summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYann Collet <Cyan4973@users.noreply.github.com>2019-09-18 17:21:43 (GMT)
committerGitHub <noreply@github.com>2019-09-18 17:21:43 (GMT)
commit804d47cf78b36edc05e29aa89e64d72b53200aeb (patch)
treebc76e79fb8c70c3eb8b4bf58f71220c86c6898e7
parent9b2b96edc4642c4a21e2485ffe9bd43ed5f3a2b2 (diff)
parent8edc5879d029459074a9c7bd9489dabf5b510bf6 (diff)
downloadlz4-804d47cf78b36edc05e29aa89e64d72b53200aeb.zip
lz4-804d47cf78b36edc05e29aa89e64d72b53200aeb.tar.gz
lz4-804d47cf78b36edc05e29aa89e64d72b53200aeb.tar.bz2
Merge pull request #790 from bimbashrestha/seperating_seed_generation_and_use_in_fuzzers
Separating the seed generation and use in FUZZ_dataProducer api
Diffstat
-rw-r--r--ossfuzz/compress_frame_fuzzer.c9
-rw-r--r--ossfuzz/compress_fuzzer.c11
-rw-r--r--ossfuzz/compress_hc_fuzzer.c14
-rw-r--r--ossfuzz/decompress_frame_fuzzer.c16
-rw-r--r--ossfuzz/decompress_fuzzer.c9
-rw-r--r--ossfuzz/fuzz_data_producer.c58
-rw-r--r--ossfuzz/fuzz_data_producer.h8
-rw-r--r--ossfuzz/round_trip_frame_fuzzer.c11
-rw-r--r--ossfuzz/round_trip_fuzzer.c9
-rw-r--r--ossfuzz/round_trip_hc_fuzzer.c9
10 files changed, 85 insertions, 69 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 7fe09a1..668d7c3 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -19,17 +19,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
+ size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, compressBound);
+ size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
+
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
/* If compression succeeds it must round trip correctly. */
size_t const dstSize =
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c
index 9d72e72..edc8aad 100644
--- a/ossfuzz/compress_fuzzer.c
+++ b/ossfuzz/compress_fuzzer.c
@@ -16,14 +16,15 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(
- producer, 0, LZ4_compressBound(size));
+ size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const compressBound = LZ4_compressBound(size);
+ size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
+
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
diff --git a/ossfuzz/compress_hc_fuzzer.c b/ossfuzz/compress_hc_fuzzer.c
index 5f22104..7d8e45a 100644
--- a/ossfuzz/compress_hc_fuzzer.c
+++ b/ossfuzz/compress_hc_fuzzer.c
@@ -17,15 +17,15 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(
- producer, 0, LZ4_compressBound(size));
+ size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
+ int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
- int const level = FUZZ_dataProducer_uint32(
- producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
-
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
diff --git a/ossfuzz/decompress_frame_fuzzer.c b/ossfuzz/decompress_frame_fuzzer.c
index 60d2ea1..0fcbb16 100644
--- a/ossfuzz/decompress_frame_fuzzer.c
+++ b/ossfuzz/decompress_frame_fuzzer.c
@@ -31,20 +31,22 @@ static void decompress(LZ4F_dctx* dctx, void* dst, size_t dstCapacity,
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(
- producer, 0, 4 * size);
+ size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size_t const dictSizeSeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const dstCapacity = FUZZ_getRange_from_uint32(
+ dstCapacitySeed, 0, 4 * size);
size_t const largeDictSize = 64 * 1024;
- size_t const dictSize = FUZZ_dataProducer_uint32(
- producer, 0, largeDictSize);
+ size_t const dictSize = FUZZ_getRange_from_uint32(
+ dictSizeSeed, 0, largeDictSize);
+
char* const dst = (char*)malloc(dstCapacity);
char* const dict = (char*)malloc(dictSize);
LZ4F_decompressOptions_t opts;
LZ4F_dctx* dctx;
LZ4F_createDecompressionContext(&dctx, LZ4F_VERSION);
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
FUZZ_ASSERT(dctx);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(dict);
diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c
index bc4190b..6f48e30 100644
--- a/ossfuzz/decompress_fuzzer.c
+++ b/ossfuzz/decompress_fuzzer.c
@@ -15,8 +15,10 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(
- producer, 0, 4 * size);
+ size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, 4 * size);
size_t const smallDictSize = size + 1;
size_t const largeDictSize = 64 * 1024 - 1;
size_t const dictSize = MAX(smallDictSize, largeDictSize);
@@ -26,9 +28,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
char* const dataAfterDict = dict + dictSize;
char* const smallDict = dataAfterDict - smallDictSize;
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
FUZZ_ASSERT(dst);
FUZZ_ASSERT(dict);
diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c
index f35bd8a..cc06958 100644
--- a/ossfuzz/fuzz_data_producer.c
+++ b/ossfuzz/fuzz_data_producer.c
@@ -17,39 +17,47 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size)
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
- uint32_t max) {
- FUZZ_ASSERT(min <= max);
-
- uint32_t range = max - min;
- uint32_t rolling = range;
- uint32_t result = 0;
-
- while (rolling > 0 && producer->size > 0) {
- uint8_t next = *(producer->data + producer->size - 1);
- producer->size -= 1;
- result = (result << 8) | next;
- rolling >>= 8;
- }
+uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer) {
+ const uint8_t* data = producer->data;
+ const size_t size = producer->size;
+ if (size == 0) {
+ return 0;
+ } else if (size < 4) {
+ producer->size -= 1;
+ return (uint32_t)data[size - 1];
