/src/xz/tests/ossfuzz/fuzz_encode_stream.c
Line | Count | Source |
1 | | // SPDX-License-Identifier: 0BSD |
2 | | |
3 | | /////////////////////////////////////////////////////////////////////////////// |
4 | | // |
5 | | /// \file fuzz_encode_stream.c |
6 | | /// \brief Fuzz test program for .xz encoding |
7 | | // |
8 | | // Authors: Maksym Vatsyk |
9 | | // Lasse Collin |
10 | | // |
11 | | /////////////////////////////////////////////////////////////////////////////// |
12 | | |
13 | | #include <inttypes.h> |
14 | | #include <stdlib.h> |
15 | | #include <stdio.h> |
16 | | #include "lzma.h" |
17 | | #include "fuzz_common.h" |
18 | | |
19 | | |
20 | | extern int |
21 | | LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size) |
22 | 4.00k | { |
23 | 4.00k | if (inbuf_size == 0) { |
24 | 0 | fprintf(stderr, "no input data provided\n"); |
25 | 0 | return 0; |
26 | 0 | } |
27 | | |
28 | | // Set the LZMA options based on the first input byte. The fuzzer |
29 | | // will learn through its mutational genetic algorithm with the |
30 | | // code coverage feedback that the first byte must be one of the |
31 | | // values with a switch case label. This allows us to have one fuzz |
32 | | // target cover many critical code paths so the fuzz resources can |
33 | | // be used efficiently. |
34 | 4.00k | uint32_t preset_level; |
35 | 4.00k | const uint8_t decider = inbuf[0]; |
36 | | |
37 | 4.00k | switch (decider) { |
38 | 955 | case 0: |
39 | 1.64k | case 1: |
40 | 2.67k | case 5: |
41 | 2.67k | preset_level = (uint32_t)decider; |
42 | 2.67k | break; |
43 | 903 | case 6: |
44 | 903 | preset_level = 0 | LZMA_PRESET_EXTREME; |
45 | 903 | break; |
46 | 412 | case 7: |
47 | 412 | preset_level = 3 | LZMA_PRESET_EXTREME; |
48 | 412 | break; |
49 | 9 | default: |
50 | 9 | return 0; |
51 | 4.00k | } |
52 | | |
53 | | // Initialize lzma_options with the above preset level |
54 | 3.99k | lzma_options_lzma opt_lzma; |
55 | 3.99k | if (lzma_lzma_preset(&opt_lzma, preset_level)){ |
56 | 0 | fprintf(stderr, "lzma_lzma_preset() failed\n"); |
57 | 0 | abort(); |
58 | 0 | } |
59 | | |
60 | | // Set the filter chain as only LZMA2. |
61 | 3.99k | lzma_filter filters[2] = { |
62 | 3.99k | { |
63 | 3.99k | .id = LZMA_FILTER_LZMA2, |
64 | 3.99k | .options = &opt_lzma, |
65 | 3.99k | }, { |
66 | 3.99k | .id = LZMA_VLI_UNKNOWN, |
67 | 3.99k | } |
68 | 3.99k | }; |
69 | | |
70 | | // initialize empty LZMA stream |
71 | 3.99k | lzma_stream strm = LZMA_STREAM_INIT; |
72 | | |
73 | | // Initialize the stream encoder using the above |
74 | | // stream, filter chain and CRC64. |
75 | 3.99k | lzma_ret ret = lzma_stream_encoder(&strm, filters, LZMA_CHECK_CRC64); |
76 | 3.99k | if (ret != LZMA_OK) { |
77 | 0 | fprintf(stderr, "lzma_stream_encoder() failed (%d)\n", ret); |
78 | 0 | abort(); |
79 | 0 | } |
80 | | |
81 | 3.99k | fuzz_code(&strm, inbuf + 1, inbuf_size - 1); |
82 | | |
83 | | // Free the allocated memory. |
84 | 3.99k | lzma_end(&strm); |
85 | 3.99k | return 0; |
86 | 3.99k | } |