/src/example_small_fuzzer.c

Source (jump to first uncovered line)
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zlib.h"

#define CHECK_ERR(err, msg) { \
    if (err != Z_OK) { \
        fprintf(stderr, "%s error: %d\n", msg, err); \
        return 0; \
    } \
}

static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;

/* ===========================================================================
 * Test deflate() with small buffers
 */
int test_deflate(unsigned char *compr, size_t comprLen) {
  z_stream c_stream; /* compression stream */
  int err;
  unsigned long len = dataLen;

  c_stream.zalloc = zalloc;
  c_stream.zfree = zfree;
  c_stream.opaque = (void *)0;

  err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
  CHECK_ERR(err, "deflateInit");

  c_stream.next_in = (Bytef *)data;
  c_stream.next_out = compr;

  while (c_stream.total_in != len && c_stream.total_out < comprLen) {
    c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
    err = deflate(&c_stream, Z_NO_FLUSH);
    CHECK_ERR(err, "deflate small 1");
  }
  /* Finish the stream, still forcing small buffers: */
  for (;;) {
    c_stream.avail_out = 1;
    err = deflate(&c_stream, Z_FINISH);
    if (err == Z_STREAM_END)
      break;
    CHECK_ERR(err, "deflate small 2");
  }

  err = deflateEnd(&c_stream);
  CHECK_ERR(err, "deflateEnd");
  return 0;
}

/* ===========================================================================
 * Test inflate() with small buffers
 */
int test_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr,
                  size_t uncomprLen) {
  int err;
  z_stream d_stream; /* decompression stream */

  d_stream.zalloc = zalloc;
  d_stream.zfree = zfree;
  d_stream.opaque = (void *)0;

  d_stream.next_in = compr;
  d_stream.avail_in = 0;
  d_stream.next_out = uncompr;

  err = inflateInit(&d_stream);
  CHECK_ERR(err, "inflateInit");

  while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
    d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
    err = inflate(&d_stream, Z_NO_FLUSH);
    if (err == Z_STREAM_END)
      break;
    CHECK_ERR(err, "inflate");
  }

  err = inflateEnd(&d_stream);
  CHECK_ERR(err, "inflateEnd");

  if (memcmp(uncompr, data, dataLen)) {
    fprintf(stderr, "bad inflate\n");
    return 0;
  }
  return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
  size_t comprLen = compressBound(size);
  size_t uncomprLen = size;
  uint8_t *compr, *uncompr;

  /* Discard inputs larger than 1Mb. */
  static size_t kMaxSize = 1024 * 1024;

  if (size < 1 || size > kMaxSize)
    return 0;

  data = d;
  dataLen = size;
  compr = (uint8_t *)calloc(1, comprLen);
  uncompr = (uint8_t *)calloc(1, uncomprLen);

  test_deflate(compr, comprLen);
  test_inflate(compr, comprLen, uncompr, uncomprLen);

  free(compr);
  free(uncompr);

  /* This function must return 0. */
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		#include <stdio.h>
2		#include <stddef.h>
3		#include <stdint.h>
4		#include <string.h>
5		#include <assert.h>
6		#include <stdlib.h>
7		#include <inttypes.h>
8		#include "zlib.h"
9
10	345M	#define CHECK_ERR(err, msg) { \
11	345M	if (err != Z_OK) { \
12	0	fprintf(stderr, "%s error: %d\n", msg, err); \
13	0	return 0; \
14	0	} \
15	345M	}
16
17		static const uint8_t *data;
18		static size_t dataLen;
19		static alloc_func zalloc = NULL;
20		static free_func zfree = NULL;
21
22		/* ===========================================================================
23		* Test deflate() with small buffers
24		*/
25	2.48k	int test_deflate(unsigned char *compr, size_t comprLen) {
26	2.48k	z_stream c_stream; /* compression stream */
27	2.48k	int err;
28	2.48k	unsigned long len = dataLen;
29
30	2.48k	c_stream.zalloc = zalloc;
31	2.48k	c_stream.zfree = zfree;
32	2.48k	c_stream.opaque = (void *)0;
33
34	2.48k	err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
35	2.48k	CHECK_ERR(err, "deflateInit");
36
37	2.48k	c_stream.next_in = (Bytef *)data;
38	2.48k	c_stream.next_out = compr;
39
40	203M	while (c_stream.total_in != len && c_stream.total_out < comprLen) {
41	203M	c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
42	203M	err = deflate(&c_stream, Z_NO_FLUSH);
43	203M	CHECK_ERR(err, "deflate small 1");
44	203M	}
45		/* Finish the stream, still forcing small buffers: */
46	8.69M	for (;;) {
47	8.69M	c_stream.avail_out = 1;
48	8.69M	err = deflate(&c_stream, Z_FINISH);
49	8.69M	if (err == Z_STREAM_END)
50	2.48k	break;
51	8.68M	CHECK_ERR(err, "deflate small 2");
52	8.68M	}
53
54	2.48k	err = deflateEnd(&c_stream);
55	2.48k	CHECK_ERR(err, "deflateEnd");
56	2.48k	return 0;
57	2.48k	}
58
59		/* ===========================================================================
60		* Test inflate() with small buffers
61		*/
62		int test_inflate(unsigned char compr, size_t comprLen, unsigned char uncompr,
63	2.48k	size_t uncomprLen) {
64	2.48k	int err;
65	2.48k	z_stream d_stream; /* decompression stream */
66
67	2.48k	d_stream.zalloc = zalloc;
68	2.48k	d_stream.zfree = zfree;
69	2.48k	d_stream.opaque = (void *)0;
70
71	2.48k	d_stream.next_in = compr;
72	2.48k	d_stream.avail_in = 0;
73	2.48k	d_stream.next_out = uncompr;
74
75	2.48k	err = inflateInit(&d_stream);
76	2.48k	CHECK_ERR(err, "inflateInit");
77
78	133M	while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
79	133M	d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
80	133M	err = inflate(&d_stream, Z_NO_FLUSH);
81	133M	if (err == Z_STREAM_END)
82	0	break;
83	133M	CHECK_ERR(err, "inflate");
84	133M	}
85
86	2.48k	err = inflateEnd(&d_stream);
87	2.48k	CHECK_ERR(err, "inflateEnd");
88
89	2.48k	if (memcmp(uncompr, data, dataLen)) {
90	0	fprintf(stderr, "bad inflate\n");
91	0	return 0;
92	0	}
93	2.48k	return 0;
94	2.48k	}
95
96	2.48k	int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
97	2.48k	size_t comprLen = compressBound(size);
98	2.48k	size_t uncomprLen = size;
99	2.48k	uint8_t compr, uncompr;
100
101		/* Discard inputs larger than 1Mb. */
102	2.48k	static size_t kMaxSize = 1024 * 1024;
103
104	2.48k	if (size < 1 \|\| size > kMaxSize)
105	0	return 0;
106
107	2.48k	data = d;
108	2.48k	dataLen = size;
109	2.48k	compr = (uint8_t *)calloc(1, comprLen);
110	2.48k	uncompr = (uint8_t *)calloc(1, uncomprLen);
111
112	2.48k	test_deflate(compr, comprLen);
113	2.48k	test_inflate(compr, comprLen, uncompr, uncomprLen);
114
115	2.48k	free(compr);
116	2.48k	free(uncompr);
117
118		/* This function must return 0. */
119	2.48k	return 0;
120	2.48k	}

Coverage Report

Created: 2023-09-25 07:00