+ } else {
+ producer->size -= 4;
+ return *(data + size - 4);
+ }
+}
- if (range == 0xffffffff) {
- return result;
- }
+uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
+{
+ uint32_t range = max - min;
+ if (range == 0xffffffff) {
+ return seed;
+ }
+ return min + seed % (range + 1);
+}
- return min + result % (range + 1);
+uint32_t FUZZ_dataProducer_range32(FUZZ_dataProducer_t* producer,
+ uint32_t min, uint32_t max)
+{
+ size_t const seed = FUZZ_dataProducer_retrieve32(producer);
+ return FUZZ_getRange_from_uint32(seed, min, max);
}
LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer)
{
LZ4F_frameInfo_t info = LZ4F_INIT_FRAMEINFO;
- info.blockSizeID = FUZZ_dataProducer_uint32(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
+ info.blockSizeID = FUZZ_dataProducer_range32(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
if (info.blockSizeID < LZ4F_max64KB) {
info.blockSizeID = LZ4F_default;
}
- info.blockMode = FUZZ_dataProducer_uint32(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
- info.contentChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noContentChecksum,
+ info.blockMode = FUZZ_dataProducer_range32(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
+ info.contentChecksumFlag = FUZZ_dataProducer_range32(producer, LZ4F_noContentChecksum,
LZ4F_contentChecksumEnabled);
- info.blockChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noBlockChecksum,
+ info.blockChecksumFlag = FUZZ_dataProducer_range32(producer, LZ4F_noBlockChecksum,
LZ4F_blockChecksumEnabled);
return info;
}
@@ -58,9 +66,9 @@ LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer)
{
LZ4F_preferences_t prefs = LZ4F_INIT_PREFERENCES;
prefs.frameInfo = FUZZ_dataProducer_frameInfo(producer);
- prefs.compressionLevel = FUZZ_dataProducer_uint32(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
- prefs.autoFlush = FUZZ_dataProducer_uint32(producer, 0, 1);
- prefs.favorDecSpeed = FUZZ_dataProducer_uint32(producer, 0, 1);
+ prefs.compressionLevel = FUZZ_dataProducer_range32(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
+ prefs.autoFlush = FUZZ_dataProducer_range32(producer, 0, 1);
+ prefs.favorDecSpeed = FUZZ_dataProducer_range32(producer, 0, 1);
return prefs;
}
diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h
index 4c097a7..b96dcba 100644
--- a/ossfuzz/fuzz_data_producer.h
+++ b/ossfuzz/fuzz_data_producer.h
@@ -16,8 +16,14 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size);
/* Frees the data producer */
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
+/* Returns 32 bits from the end of data */
+uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer);
+
/* Returns value between [min, max] */
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
+uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max);
+
+/* Combination of above two functions for non adaptive use cases. ie where size is not involved */
+uint32_t FUZZ_dataProducer_range32(FUZZ_dataProducer_t *producer, uint32_t min,
uint32_t max);
/* Returns lz4 preferences */
diff --git a/ossfuzz/round_trip_frame_fuzzer.c b/ossfuzz/round_trip_frame_fuzzer.c
index fe6fc77..149542d 100644
--- a/ossfuzz/round_trip_frame_fuzzer.c
+++ b/ossfuzz/round_trip_frame_fuzzer.c
@@ -16,18 +16,17 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+ FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, size);
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
- size_t const dstCapacity = LZ4F_compressFrameBound(size, &prefs);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
char* const dst = (char*)malloc(dstCapacity);
- char* const rt = (char*)malloc(size);
+ char* const rt = (char*)malloc(FUZZ_dataProducer_remainingBytes(producer));
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
/* Compression must succeed and round trip correctly. */
size_t const dstSize =
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
diff --git a/ossfuzz/round_trip_fuzzer.c b/ossfuzz/round_trip_fuzzer.c
index e37a0a6..6307058 100644
--- a/ossfuzz/round_trip_fuzzer.c
+++ b/ossfuzz/round_trip_fuzzer.c
@@ -15,17 +15,18 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const partialCapacity = FUZZ_dataProducer_uint32(producer, 0, size);
+ size_t const partialCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
+ size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed, 0, size);
size_t const dstCapacity = LZ4_compressBound(size);
+
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
-
/* Compression must succeed and round trip correctly. */
int const dstSize = LZ4_compress_default((const char*)data, dst,
size, dstCapacity);
diff --git a/ossfuzz/round_trip_hc_fuzzer.c b/ossfuzz/round_trip_hc_fuzzer.c
index 8406809..7d03ee2 100644
--- a/ossfuzz/round_trip_hc_fuzzer.c
+++ b/ossfuzz/round_trip_hc_fuzzer.c
@@ -16,14 +16,13 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
+ int const level = FUZZ_dataProducer_range32(producer,
+ LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
size_t const dstCapacity = LZ4_compressBound(size);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
- int const level = FUZZ_dataProducer_uint32(
- producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
-
- /* Restrict to remaining data from producer */
- size = FUZZ_dataProducer_remainingBytes(producer);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
generated by cgit v0.12 at 2024-08-22 23:28:35 (GMT)