diff options
| author | Qi Wang <wangqi@linux.alibaba.com> | 2022-06-06 04:16:17 (GMT) |
|---|---|---|
| committer | Qi Wang <wangqi@linux.alibaba.com> | 2022-06-07 09:13:01 (GMT) |
| commit | 582f5fe534675da1cff232b77970208b6fc240f8 (patch) | |
| tree | 27a9f6692067f317d0353a3b34b90e8132c14b24 /ossfuzz | |
| parent | ec75db22941d833ef542b43c52c75d143aeba48a (diff) | |
| download | lz4-582f5fe534675da1cff232b77970208b6fc240f8.zip lz4-582f5fe534675da1cff232b77970208b6fc240f8.tar.gz lz4-582f5fe534675da1cff232b77970208b6fc240f8.tar.bz2 | |
ossfuzz: add fuzz for `LZ4_decompress_safe_partial_usingDict`
Signed-off-by: Qi Wang <wangqi@linux.alibaba.com>
Diffstat (limited to 'ossfuzz')
| -rw-r--r-- | ossfuzz/decompress_fuzzer.c | 18 | ||||
| -rw-r--r-- | ossfuzz/round_trip_fuzzer.c | 65 |
2 files changed, 79 insertions, 4 deletions
diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index a9a197c..490b3fd 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -49,11 +49,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) LZ4_decompress_safe_usingDict((char const*)dataAfterDict, dst, size, dstCapacity, smallDict, smallDictSize); /* Large prefix. */ - LZ4_decompress_safe_usingDict((char const*)data, dst, size, + LZ4_decompress_safe_usingDict((char const*)dataAfterDict, dst, size, dstCapacity, largeDict, largeDictSize); /* Partial decompression. */ LZ4_decompress_safe_partial((char const*)data, dst, size, dstCapacity, dstCapacity); + /* Partial decompression using each possible dictionary configuration. */ + /* Partial decompression with no dictionary. */ + LZ4_decompress_safe_partial_usingDict((char const*)data, dst, size, + dstCapacity, dstCapacity, NULL, 0); + /* Partial decompression with small external dictionary. */ + LZ4_decompress_safe_partial_usingDict((char const*)data, dst, size, + dstCapacity, dstCapacity, smallDict, smallDictSize); + /* Partial decompression with large external dictionary. */ + LZ4_decompress_safe_partial_usingDict((char const*)data, dst, size, + dstCapacity, dstCapacity, largeDict, largeDictSize); + /* Partial decompression with small prefix. */ + LZ4_decompress_safe_partial_usingDict((char const*)dataAfterDict, dst, size, + dstCapacity, dstCapacity, smallDict, smallDictSize); + /* Partial decompression wtih large prefix. */ + LZ4_decompress_safe_partial_usingDict((char const*)dataAfterDict, dst, size, + dstCapacity, dstCapacity, largeDict, largeDictSize); free(dst); free(dict); FUZZ_dataProducer_free(producer); diff --git a/ossfuzz/round_trip_fuzzer.c b/ossfuzz/round_trip_fuzzer.c index 6307058..7a2f768 100644 --- a/ossfuzz/round_trip_fuzzer.c +++ b/ossfuzz/round_trip_fuzzer.c @@ -20,8 +20,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed, 0, size); size_t const dstCapacity = LZ4_compressBound(size); - - char* const dst = (char*)malloc(dstCapacity); + size_t const largeSize = 64 * 1024 - 1; + size_t const smallSize = 1024; + char* const dstPlusLargePrefix = (char*)malloc(dstCapacity + largeSize); + char* const dstPlusSmallPrefix = dstPlusLargePrefix + largeSize - smallSize; + char* const largeDict = (char*)malloc(largeSize); + char* const smallDict = largeDict + largeSize - smallSize; + char* const dst = dstPlusLargePrefix + largeSize; char* const rt = (char*)malloc(size); FUZZ_ASSERT(dst); @@ -47,7 +52,61 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); free(partial); } - + /* Partial decompression using dict with no dict. */ + { + char* const partial = (char*)malloc(partialCapacity); + FUZZ_ASSERT(partial); + int const partialSize = LZ4_decompress_safe_partial_usingDict( + dst, partial, dstSize, partialCapacity, partialCapacity, NULL, 0); + FUZZ_ASSERT(partialSize >= 0); + FUZZ_ASSERT_MSG(partialSize == partialCapacity, "Incorrect size"); + FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); + free(partial); + } + /* Partial decompression using dict with small prefix as dict */ + { + char* const partial = (char*)malloc(partialCapacity); + FUZZ_ASSERT(partial); + int const partialSize = LZ4_decompress_safe_partial_usingDict( + dst, partial, dstSize, partialCapacity, partialCapacity, dstPlusSmallPrefix, smallSize); + FUZZ_ASSERT(partialSize >= 0); + FUZZ_ASSERT_MSG(partialSize == partialCapacity, "Incorrect size"); + FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); + free(partial); + } + /* Partial decompression using dict with large prefix as dict */ + { + char* const partial = (char*)malloc(partialCapacity); + FUZZ_ASSERT(partial); + int const partialSize = LZ4_decompress_safe_partial_usingDict( + dst, partial, dstSize, partialCapacity, partialCapacity, dstPlusLargePrefix, largeSize); + FUZZ_ASSERT(partialSize >= 0); + FUZZ_ASSERT_MSG(partialSize == partialCapacity, "Incorrect size"); + FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); + free(partial); + } + /* Partial decompression using dict with small external dict */ + { + char* const partial = (char*)malloc(partialCapacity); + FUZZ_ASSERT(partial); + int const partialSize = LZ4_decompress_safe_partial_usingDict( + dst, partial, dstSize, partialCapacity, partialCapacity, smallDict, smallSize); + FUZZ_ASSERT(partialSize >= 0); + FUZZ_ASSERT_MSG(partialSize == partialCapacity, "Incorrect size"); + FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); + free(partial); + } + /* Partial decompression using dict with large external dict */ + { + char* const partial = (char*)malloc(partialCapacity); + FUZZ_ASSERT(partial); + int const partialSize = LZ4_decompress_safe_partial_usingDict( + dst, partial, dstSize, partialCapacity, partialCapacity, largeDict, largeSize); + FUZZ_ASSERT(partialSize >= 0); + FUZZ_ASSERT_MSG(partialSize == partialCapacity, "Incorrect size"); + FUZZ_ASSERT_MSG(!memcmp(data, partial, partialSize), "Corruption!"); + free(partial); + } free(dst); free(rt); |