Coverage Report

Created: 2024-09-08 06:32

/src/zstd/tests/fuzz/decompress_cross_format.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (c) Meta Platforms, Inc. and affiliates.
3
 * All rights reserved.
4
 *
5
 * This source code is licensed under both the BSD-style license (found in the
6
 * LICENSE file in the root directory of this source tree) and the GPLv2 (found
7
 * in the COPYING file in the root directory of this source tree).
8
 * You may select, at your option, one of the above-listed licenses.
9
 */
10
11
// This fuzz target validates decompression of magicless-format compressed data.
12
13
#include <stddef.h>
14
#include <stdlib.h>
15
#include <stdio.h>
16
#include <string.h>
17
#include "fuzz_helpers.h"
18
#define ZSTD_STATIC_LINKING_ONLY
19
#include "zstd.h"
20
#include "fuzz_data_producer.h"
21
22
static ZSTD_DCtx *dctx = NULL;
23
24
int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
25
5.20k
{
26
    // Give a random portion of src data to the producer, to use for parameter generation.
27
    // The rest will be interpreted as magicless compressed data.
28
5.20k
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
29
5.20k
    size_t magiclessSize = FUZZ_dataProducer_reserveDataPrefix(producer);
30
5.20k
    const uint8_t* const magiclessSrc = src;
31
5.20k
    size_t const dstSize = FUZZ_dataProducer_uint32Range(producer, 0, 10 * size);
32
5.20k
    uint8_t* const standardDst = (uint8_t*)FUZZ_malloc(dstSize);
33
5.20k
    uint8_t* const magiclessDst = (uint8_t*)FUZZ_malloc(dstSize);
34
35
    // Create standard-format src from magicless-format src
36
5.20k
    const uint32_t zstd_magic = ZSTD_MAGICNUMBER;
37
5.20k
    size_t standardSize = sizeof(zstd_magic) + magiclessSize;
38
5.20k
    uint8_t* const standardSrc = (uint8_t*)FUZZ_malloc(standardSize);
39
5.20k
    memcpy(standardSrc, &zstd_magic, sizeof(zstd_magic)); // assume fuzzing on little-endian machine
40
5.20k
    memcpy(standardSrc + sizeof(zstd_magic), magiclessSrc, magiclessSize);
41
42
    // Truncate to a single frame
43
5.20k
    {
44
5.20k
        const size_t standardFrameCompressedSize = ZSTD_findFrameCompressedSize(standardSrc, standardSize);
45
5.20k
        if (ZSTD_isError(standardFrameCompressedSize)) {
46
221
            goto cleanup_and_return;
47
221
        }
48
4.98k
        standardSize = standardFrameCompressedSize;
49
4.98k
        magiclessSize = standardFrameCompressedSize - sizeof(zstd_magic);
50
4.98k
    }
51
52
    // Create DCtx if needed
53
4.98k
    if (!dctx) {
54
4.98k
        dctx = ZSTD_createDCtx();
55
4.98k
        FUZZ_ASSERT(dctx);
56
4.98k
    }
57
58
    // Test one-shot decompression
59
4.98k
    {
60
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_reset(dctx, ZSTD_reset_session_and_parameters));
61
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_setParameter(dctx, ZSTD_d_format, ZSTD_f_zstd1));
62
4.98k
        const size_t standardRet = ZSTD_decompressDCtx(
63
4.98k
                                        dctx, standardDst, dstSize, standardSrc, standardSize);
64
65
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_reset(dctx, ZSTD_reset_session_and_parameters));
66
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_setParameter(dctx, ZSTD_d_format, ZSTD_f_zstd1_magicless));
67
4.98k
        const size_t magiclessRet = ZSTD_decompressDCtx(
68
4.98k
                                        dctx, magiclessDst, dstSize, magiclessSrc, magiclessSize);
69
70
        // Standard accepts => magicless should accept
71
4.98k
        if (!ZSTD_isError(standardRet)) FUZZ_ZASSERT(magiclessRet);
72
73
        // Magicless accepts => standard should accept
74
        // NOTE: this is nice-to-have, please disable this check if it is difficult to satisfy.
75
4.98k
        if (!ZSTD_isError(magiclessRet)) FUZZ_ZASSERT(standardRet);
76
77
        // If both accept, decompressed size and data should match
78
4.98k
        if (!ZSTD_isError(standardRet) && !ZSTD_isError(magiclessRet)) {
79
229
            FUZZ_ASSERT(standardRet == magiclessRet);
80
229
            if (standardRet > 0) {
81
130
                FUZZ_ASSERT(
82
130
                    memcmp(standardDst, magiclessDst, standardRet) == 0
83
130
                );
84
130
            }
85
229
        }
86
4.98k
    }
87
88
    // Test streaming decompression
89
4.98k
    {
90
4.98k
        ZSTD_inBuffer standardIn = { standardSrc, standardSize, 0 };
91
4.98k
        ZSTD_inBuffer magiclessIn = { magiclessSrc, magiclessSize, 0 };
92
4.98k
        ZSTD_outBuffer standardOut = { standardDst, dstSize, 0 };
93
4.98k
        ZSTD_outBuffer magiclessOut = { magiclessDst, dstSize, 0 };
94
95
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_reset(dctx, ZSTD_reset_session_and_parameters));
96
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_setParameter(dctx, ZSTD_d_format, ZSTD_f_zstd1));
97
4.98k
        const size_t standardRet = ZSTD_decompressStream(dctx, &standardOut, &standardIn);
98
99
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_reset(dctx, ZSTD_reset_session_and_parameters));
100
4.98k
        FUZZ_ZASSERT(ZSTD_DCtx_setParameter(dctx, ZSTD_d_format, ZSTD_f_zstd1_magicless));
101
4.98k
        const size_t magiclessRet = ZSTD_decompressStream(dctx, &magiclessOut, &magiclessIn);
102
103
        // Standard accepts => magicless should accept
104
4.98k
        if (standardRet == 0) FUZZ_ASSERT(magiclessRet == 0);
105
106
        // Magicless accepts => standard should accept
107
        // NOTE: this is nice-to-have, please disable this check if it is difficult to satisfy.
108
4.98k
        if (magiclessRet == 0) FUZZ_ASSERT(standardRet == 0);
109
110
        // If both accept, decompressed size and data should match
111
4.98k
        if (standardRet == 0 && magiclessRet == 0) {
112
429
            FUZZ_ASSERT(standardOut.pos == magiclessOut.pos);
113
429
            if (standardOut.pos > 0) {
114
179
                FUZZ_ASSERT(
115
179
                    memcmp(standardOut.dst, magiclessOut.dst, standardOut.pos) == 0
116
179
                );
117
179
            }
118
429
        }
119
4.98k
    }
120
121
5.20k
cleanup_and_return:
122
5.20k
#ifndef STATEFUL_FUZZING
123
5.20k
    ZSTD_freeDCtx(dctx); dctx = NULL;
124
5.20k
#endif
125
5.20k
    free(standardSrc);
126
5.20k
    free(standardDst);
127
5.20k
    free(magiclessDst);
128
5.20k
    FUZZ_dataProducer_free(producer);
129
5.20k
    return 0;
130
4.98k
}