diff options
author | Nick Terrell <terrelln@fb.com> | 2019-07-13 02:27:00 (GMT) |
---|---|---|
committer | Nick Terrell <terrelln@fb.com> | 2019-07-15 19:22:04 (GMT) |
commit | 3c40db8d258716b9efcfb46fa6dc29de6e43e616 (patch) | |
tree | 7fd1d48f6195dfde2c6475fe035a0061b948e9c3 /ossfuzz/fuzz.h | |
parent | 725cb0aafdf78b550c52618fe5cea1fadd278881 (diff) | |
download | lz4-3c40db8d258716b9efcfb46fa6dc29de6e43e616.zip lz4-3c40db8d258716b9efcfb46fa6dc29de6e43e616.tar.gz lz4-3c40db8d258716b9efcfb46fa6dc29de6e43e616.tar.bz2 |
[ossfuzz] Improve the fuzzers
* Run more decompression variants
* Round trip the compression fuzzer and do partial decompression as well
* Add a compression fuzzer that compresses into a smaller output buffer
and test the destSize variant
These fuzzers caught 2 bugs that were fixed in the previous commit.
* Input buffer over-read in partial decompress
* Partial decompress fails if output size is 0
Diffstat (limited to 'ossfuzz/fuzz.h')
-rw-r--r-- | ossfuzz/fuzz.h | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/ossfuzz/fuzz.h b/ossfuzz/fuzz.h new file mode 100644 index 0000000..eefac63 --- /dev/null +++ b/ossfuzz/fuzz.h @@ -0,0 +1,48 @@ +/** + * Fuzz target interface. + * Fuzz targets have some common parameters passed as macros during compilation. + * Check the documentation for each individual fuzzer for more parameters. + * + * @param FUZZ_RNG_SEED_SIZE: + * The number of bytes of the source to look at when constructing a seed + * for the deterministic RNG. These bytes are discarded before passing + * the data to lz4 functions. Every fuzzer initializes the RNG exactly + * once before doing anything else, even if it is unused. + * Default: 4. + * @param LZ4_DEBUG: + * This is a parameter for the lz4 library. Defining `LZ4_DEBUG=1` + * enables assert() statements in the lz4 library. Higher levels enable + * logging, so aren't recommended. Defining `LZ4_DEBUG=1` is + * recommended. + * @param LZ4_FORCE_MEMORY_ACCESS: + * This flag controls how the zstd library accesses unaligned memory. + * It can be undefined, or 0 through 2. If it is undefined, it selects + * the method to use based on the compiler. If testing with UBSAN set + * MEM_FORCE_MEMORY_ACCESS=0 to use the standard compliant method. + * @param FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + * This is the canonical flag to enable deterministic builds for fuzzing. + * Changes to zstd for fuzzing are gated behind this define. + * It is recommended to define this when building zstd for fuzzing. + */ + +#ifndef FUZZ_H +#define FUZZ_H + +#ifndef FUZZ_RNG_SEED_SIZE +# define FUZZ_RNG_SEED_SIZE 4 +#endif + +#include <stddef.h> +#include <stdint.h> + +#ifdef __cplusplus +extern "C" { +#endif + +int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size); + +#ifdef __cplusplus +} +#endif + +#endif |