/src/minizip-ng/test/fuzz/zip_fuzzer.c

Source
/* zip_fuzzer.c - Zip fuzzer for libFuzzer
   part of the minizip-ng project

   Copyright (C) 2018 The Chromium Authors
   Copyright (C) 2018 Anand K. Mistry
   Copyright (C) Nathan Moinvaziri
     https://github.com/zlib-ng/minizip-ng

   This program is distributed under the terms of the same license as zlib.
   See the accompanying LICENSE file for the full text of the license.
*/

#include "mz.h"
#include "mz_strm.h"
#include "mz_strm_mem.h"
#include "mz_zip.h"

#ifdef __cplusplus
extern "C" {
#endif

/***************************************************************************/

#define MZ_FUZZ_TEST_FILENAME "foo"
#define MZ_FUZZ_TEST_PWD      "test123"

/***************************************************************************/

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    mz_zip_file file_info;
    void *fuzz_stream = NULL;
    void *stream = NULL;
    void *handle = NULL;
    int32_t err = MZ_OK;
    uint16_t value16 = 0;
    uint8_t value8 = 0;
    int16_t compress_level = 0;
    int64_t fuzz_pos = 0;
    int32_t fuzz_length = 0;
    uint8_t *fuzz_buf = NULL;
    const char *password = NULL;

    fuzz_stream = mz_stream_mem_create();
    if (!fuzz_stream)
        return 1;
    mz_stream_mem_set_buffer(fuzz_stream, (void *)data, (int32_t)size);

    memset(&file_info, 0, sizeof(file_info));

    file_info.flag = MZ_ZIP_FLAG_UTF8;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.flag = value16;
    }
    file_info.compression_method = MZ_COMPRESS_METHOD_DEFLATE;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        file_info.compression_method = MZ_COMPRESS_METHOD_STORE;
    } else if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.compression_method = value16;
    }

    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            file_info.zip64 = value16;
    }

    file_info.filename = MZ_FUZZ_TEST_FILENAME;
    file_info.filename_size = (uint16_t)strlen(MZ_FUZZ_TEST_FILENAME);

    compress_level = MZ_COMPRESS_LEVEL_DEFAULT;
    if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
        if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
            compress_level = value16;
    }

    stream = mz_stream_mem_create();
    if (!stream) {
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    err = mz_stream_mem_open(stream, MZ_FUZZ_TEST_FILENAME, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE);
    if (err != MZ_OK) {
        mz_stream_mem_delete(&stream);
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    handle = mz_zip_create();
    if (!handle) {
        mz_stream_mem_delete(&stream);
        mz_stream_mem_delete(&fuzz_stream);
        return 1;
    }

    err = mz_zip_open(handle, stream, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE);
    if (err == MZ_OK) {
        password = file_info.flag & MZ_ZIP_FLAG_ENCRYPTED ? MZ_FUZZ_TEST_PWD : NULL;
        err = mz_zip_entry_write_open(handle, &file_info, compress_level, 0, password);
        if (err == MZ_OK) {
            mz_stream_mem_get_buffer_at_current(fuzz_stream, (const void **)&fuzz_buf);
            fuzz_pos = mz_stream_tell(fuzz_stream);
            mz_stream_mem_get_buffer_length(fuzz_stream, &fuzz_length);

            err = mz_zip_entry_write(handle, fuzz_buf, (fuzz_length - (int32_t)fuzz_pos));

            mz_zip_entry_close(handle);
        }

        mz_zip_close(handle);
    }

    mz_zip_delete(&handle);
    mz_stream_mem_delete(&stream);

    mz_stream_mem_delete(&fuzz_stream);

