/src/minizip-ng/test/fuzz/unzip_fuzzer.c

Source (jump to first uncovered line)
/* unzip_fuzzer.c - Unzip fuzzer for libFuzzer
   part of the minizip-ng project

   Copyright (C) 2018 The Chromium Authors
   Copyright (C) 2018 Anand K. Mistry
   Copyright (C) Nathan Moinvaziri
     https://github.com/zlib-ng/minizip-ng

   This program is distributed under the terms of the same license as zlib.
   See the accompanying LICENSE file for the full text of the license.
*/

#include "mz.h"
#include "mz_strm.h"
#include "mz_strm_mem.h"
#include "mz_zip.h"

#ifdef __cplusplus
extern "C" {
#endif

/***************************************************************************/

#define MZ_FUZZ_TEST_PWD        "test123"
#define MZ_FUZZ_TEST_FILENAME   "foo"
#define MZ_FUZZ_TEST_FILENAMEUC "FOO"

/***************************************************************************/

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    mz_zip_file *file_info = NULL;
    void *stream = NULL;
    void *handle = NULL;
    const char *archive_comment = NULL;
    char buffer[1024];
    uint16_t version_madeby = 0;
    uint64_t num_entries = 0;
    int64_t entry_pos = 0;
    int32_t err = MZ_OK;
    uint8_t encrypted = 0;

    stream = mz_stream_mem_create();
    if (!stream)
        return 1;

    mz_stream_mem_set_buffer(stream, (void *)data, (int32_t)size);

    handle = mz_zip_create();
    if (!handle)
        return 1;

    mz_zip_set_recover(handle, (size & 0xE0) == 0xE0);
    err = mz_zip_open(handle, stream, MZ_OPEN_MODE_READ);

    if (err == MZ_OK) {
        /* Some archive properties that are non-fatal for reading the archive. */
        mz_zip_get_comment(handle, &archive_comment);
        mz_zip_get_version_madeby(handle, &version_madeby);
        mz_zip_get_number_entry(handle, &num_entries);

        err = mz_zip_goto_first_entry(handle);
        while (err == MZ_OK) {
            err = mz_zip_entry_get_info(handle, &file_info);
            if (err != MZ_OK)
                break;

            encrypted = (file_info->flag & MZ_ZIP_FLAG_ENCRYPTED);

            err = mz_zip_entry_read_open(handle, 0, encrypted ? MZ_FUZZ_TEST_PWD : NULL);
            if (err != MZ_OK)
                break;

            err = mz_zip_entry_is_open(handle);
            if (err != MZ_OK)
                break;

            /* Return value isn't checked here because we can't predict
               what the value will be. */

            mz_zip_entry_is_dir(handle);
            entry_pos = mz_zip_get_entry(handle);
            if (entry_pos < 0)
                break;

            err = mz_zip_entry_read(handle, buffer, sizeof(buffer));
            if (err < 0)
                break;

            err = mz_zip_entry_close(handle);
            if (err != MZ_OK)
                break;

            err = mz_zip_goto_next_entry(handle);
        }

        mz_zip_entry_close(handle);

        /* Return value isn't checked here because we can't predict what the value
           will be. */

        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 0);
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 0);
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 1);
        mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 1);

        mz_zip_close(handle);
    }

    mz_zip_delete(&handle);
    mz_stream_mem_delete(&stream);

