/src/zlib-ng/test/fuzz/fuzzer_example_flush.c

Source (jump to first uncovered line)
#include <stdio.h>
#include <assert.h>

#include "zbuild.h"
#ifdef ZLIB_COMPAT
#  include "zlib.h"
#else
#  include "zlib-ng.h"
#endif

#define CHECK_ERR(err, msg) { \
    if (err != Z_OK) { \
        fprintf(stderr, "%s error: %d\n", msg, err); \
        exit(1); \
    } \
}

static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;

/* ===========================================================================
 * Test deflate() with full flush
 */
void test_flush(unsigned char *compr, z_size_t *comprLen) {
    PREFIX3(stream) c_stream; /* compression stream */
    int err;
    unsigned int len = (unsigned int)dataLen;

    c_stream.zalloc = zalloc;
    c_stream.zfree = zfree;
    c_stream.opaque = (void *)0;

    err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
    CHECK_ERR(err, "deflateInit");

    c_stream.next_in = (z_const unsigned char *)data;
    c_stream.next_out = compr;
    c_stream.avail_in = 3;
    c_stream.avail_out = (unsigned int)*comprLen;
    err = PREFIX(deflate)(&c_stream, Z_FULL_FLUSH);
    CHECK_ERR(err, "deflate flush 1");

    compr[3]++; /* force an error in first compressed block */
    c_stream.avail_in = len - 3;

    err = PREFIX(deflate)(&c_stream, Z_FINISH);
    if (err != Z_STREAM_END) {
        CHECK_ERR(err, "deflate flush 2");
    }
    err = PREFIX(deflateEnd)(&c_stream);
    CHECK_ERR(err, "deflateEnd");

    *comprLen = (z_size_t)c_stream.total_out;
}

/* ===========================================================================
 * Test inflateSync()
 */
void test_sync(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen) {
    int err;
    PREFIX3(stream) d_stream; /* decompression stream */

    d_stream.zalloc = zalloc;
    d_stream.zfree = zfree;
    d_stream.opaque = (void *)0;

    d_stream.next_in = compr;
    d_stream.avail_in = 2; /* just read the zlib header */

    err = PREFIX(inflateInit)(&d_stream);
    CHECK_ERR(err, "inflateInit");

    d_stream.next_out = uncompr;
    d_stream.avail_out = (unsigned int)uncomprLen;

    err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
    CHECK_ERR(err, "inflate");

    d_stream.avail_in = (unsigned int)comprLen - 2; /* read all compressed data */
    err = PREFIX(inflateSync)(&d_stream); /* but skip the damaged part */
    CHECK_ERR(err, "inflateSync");

    err = PREFIX(inflate)(&d_stream, Z_FINISH);
    if (err != Z_STREAM_END) {
        fprintf(stderr, "inflate should report Z_STREAM_END\n");
        exit(1);
    }
    err = PREFIX(inflateEnd)(&d_stream);
    CHECK_ERR(err, "inflateEnd");
}

int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
    z_size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
    z_size_t uncomprLen = (z_size_t)size;
    uint8_t *compr, *uncompr;

    /* Discard inputs larger than 1Mb. */
    static size_t kMaxSize = 1024 * 1024;

    // This test requires at least 3 bytes of input data.
    if (size <= 3 || size > kMaxSize)
        return 0;

    data = d;
    dataLen = size;
    compr = (uint8_t *)calloc(1, comprLen);
    uncompr = (uint8_t *)calloc(1, uncomprLen);

    test_flush(compr, &comprLen);
    test_sync(compr, comprLen, uncompr, uncomprLen);

    free(compr);
    free(uncompr);

