/src/zstd/tests/fuzz/huf_decompress.c

Source
/*
 * Copyright (c) Meta Platforms, Inc. and affiliates.
 * All rights reserved.
 *
 * This source code is licensed under both the BSD-style license (found in the
 * LICENSE file in the root directory of this source tree) and the GPLv2 (found
 * in the COPYING file in the root directory of this source tree).
 * You may select, at your option, one of the above-listed licenses.
 */

/**
 * This fuzz target performs a zstd round-trip test (compress & decompress),
 * compares the result with the original, and calls abort() on corruption.
 */

#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "common/cpu.h"
#include "common/huf.h"
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"

int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
{
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
    /* Select random parameters: #streams, X1 or X2 decoding, bmi2 */
    int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1);
    int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1);
    int const flags = 0
        | (ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_bmi2 : 0)
        | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_optimalDepth : 0)
        | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_preferRepeat : 0)
        | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_suspectUncompressible : 0)
        | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableAsm : 0)
        | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableFast : 0);
    /* Select a random cBufSize - it may be too small */
    size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500);
    size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX);
    HUF_DTable* dt = (HUF_DTable*)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) * sizeof(HUF_DTable));
    size_t const wkspSize = HUF_WORKSPACE_SIZE;
    void* wksp = FUZZ_malloc(wkspSize);
    void* dBuf = FUZZ_malloc(dBufSize);
    dt[0] = maxTableLog * 0x01000001;
    size = FUZZ_dataProducer_remainingBytes(producer);

    if (symbols == 0) {
        size_t const err = HUF_readDTableX1_wksp(dt, src, size, wksp, wkspSize, flags);
        if (ZSTD_isError(err))
            goto _out;
    } else {
        size_t const err = HUF_readDTableX2_wksp(dt, src, size, wksp, wkspSize, flags);
        if (ZSTD_isError(err))
            goto _out;
    }
    if (streams == 0)
        HUF_decompress1X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
    else
        HUF_decompress4X_usingDTable(dBuf, dBufSize, src, size, dt, flags);

_out:
    free(dt);
    free(wksp);
    free(dBuf);
    FUZZ_dataProducer_free(producer);
    return 0;
}

Line	Count	Source
1		/*
2		* Copyright (c) Meta Platforms, Inc. and affiliates.
3		* All rights reserved.
4		*
5		* This source code is licensed under both the BSD-style license (found in the
6		* LICENSE file in the root directory of this source tree) and the GPLv2 (found
7		* in the COPYING file in the root directory of this source tree).
8		* You may select, at your option, one of the above-listed licenses.
9		*/
10
11		/**
12		* This fuzz target performs a zstd round-trip test (compress & decompress),
13		* compares the result with the original, and calls abort() on corruption.
14		*/
15
16		#include <stddef.h>
17		#include <stdlib.h>
18		#include <stdio.h>
19		#include <string.h>
20		#include "common/cpu.h"
21		#include "common/huf.h"
22		#include "fuzz_helpers.h"
23		#include "fuzz_data_producer.h"
24
25		int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
26	4.39k	{
27	4.39k	FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
28		/* Select random parameters: #streams, X1 or X2 decoding, bmi2 */
29	4.39k	int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1);
30	4.39k	int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1);
31	4.39k	int const flags = 0
32	4.39k	\| (ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_bmi2 : 0)
33	4.39k	\| (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_optimalDepth : 0)
34	4.39k	\| (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_preferRepeat : 0)
35	4.39k	\| (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_suspectUncompressible : 0)
36	4.39k	\| (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableAsm : 0)
37	4.39k	\| (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableFast : 0);
38		/* Select a random cBufSize - it may be too small */
39	4.39k	size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500);
40	4.39k	size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX);
41	4.39k	HUF_DTable* dt = (HUF_DTable)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) sizeof(HUF_DTable));
42	4.39k	size_t const wkspSize = HUF_WORKSPACE_SIZE;
43	4.39k	void* wksp = FUZZ_malloc(wkspSize);
44	4.39k	void* dBuf = FUZZ_malloc(dBufSize);
45	4.39k	dt[0] = maxTableLog * 0x01000001;
46	4.39k	size = FUZZ_dataProducer_remainingBytes(producer);
47
48	4.39k	if (symbols == 0) {
49	1.77k	size_t const err = HUF_readDTableX1_wksp(dt, src, size, wksp, wkspSize, flags);
50	1.77k	if (ZSTD_isError(err))
51	273	goto _out;
52	2.61k	} else {
53	2.61k	size_t const err = HUF_readDTableX2_wksp(dt, src, size, wksp, wkspSize, flags);
54	2.61k	if (ZSTD_isError(err))
55	337	goto _out;
56	2.61k	}
57	3.78k	if (streams == 0)
58	822	HUF_decompress1X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
59	2.96k	else
60	2.96k	HUF_decompress4X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
61
62	4.39k	_out:
63	4.39k	free(dt);
64	4.39k	free(wksp);
65	4.39k	free(dBuf);
66	4.39k	FUZZ_dataProducer_free(producer);
67	4.39k	return 0;
68	3.78k	}

Coverage Report

Created: 2025-07-11 06:33