    return 0;
}

/***************************************************************************/

#ifdef __cplusplus
}
#endif

Line	Count	Source (jump to first uncovered line)
1		/* unzip_fuzzer.c - Unzip fuzzer for libFuzzer
2		part of the minizip-ng project
3
4		Copyright (C) 2018 The Chromium Authors
5		Copyright (C) 2018 Anand K. Mistry
6		Copyright (C) Nathan Moinvaziri
7		https://github.com/zlib-ng/minizip-ng
8
9		This program is distributed under the terms of the same license as zlib.
10		See the accompanying LICENSE file for the full text of the license.
11		*/
12
13		#include "mz.h"
14		#include "mz_strm.h"
15		#include "mz_strm_mem.h"
16		#include "mz_zip.h"
17
18		#ifdef __cplusplus
19		extern "C" {
20		#endif
21
22		/***************************************************************************/
23
24	16.5k	#define MZ_FUZZ_TEST_PWD "test123"
25	5.48k	#define MZ_FUZZ_TEST_FILENAME "foo"
26	5.48k	#define MZ_FUZZ_TEST_FILENAMEUC "FOO"
27
28		/***************************************************************************/
29
30	3.39k	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
31	3.39k	mz_zip_file *file_info = NULL;
32	3.39k	void *stream = NULL;
33	3.39k	void *handle = NULL;
34	3.39k	const char *archive_comment = NULL;
35	3.39k	char buffer[1024];
36	3.39k	uint16_t version_madeby = 0;
37	3.39k	uint64_t num_entries = 0;
38	3.39k	int64_t entry_pos = 0;
39	3.39k	int32_t err = MZ_OK;
40	3.39k	uint8_t encrypted = 0;
41
42	3.39k	stream = mz_stream_mem_create();
43	3.39k	if (!stream)
44	0	return 1;
45
46	3.39k	mz_stream_mem_set_buffer(stream, (void *)data, (int32_t)size);
47
48	3.39k	handle = mz_zip_create();
49	3.39k	if (!handle)
50	0	return 1;
51
52	3.39k	mz_zip_set_recover(handle, (size & 0xE0) == 0xE0);
53	3.39k	err = mz_zip_open(handle, stream, MZ_OPEN_MODE_READ);
54
55	3.39k	if (err == MZ_OK) {
56		/* Some archive properties that are non-fatal for reading the archive. */
57	2.74k	mz_zip_get_comment(handle, &archive_comment);
58	2.74k	mz_zip_get_version_madeby(handle, &version_madeby);
59	2.74k	mz_zip_get_number_entry(handle, &num_entries);
60
61	2.74k	err = mz_zip_goto_first_entry(handle);
62	28.6k	while (err == MZ_OK) {
63	27.3k	err = mz_zip_entry_get_info(handle, &file_info);
64	27.3k	if (err != MZ_OK)
65	0	break;
66
67	27.3k	encrypted = (file_info->flag & MZ_ZIP_FLAG_ENCRYPTED);
68
69	27.3k	err = mz_zip_entry_read_open(handle, 0, encrypted ? MZ_FUZZ_TEST_PWD : NULL);
70	27.3k	if (err != MZ_OK)
71	1.27k	break;
72
73	26.1k	err = mz_zip_entry_is_open(handle);
74	26.1k	if (err != MZ_OK)
75	0	break;
76
77		/* Return value isn't checked here because we can't predict
78		what the value will be. */
79
80	26.1k	mz_zip_entry_is_dir(handle);
81	26.1k	entry_pos = mz_zip_get_entry(handle);
82	26.1k	if (entry_pos < 0)
83	0	break;
84
85	26.1k	err = mz_zip_entry_read(handle, buffer, sizeof(buffer));
86	26.1k	if (err < 0)
87	0	break;
88
89	26.1k	err = mz_zip_entry_close(handle);
90	26.1k	if (err != MZ_OK)
91	162	break;
92
93	25.9k	err = mz_zip_goto_next_entry(handle);
94	25.9k	}
95
96	2.74k	mz_zip_entry_close(handle);
97
98		/* Return value isn't checked here because we can't predict what the value
99		will be. */
100
101	2.74k	mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 0);
102	2.74k	mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 0);
103	2.74k	mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 1);
104	2.74k	mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 1);
105
106	2.74k	mz_zip_close(handle);
107	2.74k	}
108
109	3.39k	mz_zip_delete(&handle);
110	3.39k	mz_stream_mem_delete(&stream);
111
112	3.39k	return 0;
113	3.39k	}
114
115		/***************************************************************************/
116
117		#ifdef __cplusplus
118		}
119		#endif

Coverage Report

Created: 2025-07-11 06:45