/src/minizip-ng/test/fuzz/zip_fuzzer.c

Source
/* zip_fuzzer.c - Zip fuzzer for libFuzzer
   part of the minizip-ng project

   Copyright (C) 2018 The Chromium Authors
   Copyright (C) 2018 Anand K. Mistry
   Copyright (C) Nathan Moinvaziri
     https://github.com/zlib-ng/minizip-ng

   This program is distributed under the terms of the same license as zlib.
   See the accompanying LICENSE file for the full text of the license.
*/

#include "mz.h"
#include "mz_strm.h"
#include "mz_strm_mem.h"
#include "mz_zip.h"

#ifdef __cplusplus
extern "C" {
#endif

/***************************************************************************/

#define MZ_FUZZ_TEST_FILENAME "foo"
#define MZ_FUZZ_TEST_PWD      "test123"

/***************************************************************************/

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    mz_zip_file file_info;
    void *fuzz_stream = NULL;
    void *stream = NULL;
    void *handle = NULL;
    int32_t err = MZ_OK;
    uint16_t value16 = 0;
    uint8_t value8 = 0;
    int16_t compress_level = 0;
    int64_t fuzz_pos = 0;
    int32_t fuzz_length = 0;
    uint8_t *fuzz_buf = NULL;
    const char *password = NULL;

    fuzz_stream = mz_stream_mem_create();
    if (!fuzz_stream)
        return 1;
    mz_stream_mem_set_buffer(fuzz_stream, (void *)data, (int32_t)size);

    memset(&file_info, 0, sizeof(file_info));

    file_info.flag = MZ_ZIP_FLAG_UTF8;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.flag = value16;
    }
    file_info.compression_method = MZ_COMPRESS_METHOD_DEFLATE;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        file_info.compression_method = MZ_COMPRESS_METHOD_STORE;
    } else if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.compression_method = value16;
    }

    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.zip64 = value16;
    }

    file_info.filename = MZ_FUZZ_TEST_FILENAME;
    file_info.filename_size = (uint16_t)strlen(MZ_FUZZ_TEST_FILENAME);

    compress_level = MZ_COMPRESS_LEVEL_DEFAULT;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            compress_level = value16;
    }

    stream = mz_stream_mem_create();
    if (!stream) {
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    err = mz_stream_mem_open(stream, MZ_FUZZ_TEST_FILENAME, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE);
    if (err != MZ_OK) {
        mz_stream_mem_delete(&stream);
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    handle = mz_zip_create();
    if (!handle) {
        mz_stream_mem_delete(&stream);
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    err = mz_zip_open(handle, stream, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE);
    if (err == MZ_OK) {
        password = file_info.flag & MZ_ZIP_FLAG_ENCRYPTED ? MZ_FUZZ_TEST_PWD : NULL;
        err = mz_zip_entry_write_open(handle, &file_info, compress_level, 0, password);
        if (err == MZ_OK) {
            mz_stream_mem_get_buffer_at_current(fuzz_stream, (const void **)&fuzz_buf);
            fuzz_pos = mz_stream_tell(fuzz_stream);
            mz_stream_mem_get_buffer_length(fuzz_stream, &fuzz_length);

            err = mz_zip_entry_write(handle, fuzz_buf, (fuzz_length - (int32_t)fuzz_pos));

            mz_zip_entry_close(handle);
        }

        mz_zip_close(handle);
    }

    mz_zip_delete(&handle);
    mz_stream_mem_delete(&stream);

    mz_stream_mem_delete(&fuzz_stream);

