fuzz_stream, (const void **)&fuzz_buf);
81
0
            fuzz_pos = mz_stream_tell(fuzz_stream);
82
0
            mz_stream_mem_get_buffer_length(fuzz_stream, &fuzz_length);
83
84
0
            err = mz_zip_entry_write(handle, fuzz_buf, (fuzz_length - (int32_t)fuzz_pos));
85
86
0
            mz_zip_entry_close(handle);
87
0
        }
88
89
210
        mz_zip_close(handle);
90
210
    }
91
92
210
    mz_zip_delete(&handle);
93
210
    mz_stream_mem_delete(&stream);
94
95
210
    mz_stream_mem_delete(&fuzz_stream);
96
97
210
    return 0;
98
210
}
99
100
/***************************************************************************/
101
102
#ifdef __cplusplus
103
}
104
#endif