Coverage Report

Created: 2025-07-01 07:02

/src/example_small_fuzzer.c
Line
Count
Source (jump to first uncovered line)
1
#include <stdio.h>
2
#include <stddef.h>
3
#include <stdint.h>
4
#include <string.h>
5
#include <assert.h>
6
#include <stdlib.h>
7
#include <inttypes.h>
8
#include "zlib.h"
9
10
0
#define CHECK_ERR(err, msg) { \
11
0
    if (err != Z_OK) { \
12
0
        fprintf(stderr, "%s error: %d\n", msg, err); \
13
0
        return 0; \
14
0
    } \
15
0
}
16
17
static const uint8_t *data;
18
static size_t dataLen;
19
static alloc_func zalloc = NULL;
20
static free_func zfree = NULL;
21
22
/* ===========================================================================
23
 * Test deflate() with small buffers
24
 */
25
0
int test_deflate(unsigned char *compr, size_t comprLen) {
26
0
  z_stream c_stream; /* compression stream */
27
0
  int err;
28
0
  unsigned long len = dataLen;
29
30
0
  c_stream.zalloc = zalloc;
31
0
  c_stream.zfree = zfree;
32
0
  c_stream.opaque = (void *)0;
33
34
0
  err = deflateInit(&c_stream, Z_DEFAULT_COMPRESSION);
35
0
  CHECK_ERR(err, "deflateInit");
36
37
0
  c_stream.next_in = (Bytef *)data;
38
0
  c_stream.next_out = compr;
39
40
0
  while (c_stream.total_in != len && c_stream.total_out < comprLen) {
41
0
    c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
42
0
    err = deflate(&c_stream, Z_NO_FLUSH);
43
0
    CHECK_ERR(err, "deflate small 1");
44
0
  }
45
  /* Finish the stream, still forcing small buffers: */
46
0
  for (;;) {
47
0
    c_stream.avail_out = 1;
48
0
    err = deflate(&c_stream, Z_FINISH);
49
0
    if (err == Z_STREAM_END)
50
0
      break;
51
0
    CHECK_ERR(err, "deflate small 2");
52
0
  }
53
54
0
  err = deflateEnd(&c_stream);
55
0
  CHECK_ERR(err, "deflateEnd");
56
0
  return 0;
57
0
}
58
59
/* ===========================================================================
60
 * Test inflate() with small buffers
61
 */
62
int test_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr,
63
0
                  size_t uncomprLen) {
64
0
  int err;
65
0
  z_stream d_stream; /* decompression stream */
66
67
0
  d_stream.zalloc = zalloc;
68
0
  d_stream.zfree = zfree;
69
0
  d_stream.opaque = (void *)0;
70
71
0
  d_stream.next_in = compr;
72
0
  d_stream.avail_in = 0;
73
0
  d_stream.next_out = uncompr;
74
75
0
  err = inflateInit(&d_stream);
76
0
  CHECK_ERR(err, "inflateInit");
77
78
0
  while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
79
0
    d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
80
0
    err = inflate(&d_stream, Z_NO_FLUSH);
81
0
    if (err == Z_STREAM_END)
82
0
      break;
83
0
    CHECK_ERR(err, "inflate");
84
0
  }
85
86
0
  err = inflateEnd(&d_stream);
87
0
  CHECK_ERR(err, "inflateEnd");
88
89
0
  if (memcmp(uncompr, data, dataLen)) {
90
0
    fprintf(stderr, "bad inflate\n");
91
0
    return 0;
92
0
  }
93
0
  return 0;
94
0
}
95
96
1.06k
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
97
1.06k
  size_t comprLen = compressBound(size);
98
1.06k
  size_t uncomprLen = size;
99
1.06k
  uint8_t *compr, *uncompr;
100
101
  /* Discard inputs larger than 1Mb. */
102
1.06k
  static size_t kMaxSize = 1024 * 1024;
103
104
1.06k
  if (size < 1 || size > kMaxSize)
105
4
    return 0;
106
107
1.06k
  data = d;
108
1.06k
  dataLen = size;
109
1.06k
  compr = (uint8_t *)calloc(1, comprLen);
110
1.06k
  uncompr = (uint8_t *)calloc(1, uncomprLen);
111
112
1.06k
  test_deflate(compr, comprLen);
113
1.06k
  test_inflate(compr, comprLen, uncompr, uncomprLen);
114
115
1.06k
  free(compr);
116
1.06k
  free(uncompr);
117
118
  /* This function must return 0. */
119
1.06k
  return 0;
120
1.06k
}