/src/serenity/Meta/Lagom/Fuzzers/FuzzLzmaDecompression.cpp
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2023, Tim Schumacher <timschumi@gmx.de>. |
3 | | * |
4 | | * SPDX-License-Identifier: BSD-2-Clause |
5 | | */ |
6 | | |
7 | | #include <AK/MemoryStream.h> |
8 | | #include <LibCompress/Lzma.h> |
9 | | |
10 | | extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) |
11 | 1.67k | { |
12 | 1.67k | AK::set_debug_enabled(false); |
13 | | |
14 | | // LibFuzzer has a default memory limit of 2048 MB, so limit the dictionary size to a |
15 | | // reasonable number to make sure that we don't actually run into it by allocating a |
16 | | // huge dictionary. The chosen value is double of what the largest dictionary in the |
17 | | // specifications test files is, so it should be more than enough for fuzzing everything |
18 | | // that we would want to fuzz. |
19 | 1.67k | constexpr size_t largest_reasonable_dictionary_size = 16 * MiB; |
20 | | |
21 | 1.67k | if (size >= sizeof(Compress::LzmaHeader)) { |
22 | 1.67k | auto const* header = reinterpret_cast<Compress::LzmaHeader const*>(data); |
23 | 1.67k | if (header->dictionary_size() > largest_reasonable_dictionary_size) |
24 | 23 | return -1; |
25 | 1.67k | } |
26 | | |
27 | 1.65k | auto stream = make<FixedMemoryStream>(ReadonlyBytes { data, size }); |
28 | 1.65k | auto decompressor_or_error = Compress::LzmaDecompressor::create_from_container(move(stream)); |
29 | 1.65k | if (decompressor_or_error.is_error()) |
30 | 130 | return 0; |
31 | 1.52k | auto decompressor = decompressor_or_error.release_value(); |
32 | 557k | while (!decompressor->is_eof()) { |
33 | 557k | auto maybe_error = decompressor->discard(4096); |
34 | 557k | if (maybe_error.is_error()) |
35 | 1.51k | break; |
36 | 557k | } |
37 | 1.52k | return 0; |
38 | 1.65k | } |