    /* This function must return 0. */
    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <stdio.h>
2		#include <assert.h>
3
4		#include "zbuild.h"
5		#ifdef ZLIB_COMPAT
6		# include "zlib.h"
7		#else
8		# include "zlib-ng.h"
9		#endif
10
11	21.7k	#define CHECK_ERR(err, msg) { \
12	21.7k	if (err != Z_OK) { \
13	0	fprintf(stderr, "%s error: %d\n", msg, err); \
14	0	exit(1); \
15	0	} \
16	21.7k	}
17
18		static const uint8_t *data;
19		static size_t dataLen;
20		static alloc_func zalloc = NULL;
21		static free_func zfree = NULL;
22
23		/* ===========================================================================
24		* Test deflate() with full flush
25		*/
26	3.11k	void test_flush(unsigned char compr, z_size_t comprLen) {
27	3.11k	PREFIX3(stream) c_stream; /* compression stream */
28	3.11k	int err;
29	3.11k	unsigned int len = (unsigned int)dataLen;
30
31	3.11k	c_stream.zalloc = zalloc;
32	3.11k	c_stream.zfree = zfree;
33	3.11k	c_stream.opaque = (void *)0;
34
35	3.11k	err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
36	3.11k	CHECK_ERR(err, "deflateInit");
37
38	3.11k	c_stream.next_in = (z_const unsigned char *)data;
39	3.11k	c_stream.next_out = compr;
40	3.11k	c_stream.avail_in = 3;
41	3.11k	c_stream.avail_out = (unsigned int)*comprLen;
42	3.11k	err = PREFIX(deflate)(&c_stream, Z_FULL_FLUSH);
43	3.11k	CHECK_ERR(err, "deflate flush 1");
44
45	3.11k	compr[3]++; /* force an error in first compressed block */
46	3.11k	c_stream.avail_in = len - 3;
47
48	3.11k	err = PREFIX(deflate)(&c_stream, Z_FINISH);
49	3.11k	if (err != Z_STREAM_END) {
50	0	CHECK_ERR(err, "deflate flush 2");
51	0	}
52	3.11k	err = PREFIX(deflateEnd)(&c_stream);
53	3.11k	CHECK_ERR(err, "deflateEnd");
54
55	3.11k	*comprLen = (z_size_t)c_stream.total_out;
56	3.11k	}
57
58		/* ===========================================================================
59		* Test inflateSync()
60		*/
61	3.11k	void test_sync(unsigned char compr, size_t comprLen, unsigned char uncompr, size_t uncomprLen) {
62	3.11k	int err;
63	3.11k	PREFIX3(stream) d_stream; /* decompression stream */
64
65	3.11k	d_stream.zalloc = zalloc;
66	3.11k	d_stream.zfree = zfree;
67	3.11k	d_stream.opaque = (void *)0;
68
69	3.11k	d_stream.next_in = compr;
70	3.11k	d_stream.avail_in = 2; /* just read the zlib header */
71
72	3.11k	err = PREFIX(inflateInit)(&d_stream);
73	3.11k	CHECK_ERR(err, "inflateInit");
74
75	3.11k	d_stream.next_out = uncompr;
76	3.11k	d_stream.avail_out = (unsigned int)uncomprLen;
77
78	3.11k	err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
79	3.11k	CHECK_ERR(err, "inflate");
80
81	3.11k	d_stream.avail_in = (unsigned int)comprLen - 2; /* read all compressed data */
82	3.11k	err = PREFIX(inflateSync)(&d_stream); /* but skip the damaged part */
83	3.11k	CHECK_ERR(err, "inflateSync");
84
85	3.11k	err = PREFIX(inflate)(&d_stream, Z_FINISH);
86	3.11k	if (err != Z_STREAM_END) {
87	0	fprintf(stderr, "inflate should report Z_STREAM_END\n");
88	0	exit(1);
89	0	}
90	3.11k	err = PREFIX(inflateEnd)(&d_stream);
91	3.11k	CHECK_ERR(err, "inflateEnd");
92	3.11k	}
93
94	3.11k	int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
95	3.11k	z_size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
96	3.11k	z_size_t uncomprLen = (z_size_t)size;
97	3.11k	uint8_t compr, uncompr;
98
99		/* Discard inputs larger than 1Mb. */
100	3.11k	static size_t kMaxSize = 1024 * 1024;
101
102		// This test requires at least 3 bytes of input data.
103	3.11k	if (size <= 3 \|\| size > kMaxSize)
104	3	return 0;
105
106	3.11k	data = d;
107	3.11k	dataLen = size;
108	3.11k	compr = (uint8_t *)calloc(1, comprLen);
109	3.11k	uncompr = (uint8_t *)calloc(1, uncomprLen);
110
111	3.11k	test_flush(compr, &comprLen);
112	3.11k	test_sync(compr, comprLen, uncompr, uncomprLen);
113
114	3.11k	free(compr);
115	3.11k	free(uncompr);
116
117		/* This function must return 0. */
118	3.11k	return 0;
119	3.11k	}

Coverage Report

Created: 2025-08-29 06:28