summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ossfuzz/compress_frame_fuzzer.c11
-rw-r--r--ossfuzz/fuzz_data_producer.c25
-rw-r--r--ossfuzz/fuzz_data_producer.h8
-rw-r--r--ossfuzz/round_trip_frame_fuzzer.c9
-rw-r--r--ossfuzz/round_trip_fuzzer.c10
5 files changed, 56 insertions, 7 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 75c609f..7fe09a1 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -13,19 +13,23 @@
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
+#include "fuzz_data_producer.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
- LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed);
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+ LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
- size_t const dstCapacity = FUZZ_rand32(&seed, 0, compressBound);
+ size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, compressBound);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
+ /* Restrict to remaining data from producer */
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
/* If compression succeeds it must round trip correctly. */
size_t const dstSize =
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
@@ -37,6 +41,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}
diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c
index 992f5a7..f35bd8a 100644
--- a/ossfuzz/fuzz_data_producer.c
+++ b/ossfuzz/fuzz_data_producer.c
@@ -39,6 +39,31 @@ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
return min + result % (range + 1);
}
+LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer)
+{
+ LZ4F_frameInfo_t info = LZ4F_INIT_FRAMEINFO;
+ info.blockSizeID = FUZZ_dataProducer_uint32(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
+ if (info.blockSizeID < LZ4F_max64KB) {
+ info.blockSizeID = LZ4F_default;
+ }
+ info.blockMode = FUZZ_dataProducer_uint32(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
+ info.contentChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noContentChecksum,
+ LZ4F_contentChecksumEnabled);
+ info.blockChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noBlockChecksum,
+ LZ4F_blockChecksumEnabled);
+ return info;
+}
+
+LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer)
+{
+ LZ4F_preferences_t prefs = LZ4F_INIT_PREFERENCES;
+ prefs.frameInfo = FUZZ_dataProducer_frameInfo(producer);
+ prefs.compressionLevel = FUZZ_dataProducer_uint32(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
+ prefs.autoFlush = FUZZ_dataProducer_uint32(producer, 0, 1);
+ prefs.favorDecSpeed = FUZZ_dataProducer_uint32(producer, 0, 1);
+ return prefs;
+}
+
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer){
return producer->size;
}
diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h
index 8df5257..4c097a7 100644
--- a/ossfuzz/fuzz_data_producer.h
+++ b/ossfuzz/fuzz_data_producer.h
@@ -4,6 +4,8 @@
#include <stdlib.h>
#include "fuzz_helpers.h"
+#include "lz4frame.h"
+#include "lz4hc.h"
/* Struct used for maintaining the state of the data */
typedef struct FUZZ_dataProducer_s FUZZ_dataProducer_t;
@@ -18,5 +20,11 @@ void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
uint32_t max);
+/* Returns lz4 preferences */
+LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer);
+
+/* Returns lz4 frame info */
+LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer);
+
/* Returns the size of the remaining bytes of data in the producer */
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer);
diff --git a/ossfuzz/round_trip_frame_fuzzer.c b/ossfuzz/round_trip_frame_fuzzer.c
index 1eea90c..fe6fc77 100644
--- a/ossfuzz/round_trip_frame_fuzzer.c
+++ b/ossfuzz/round_trip_frame_fuzzer.c
@@ -12,11 +12,12 @@
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
+#include "fuzz_data_producer.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
- LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed);
+ FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+ LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size_t const dstCapacity = LZ4F_compressFrameBound(size, &prefs);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
@@ -24,6 +25,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
+ /* Restrict to remaining data from producer */
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
/* Compression must succeed and round trip correctly. */
size_t const dstSize =
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
@@ -34,6 +38,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}
diff --git a/ossfuzz/round_trip_fuzzer.c b/ossfuzz/round_trip_fuzzer.c
index 3a66e80..e37a0a6 100644
--- a/ossfuzz/round_trip_fuzzer.c
+++ b/ossfuzz/round_trip_fuzzer.c
@@ -10,10 +10,12 @@
#include "fuzz_helpers.h"
#include "lz4.h"
+#include "fuzz_data_producer.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
+ size_t const partialCapacity = FUZZ_dataProducer_uint32(producer, 0, size);
size_t const dstCapacity = LZ4_compressBound(size);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
@@ -21,6 +23,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
+ /* Restrict to remaining data from producer */
+ size = FUZZ_dataProducer_remainingBytes(producer);
+
/* Compression must succeed and round trip correctly. */
int const dstSize = LZ4_compress_default((const char*)data, dst,
size, dstCapacity);
@@ -32,7 +37,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
/* Partial decompression must succeed. */
{
- size_t const partialCapacity = FUZZ_rand32(&seed, 0, size);
char* const partial = (char*)malloc(partialCapacity);
FUZZ_ASSERT(partial);
int const partialSize = LZ4_decompress_safe_partial(
@@ -43,8 +47,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
free(partial);
}
+
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}