    return 0;
}

/***************************************************************************/

#ifdef __cplusplus
}
#endif

Line	Count	Source
1		/* zip_fuzzer.c - Zip fuzzer for libFuzzer
2		part of the minizip-ng project
3
4		Copyright (C) 2018 The Chromium Authors
5		Copyright (C) 2018 Anand K. Mistry
6		Copyright (C) Nathan Moinvaziri
7		https://github.com/zlib-ng/minizip-ng
8
9		This program is distributed under the terms of the same license as zlib.
10		See the accompanying LICENSE file for the full text of the license.
11		*/
12
13		#include "mz.h"
14		#include "mz_strm.h"
15		#include "mz_strm_mem.h"
16		#include "mz_zip.h"
17
18		#ifdef __cplusplus
19		extern "C" {
20		#endif
21
22		/***************************************************************************/
23
24	1.35k	#define MZ_FUZZ_TEST_FILENAME "foo"
25	193	#define MZ_FUZZ_TEST_PWD "test123"
26
27		/***************************************************************************/
28
29	453	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
30	453	mz_zip_file file_info;
31	453	void *fuzz_stream = NULL;
32	453	void *stream = NULL;
33	453	void *handle = NULL;
34	453	int32_t err = MZ_OK;
35	453	uint16_t value16 = 0;
36	453	uint8_t value8 = 0;
37	453	int16_t compress_level = 0;
38	453	int64_t fuzz_pos = 0;
39	453	int32_t fuzz_length = 0;
40	453	uint8_t *fuzz_buf = NULL;
41	453	const char *password = NULL;
42
43	453	fuzz_stream = mz_stream_mem_create();
44	453	if (!fuzz_stream)
45	0	return 1;
46	453	mz_stream_mem_set_buffer(fuzz_stream, (void *)data, (int32_t)size);
47
48	453	memset(&file_info, 0, sizeof(file_info));
49
50	453	file_info.flag = MZ_ZIP_FLAG_UTF8;
51	453	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
52	220	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
53	215	file_info.flag = value16;
54	220	}
55	453	file_info.compression_method = MZ_COMPRESS_METHOD_DEFLATE;
56	453	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
57	351	file_info.compression_method = MZ_COMPRESS_METHOD_STORE;
58	351	} else if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
59	44	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
60	41	file_info.compression_method = value16;
61	44	}
62
63	453	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
64	115	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
65	109	file_info.zip64 = value16;
66	115	}
67
68	453	file_info.filename = MZ_FUZZ_TEST_FILENAME;
69	453	file_info.filename_size = (uint16_t)strlen(MZ_FUZZ_TEST_FILENAME);
70
71	453	compress_level = MZ_COMPRESS_LEVEL_DEFAULT;
72	453	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
73	87	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
74	80	compress_level = value16;
75	87	}
76
77	453	stream = mz_stream_mem_create();
78	453	if (!stream) {
79	0	mz_stream_mem_delete(&fuzz_stream);
80	0	return 1;
81	0	}
82
83	453	err = mz_stream_mem_open(stream, MZ_FUZZ_TEST_FILENAME, MZ_OPEN_MODE_CREATE \| MZ_OPEN_MODE_WRITE);
84	453	if (err != MZ_OK) {
85	0	mz_stream_mem_delete(&stream);
86	0	mz_stream_mem_delete(&fuzz_stream);
87	0	return 1;
88	0	}
89
90	453	handle = mz_zip_create();
91	453	if (!handle) {
92	0	mz_stream_mem_delete(&stream);
93	0	mz_stream_mem_delete(&fuzz_stream);
94	0	return 1;
95	0	}
96
97	453	err = mz_zip_open(handle, stream, MZ_OPEN_MODE_CREATE \| MZ_OPEN_MODE_WRITE);
98	453	if (err == MZ_OK) {
99	453	password = file_info.flag & MZ_ZIP_FLAG_ENCRYPTED ? MZ_FUZZ_TEST_PWD : NULL;
100	453	err = mz_zip_entry_write_open(handle, &file_info, compress_level, 0, password);
101	453	if (err == MZ_OK) {
102	372	mz_stream_mem_get_buffer_at_current(fuzz_stream, (const void **)&fuzz_buf);
103	372	fuzz_pos = mz_stream_tell(fuzz_stream);
104	372	mz_stream_mem_get_buffer_length(fuzz_stream, &fuzz_length);
105
106	372	err = mz_zip_entry_write(handle, fuzz_buf, (fuzz_length - (int32_t)fuzz_pos));
107
108	372	mz_zip_entry_close(handle);
109	372	}
110
111	453	mz_zip_close(handle);
112	453	}
113
114	453	mz_zip_delete(&handle);
115	453	mz_stream_mem_delete(&stream);
116
117	453	mz_stream_mem_delete(&fuzz_stream);
118
119	453	return 0;
120	453	}
121
122		/***************************************************************************/
123
124		#ifdef __cplusplus
125		}
126		#endif

Coverage Report

Created: 2025-11-27 06:27