    return 0;
}

/***************************************************************************/

#ifdef __cplusplus
}
#endif

Line	Count	Source
1		/* zip_fuzzer.c - Zip fuzzer for libFuzzer
2		part of the minizip-ng project
3
4		Copyright (C) 2018 The Chromium Authors
5		Copyright (C) 2018 Anand K. Mistry
6		Copyright (C) Nathan Moinvaziri
7		https://github.com/zlib-ng/minizip-ng
8
9		This program is distributed under the terms of the same license as zlib.
10		See the accompanying LICENSE file for the full text of the license.
11		*/
12
13		#include "mz.h"
14		#include "mz_strm.h"
15		#include "mz_strm_mem.h"
16		#include "mz_zip.h"
17
18		#ifdef __cplusplus
19		extern "C" {
20		#endif
21
22		/***************************************************************************/
23
24	1.40k	#define MZ_FUZZ_TEST_FILENAME "foo"
25	202	#define MZ_FUZZ_TEST_PWD "test123"
26
27		/***************************************************************************/
28
29	468	int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
30	468	mz_zip_file file_info;
31	468	void *fuzz_stream = NULL;
32	468	void *stream = NULL;
33	468	void *handle = NULL;
34	468	int32_t err = MZ_OK;
35	468	uint16_t value16 = 0;
36	468	uint8_t value8 = 0;
37	468	int16_t compress_level = 0;
38	468	int64_t fuzz_pos = 0;
39	468	int32_t fuzz_length = 0;
40	468	uint8_t *fuzz_buf = NULL;
41	468	const char *password = NULL;
42
43	468	fuzz_stream = mz_stream_mem_create();
44	468	if (!fuzz_stream)
45	0	return 1;
46	468	mz_stream_mem_set_buffer(fuzz_stream, (void *)data, (int32_t)size);
47
48	468	memset(&file_info, 0, sizeof(file_info));
49
50	468	file_info.flag = MZ_ZIP_FLAG_UTF8;
51	468	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
52	225	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
53	220	file_info.flag = value16;
54	225	}
55	468	file_info.compression_method = MZ_COMPRESS_METHOD_DEFLATE;
56	468	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
57	361	file_info.compression_method = MZ_COMPRESS_METHOD_STORE;
58	361	} else if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
59	48	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
60	44	file_info.compression_method = value16;
61	48	}
62
63	468	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
64	121	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
65	115	file_info.zip64 = value16;
66	121	}
67
68	468	file_info.filename = MZ_FUZZ_TEST_FILENAME;
69	468	file_info.filename_size = (uint16_t)strlen(MZ_FUZZ_TEST_FILENAME);
70
71	468	compress_level = MZ_COMPRESS_LEVEL_DEFAULT;
72	468	if ((mz_stream_read_uint8(fuzz_stream, &value8) == MZ_OK) && (value8 < 0x08)) {
73	94	if (mz_stream_read_uint16(fuzz_stream, &value16) == MZ_OK)
74	85	compress_level = value16;
75	94	}
76
77	468	stream = mz_stream_mem_create();
78	468	if (!stream) {
79	0	mz_stream_mem_delete(&fuzz_stream);
80	0	return 1;
81	0	}
82
83	468	err = mz_stream_mem_open(stream, MZ_FUZZ_TEST_FILENAME, MZ_OPEN_MODE_CREATE \| MZ_OPEN_MODE_WRITE);
84	468	if (err != MZ_OK) {
85	0	mz_stream_mem_delete(&stream);
86	0	mz_stream_mem_delete(&fuzz_stream);
87	0	return 1;
88	0	}
89
90	468	handle = mz_zip_create();
91	468	if (!handle) {
92	0	mz_stream_mem_delete(&stream);
93	0	mz_stream_mem_delete(&fuzz_stream);
94	0	return 1;
95	0	}
96
97	468	err = mz_zip_open(handle, stream, MZ_OPEN_MODE_CREATE \| MZ_OPEN_MODE_WRITE);
98	468	if (err == MZ_OK) {
99	468	password = file_info.flag & MZ_ZIP_FLAG_ENCRYPTED ? MZ_FUZZ_TEST_PWD : NULL;
100	468	err = mz_zip_entry_write_open(handle, &file_info, compress_level, 0, password);
101	468	if (err == MZ_OK) {
102	385	mz_stream_mem_get_buffer_at_current(fuzz_stream, (const void **)&fuzz_buf);
103	385	fuzz_pos = mz_stream_tell(fuzz_stream);
104	385	mz_stream_mem_get_buffer_length(fuzz_stream, &fuzz_length);
105
106	385	err = mz_zip_entry_write(handle, fuzz_buf, (fuzz_length - (int32_t)fuzz_pos));
107
108	385	mz_zip_entry_close(handle);
109	385	}
110
111	468	mz_zip_close(handle);
112	468	}
113
114	468	mz_zip_delete(&handle);
115	468	mz_stream_mem_delete(&stream);
116
117	468	mz_stream_mem_delete(&fuzz_stream);
118
119	468	return 0;
120	468	}
121
122		/***************************************************************************/
123
124		#ifdef __cplusplus
125		}
126		#endif

Coverage Report

Created: 2025-12-28 06:29