diff options
author | Yann Collet <cyan@fb.com> | 2018-10-09 21:25:18 (GMT) |
---|---|---|
committer | Yann Collet <cyan@fb.com> | 2018-10-09 21:25:18 (GMT) |
commit | e07a37d712c87b6d47d043b018e4ff86d31996b3 (patch) | |
tree | 6a57d3578cf0827434e23dfc4a77ea5bc90dfe41 /tests/frametest.c | |
parent | a963621eb0938a991c417ec75cbfe85bee684fdd (diff) | |
download | lz4-e07a37d712c87b6d47d043b018e4ff86d31996b3.zip lz4-e07a37d712c87b6d47d043b018e4ff86d31996b3.tar.gz lz4-e07a37d712c87b6d47d043b018e4ff86d31996b3.tar.bz2 |
added a test for LZ4F_compressEnd()
which actively tries to make it write out of bound.
For this scenario to be possible,
it's necessary to set dstCapacity < LZ4F_compressBound()
When a compression operation fails,
the CCtx context is left in an undefined state,
therefore compression cannot resume.
As a consequence :
- round trip tests must be aborted, since there is nothing valid to decompress
- most users avoid this situation, by ensuring that dstCapacity >= LZ4F_compressBound()
For these reasons, this use case was poorly tested up to now.
Diffstat (limited to 'tests/frametest.c')
-rw-r--r-- | tests/frametest.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/tests/frametest.c b/tests/frametest.c index f8498b7..6d2cdd0 100644 --- a/tests/frametest.c +++ b/tests/frametest.c @@ -857,8 +857,18 @@ int fuzzerTests(U32 seed, unsigned nbTests, unsigned startTest, double compressi } } } CHECK(op>=oend, "LZ4F_compressFrameBound overflow"); - result = LZ4F_compressEnd(cCtx, op, oend-op, &cOptions); - CHECK(LZ4F_isError(result), "Compression completion failed (error %i : %s)", (int)result, LZ4F_getErrorName(result)); + { size_t const dstEndSafeSize = LZ4F_compressBound(0, prefsPtr); + int const tooSmallDstEnd = ((FUZ_rand(&randState) & 31) == 3); + size_t const dstEndTooSmallSize = (FUZ_rand(&randState) % dstEndSafeSize) + 1; + size_t const dstEndSize = tooSmallDstEnd ? dstEndTooSmallSize : dstEndSafeSize; + BYTE const canaryByte = (BYTE)(FUZ_rand(&randState) & 255); + op[dstEndSize] = canaryByte; + result = LZ4F_compressEnd(cCtx, op, dstEndSize, &cOptions); + CHECK(op[dstEndSize] != canaryByte, "LZ4F_compressEnd writes beyond dstCapacity !"); + if (LZ4F_isError(result)) { + if (tooSmallDstEnd) /* failure is allowed */ continue; + CHECK(1, "Compression completion failed (error %i : %s)", (int)result, LZ4F_getErrorName(result)); + } } op += result; cSize = op-(BYTE*)compressedBuffer; DISPLAYLEVEL(5, "\nCompressed %u bytes into %u \n", (U32)srcSize, (U32)cSize); |