/src/zstd/tests/fuzz/seekable_roundtrip.c

Source (jump to first uncovered line)
/*
 * Copyright (c) Meta Platforms, Inc. and affiliates.
 * All rights reserved.
 *
 * This source code is licensed under both the BSD-style license (found in the
 * LICENSE file in the root directory of this source tree) and the GPLv2 (found
 * in the COPYING file in the root directory of this source tree).
 * You may select, at your option, one of the above-listed licenses.
 */

#include "zstd.h"
#include "zstd_seekable.h"
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"

static ZSTD_seekable *stream = NULL;
static ZSTD_seekable_CStream *zscs = NULL;
static const size_t kSeekableOverheadSize = ZSTD_seekTableFooterSize;

int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
{
    /* Give a random portion of src data to the producer, to use for
    parameter generation. The rest will be used for (de)compression */
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
    size = FUZZ_dataProducer_reserveDataPrefix(producer);
    size_t const compressedBufferSize = ZSTD_compressBound(size) + kSeekableOverheadSize;
    uint8_t* compressedBuffer = (uint8_t*)malloc(compressedBufferSize);
    uint8_t* decompressedBuffer = (uint8_t*)malloc(size);

    int const cLevel = FUZZ_dataProducer_int32Range(producer, ZSTD_minCLevel(), ZSTD_maxCLevel());
    unsigned const checksumFlag = FUZZ_dataProducer_int32Range(producer, 0, 1);
    size_t const uncompressedSize = FUZZ_dataProducer_uint32Range(producer, 0, size);
    size_t const offset = FUZZ_dataProducer_uint32Range(producer, 0, size - uncompressedSize);
    size_t seekSize;

    if (!zscs) {
        zscs = ZSTD_seekable_createCStream();
        FUZZ_ASSERT(zscs);
    }
    if (!stream) {
        stream = ZSTD_seekable_create();
        FUZZ_ASSERT(stream);
    }

    {   /* Perform a compression */
        size_t const initStatus = ZSTD_seekable_initCStream(zscs, cLevel, checksumFlag, size);
        size_t endStatus;
        ZSTD_outBuffer out = { .dst=compressedBuffer, .pos=0, .size=compressedBufferSize };
        ZSTD_inBuffer  in  = { .src=src, .pos=0, .size=size };
        FUZZ_ASSERT(!ZSTD_isError(initStatus));

        do {
            size_t cSize = ZSTD_seekable_compressStream(zscs, &out, &in);
            FUZZ_ASSERT(!ZSTD_isError(cSize));
        } while (in.pos != in.size);

        FUZZ_ASSERT(in.pos == in.size);
        endStatus = ZSTD_seekable_endStream(zscs, &out);
        FUZZ_ASSERT(!ZSTD_isError(endStatus));
        seekSize = out.pos;
    }

    {   /* Decompress at an offset */
        size_t const initStatus = ZSTD_seekable_initBuff(stream, compressedBuffer, seekSize);
        size_t decompressedBytesTotal = 0;
        size_t dSize;

        FUZZ_ZASSERT(initStatus);
        do {
            dSize = ZSTD_seekable_decompress(stream, decompressedBuffer, uncompressedSize, offset);
            FUZZ_ASSERT(!ZSTD_isError(dSize));
            decompressedBytesTotal += dSize;
        } while (decompressedBytesTotal < uncompressedSize && dSize > 0);
        FUZZ_ASSERT(decompressedBytesTotal == uncompressedSize);
    }

    FUZZ_ASSERT_MSG(!FUZZ_memcmp(src+offset, decompressedBuffer, uncompressedSize), "Corruption!");

    free(decompressedBuffer);
    free(compressedBuffer);
    FUZZ_dataProducer_free(producer);

