/src/xz/tests/ossfuzz/fuzz_decode_stream.c

Source
// SPDX-License-Identifier: 0BSD

///////////////////////////////////////////////////////////////////////////////
//
/// \file       fuzz_decode_stream.c
/// \brief      Fuzz test program for single threaded .xz decoding
//
//  Authors:    Lasse Collin
//              Maksym Vatsyk
//
///////////////////////////////////////////////////////////////////////////////

#include <inttypes.h>
#include <stdlib.h>
#include <stdio.h>
#include "lzma.h"
#include "fuzz_common.h"


extern int
LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
{
  lzma_stream strm = LZMA_STREAM_INIT;
  // Initialize a .xz decoder using the memory usage limit
  // defined in fuzz_common.h
  //
  // Enable support for concatenated .xz files which is used when
  // decompressing regular .xz files (instead of data embedded inside
  // some other file format). Integrity checks on the uncompressed
  // data are ignored to make fuzzing more effective (incorrect check
  // values won't prevent the decoder from processing more input).
  //
  // The flag LZMA_IGNORE_CHECK doesn't disable verification of
  // header CRC32 values. Those checks are disabled when liblzma is
  // built with the #define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION.
  lzma_ret ret = lzma_stream_decoder(&strm, MEM_LIMIT,
      LZMA_CONCATENATED | LZMA_IGNORE_CHECK);

  if (ret != LZMA_OK) {
    // This should never happen unless the system has
    // no free memory or address space to allow the small
    // allocations that the initialization requires.
    fprintf(stderr, "lzma_stream_decoder() failed (%d)\n", ret);
    abort();
  }

  fuzz_code(&strm, inbuf, inbuf_size);

  // Free the allocated memory.
  lzma_end(&strm);

  return 0;
}

Line	Count	Source
1		// SPDX-License-Identifier: 0BSD
2
3		///////////////////////////////////////////////////////////////////////////////
4		//
5		/// \file fuzz_decode_stream.c
6		/// \brief Fuzz test program for single threaded .xz decoding
7		//
8		// Authors: Lasse Collin
9		// Maksym Vatsyk
10		//
11		///////////////////////////////////////////////////////////////////////////////
12
13		#include <inttypes.h>
14		#include <stdlib.h>
15		#include <stdio.h>
16		#include "lzma.h"
17		#include "fuzz_common.h"
18
19
20		extern int
21		LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
22	13.6k	{
23	13.6k	lzma_stream strm = LZMA_STREAM_INIT;
24		// Initialize a .xz decoder using the memory usage limit
25		// defined in fuzz_common.h
26		//
27		// Enable support for concatenated .xz files which is used when
28		// decompressing regular .xz files (instead of data embedded inside
29		// some other file format). Integrity checks on the uncompressed
30		// data are ignored to make fuzzing more effective (incorrect check
31		// values won't prevent the decoder from processing more input).
32		//
33		// The flag LZMA_IGNORE_CHECK doesn't disable verification of
34		// header CRC32 values. Those checks are disabled when liblzma is
35		// built with the #define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION.
36	13.6k	lzma_ret ret = lzma_stream_decoder(&strm, MEM_LIMIT,
37	13.6k	LZMA_CONCATENATED \| LZMA_IGNORE_CHECK);
38
39	13.6k	if (ret != LZMA_OK) {
40		// This should never happen unless the system has
41		// no free memory or address space to allow the small
42		// allocations that the initialization requires.
43	0	fprintf(stderr, "lzma_stream_decoder() failed (%d)\n", ret);
44	0	abort();
45	0	}
46
47	13.6k	fuzz_code(&strm, inbuf, inbuf_size);
48
49		// Free the allocated memory.
50	13.6k	lzma_end(&strm);
51
52	13.6k	return 0;
53	13.6k	}

Coverage Report

Created: 2025-10-28 06:28