#ifndef STATEFUL_FUZZING
    ZSTD_seekable_free(stream); stream = NULL;
    ZSTD_seekable_freeCStream(zscs); zscs = NULL;
#endif
    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) Meta Platforms, Inc. and affiliates.
3		* All rights reserved.
4		*
5		* This source code is licensed under both the BSD-style license (found in the
6		* LICENSE file in the root directory of this source tree) and the GPLv2 (found
7		* in the COPYING file in the root directory of this source tree).
8		* You may select, at your option, one of the above-listed licenses.
9		*/
10
11		#include "zstd.h"
12		#include "zstd_seekable.h"
13		#include "fuzz_helpers.h"
14		#include "fuzz_data_producer.h"
15
16		static ZSTD_seekable *stream = NULL;
17		static ZSTD_seekable_CStream *zscs = NULL;
18		static const size_t kSeekableOverheadSize = ZSTD_seekTableFooterSize;
19
20		int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
21	12.7k	{
22		/* Give a random portion of src data to the producer, to use for
23		parameter generation. The rest will be used for (de)compression */
24	12.7k	FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
25	12.7k	size = FUZZ_dataProducer_reserveDataPrefix(producer);
26	12.7k	size_t const compressedBufferSize = ZSTD_compressBound(size) + kSeekableOverheadSize;
27	12.7k	uint8_t* compressedBuffer = (uint8_t*)malloc(compressedBufferSize);
28	12.7k	uint8_t* decompressedBuffer = (uint8_t*)malloc(size);
29
30	12.7k	int const cLevel = FUZZ_dataProducer_int32Range(producer, ZSTD_minCLevel(), ZSTD_maxCLevel());
31	12.7k	unsigned const checksumFlag = FUZZ_dataProducer_int32Range(producer, 0, 1);
32	12.7k	size_t const uncompressedSize = FUZZ_dataProducer_uint32Range(producer, 0, size);
33	12.7k	size_t const offset = FUZZ_dataProducer_uint32Range(producer, 0, size - uncompressedSize);
34	12.7k	size_t seekSize;
35
36	12.7k	if (!zscs) {
37	12.7k	zscs = ZSTD_seekable_createCStream();
38	12.7k	FUZZ_ASSERT(zscs);
39	12.7k	}
40	12.7k	if (!stream) {
41	12.7k	stream = ZSTD_seekable_create();
42	12.7k	FUZZ_ASSERT(stream);
43	12.7k	}
44
45	12.7k	{ /* Perform a compression */
46	12.7k	size_t const initStatus = ZSTD_seekable_initCStream(zscs, cLevel, checksumFlag, size);
47	12.7k	size_t endStatus;
48	12.7k	ZSTD_outBuffer out = { .dst=compressedBuffer, .pos=0, .size=compressedBufferSize };
49	12.7k	ZSTD_inBuffer in = { .src=src, .pos=0, .size=size };
50	12.7k	FUZZ_ASSERT(!ZSTD_isError(initStatus));
51
52	12.7k	do {
53	12.7k	size_t cSize = ZSTD_seekable_compressStream(zscs, &out, &in);
54	12.7k	FUZZ_ASSERT(!ZSTD_isError(cSize));
55	12.7k	} while (in.pos != in.size);
56
57	12.7k	FUZZ_ASSERT(in.pos == in.size);
58	12.7k	endStatus = ZSTD_seekable_endStream(zscs, &out);
59	12.7k	FUZZ_ASSERT(!ZSTD_isError(endStatus));
60	12.7k	seekSize = out.pos;
61	12.7k	}
62
63	0	{ /* Decompress at an offset */
64	12.7k	size_t const initStatus = ZSTD_seekable_initBuff(stream, compressedBuffer, seekSize);
65	12.7k	size_t decompressedBytesTotal = 0;
66	12.7k	size_t dSize;
67
68	12.7k	FUZZ_ZASSERT(initStatus);
69	12.7k	do {
70	12.7k	dSize = ZSTD_seekable_decompress(stream, decompressedBuffer, uncompressedSize, offset);
71	12.7k	FUZZ_ASSERT(!ZSTD_isError(dSize));
72	12.7k	decompressedBytesTotal += dSize;
73	12.7k	} while (decompressedBytesTotal < uncompressedSize && dSize > 0);
74	12.7k	FUZZ_ASSERT(decompressedBytesTotal == uncompressedSize);
75	12.7k	}
76
77	12.7k	FUZZ_ASSERT_MSG(!FUZZ_memcmp(src+offset, decompressedBuffer, uncompressedSize), "Corruption!");
78
79	12.7k	free(decompressedBuffer);
80	12.7k	free(compressedBuffer);
81	12.7k	FUZZ_dataProducer_free(producer);
82
83	12.7k	#ifndef STATEFUL_FUZZING
84	12.7k	ZSTD_seekable_free(stream); stream = NULL;
85	12.7k	ZSTD_seekable_freeCStream(zscs); zscs = NULL;
86	12.7k	#endif
87	12.7k	return 0;
88	12.7k	}

Coverage Report

Created: 2025-08-24 07:06