From fad8c97532f74d92f6aa4427a739610035fcbbd1 Mon Sep 17 00:00:00 2001 From: bimbashrestha Date: Fri, 16 Aug 2019 10:50:46 -0700 Subject: Adding fuzz data producer for uint32 and using in decompress_fuzzer Summary: Consuming bytes from the end of data instead of from the front to prevent "all-in-one" decisions. Test Plan: Reviewers: Subscribers: Tasks: Tags: --- ossfuzz/decompress_fuzzer.c | 5 ++--- ossfuzz/fuzz_data_producer.h | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 ossfuzz/fuzz_data_producer.h diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index 0267c93..b17783c 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -9,13 +9,12 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - uint32_t seed = FUZZ_seed(&data, &size); - size_t const dstCapacity = FUZZ_rand32(&seed, 0, 4 * size); + size_t const dstCapacity = FUZZ_produceUint32Range(data, size, 0, 4 * size); size_t const smallDictSize = size + 1; size_t const largeDictSize = 64 * 1024 - 1; size_t const dictSize = MAX(smallDictSize, largeDictSize); diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h new file mode 100644 index 0000000..c41aaec --- /dev/null +++ b/ossfuzz/fuzz_data_producer.h @@ -0,0 +1,27 @@ +#include +#include +#include +#include + +FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size, + uint32_t min, uint32_t max) { + if (min > max) { + return 0; + } + + uint32_t range = max - min; + uint32_t rolling = range; + uint32_t result = 0; + + while (rolling > 0 && size > 0) { + uint8_t next = *(data + size - 1); + size -= 1; + result = (result << 8) | next; + } + + if (range == 0xffffffff) { + return result; + } + + return min + result % (range + 1); +} -- cgit v0.12 From a9ac05645644a0615b558f6ac655c4ae46c4a926 Mon Sep 17 00:00:00 2001 From: bimbashrestha Date: Fri, 16 Aug 2019 14:19:06 -0700 Subject: Created a data producer API and used in decompress_fuzzer --- ossfuzz/decompress_fuzzer.c | 7 ++++++- ossfuzz/fuzz_data_producer.h | 25 ++++++++++++++++++++----- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index b17783c..49f71b0 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -14,7 +14,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - size_t const dstCapacity = FUZZ_produceUint32Range(data, size, 0, 4 * size); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); + size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, 4 * size); size_t const smallDictSize = size + 1; size_t const largeDictSize = 64 * 1024 - 1; size_t const dictSize = MAX(smallDictSize, largeDictSize); @@ -24,6 +25,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) char* const dataAfterDict = dict + dictSize; char* const smallDict = dataAfterDict - smallDictSize; + /* Restrict to remaining data from producer */ + size = producer->size; + FUZZ_ASSERT(dst); FUZZ_ASSERT(dict); @@ -52,6 +56,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) dstCapacity, dstCapacity); free(dst); free(dict); + FUZZ_dataProducer_free(producer); return 0; } diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h index c41aaec..6c4ef8a 100644 --- a/ossfuzz/fuzz_data_producer.h +++ b/ossfuzz/fuzz_data_producer.h @@ -3,8 +3,22 @@ #include #include -FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size, - uint32_t min, uint32_t max) { +typedef struct { + const uint8_t *data; + size_t size; +} FUZZ_dataProducer_t; + +FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) { + FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t)); + producer->data = data; + producer->size = size; + return producer; +} + +void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); } + +uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, + uint32_t max) { if (min > max) { return 0; } @@ -13,10 +27,11 @@ FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size, uint32_t rolling = range; uint32_t result = 0; - while (rolling > 0 && size > 0) { - uint8_t next = *(data + size - 1); - size -= 1; + while (rolling > 0 && producer->size > 0) { + uint8_t next = *(producer->data + producer->size - 1); + producer->size -= 1; result = (result << 8) | next; + rolling >>= 8; } if (range == 0xffffffff) { -- cgit v0.12 From f839e9fe8a393117c64dff58196d36b741780ab0 Mon Sep 17 00:00:00 2001 From: bimbashrestha Date: Fri, 16 Aug 2019 16:43:28 -0700 Subject: Seperating fuzz data producer api impl and header, using data producer on the easy fuzzers --- ossfuzz/Makefile | 2 +- ossfuzz/compress_frame_fuzzer.c | 2 ++ ossfuzz/compress_fuzzer.c | 10 ++++++++-- ossfuzz/compress_hc_fuzzer.c | 13 ++++++++++--- ossfuzz/decompress_frame_fuzzer.c | 14 ++++++++++---- ossfuzz/decompress_fuzzer.c | 3 ++- ossfuzz/fuzz_data_producer.c | 32 ++++++++++++++++++++++++++++++++ ossfuzz/fuzz_data_producer.h | 34 +++++----------------------------- ossfuzz/round_trip_hc_fuzzer.c | 10 ++++++++-- 9 files changed, 78 insertions(+), 42 deletions(-) create mode 100644 ossfuzz/fuzz_data_producer.c diff --git a/ossfuzz/Makefile b/ossfuzz/Makefile index 6875eb6..7e043a1 100644 --- a/ossfuzz/Makefile +++ b/ossfuzz/Makefile @@ -58,7 +58,7 @@ $(LZ4DIR)/liblz4.a: $(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) $< -o $@ # Generic rule for generating fuzzers -%_fuzzer: %_fuzzer.o lz4_helpers.o $(LZ4DIR)/liblz4.a +%_fuzzer: %_fuzzer.o lz4_helpers.o fuzz_data_producer.o $(LZ4DIR)/liblz4.a # Compile the standalone code just in case. The OSS-Fuzz code might # override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer" $(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) standaloneengine.c -o standaloneengine.o diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c index 75c609f..344917a 100644 --- a/ossfuzz/compress_frame_fuzzer.c +++ b/ossfuzz/compress_frame_fuzzer.c @@ -10,12 +10,14 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" #include "lz4frame.h" #include "lz4_helpers.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); uint32_t seed = FUZZ_seed(&data, &size); LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed); size_t const compressBound = LZ4F_compressFrameBound(size, &prefs); diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c index 7021624..42efbd3 100644 --- a/ossfuzz/compress_fuzzer.c +++ b/ossfuzz/compress_fuzzer.c @@ -10,15 +10,20 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - uint32_t seed = FUZZ_seed(&data, &size); - size_t const dstCapacity = FUZZ_rand32(&seed, 0, LZ4_compressBound(size)); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); + size_t const dstCapacity = FUZZ_dataProducer_uint32( + producer, 0, LZ4_compressBound(size)); char* const dst = (char*)malloc(dstCapacity); char* const rt = (char*)malloc(size); + /* Restrict to remaining data from producer */ + size = producer->size; + FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); @@ -46,6 +51,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free(dst); free(rt); + FUZZ_dataProducer_free(producer); return 0; } diff --git a/ossfuzz/compress_hc_fuzzer.c b/ossfuzz/compress_hc_fuzzer.c index 4841367..f06f6dd 100644 --- a/ossfuzz/compress_hc_fuzzer.c +++ b/ossfuzz/compress_hc_fuzzer.c @@ -10,16 +10,22 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" #include "lz4hc.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - uint32_t seed = FUZZ_seed(&data, &size); - size_t const dstCapacity = FUZZ_rand32(&seed, 0, LZ4_compressBound(size)); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); + size_t const dstCapacity = FUZZ_dataProducer_uint32( + producer, 0, LZ4_compressBound(size)); char* const dst = (char*)malloc(dstCapacity); char* const rt = (char*)malloc(size); - int const level = FUZZ_rand32(&seed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); + int const level = FUZZ_dataProducer_uint32( + producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); + + /* Restrict to remaining data from producer */ + size = producer->size; FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); @@ -52,6 +58,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free(dst); free(rt); + FUZZ_dataProducer_free(producer); return 0; } diff --git a/ossfuzz/decompress_frame_fuzzer.c b/ossfuzz/decompress_frame_fuzzer.c index bda25b0..4c8ac39 100644 --- a/ossfuzz/decompress_frame_fuzzer.c +++ b/ossfuzz/decompress_frame_fuzzer.c @@ -9,6 +9,7 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" #define LZ4F_STATIC_LINKING_ONLY #include "lz4frame.h" @@ -29,17 +30,21 @@ static void decompress(LZ4F_dctx* dctx, void* dst, size_t dstCapacity, int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - - uint32_t seed = FUZZ_seed(&data, &size); - size_t const dstCapacity = FUZZ_rand32(&seed, 0, 4 * size); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); + size_t const dstCapacity = FUZZ_dataProducer_uint32( + producer, 0, 4 * size); size_t const largeDictSize = 64 * 1024; - size_t const dictSize = FUZZ_rand32(&seed, 0, largeDictSize); + size_t const dictSize = FUZZ_dataProducer_uint32( + producer, 0, largeDictSize); char* const dst = (char*)malloc(dstCapacity); char* const dict = (char*)malloc(dictSize); LZ4F_decompressOptions_t opts; LZ4F_dctx* dctx; LZ4F_createDecompressionContext(&dctx, LZ4F_VERSION); + /* Restrict to remaining data from producer */ + size = producer->size; + FUZZ_ASSERT(dctx); FUZZ_ASSERT(dst); FUZZ_ASSERT(dict); @@ -62,6 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) LZ4F_freeDecompressionContext(dctx); free(dst); free(dict); + FUZZ_dataProducer_free(producer); return 0; } diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index 49f71b0..ae03ba9 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -15,7 +15,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); - size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, 4 * size); + size_t const dstCapacity = FUZZ_dataProducer_uint32( + producer, 0, 4 * size); size_t const smallDictSize = size + 1; size_t const largeDictSize = 64 * 1024 - 1; size_t const dictSize = MAX(smallDictSize, largeDictSize); diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c new file mode 100644 index 0000000..ae07575 --- /dev/null +++ b/ossfuzz/fuzz_data_producer.c @@ -0,0 +1,32 @@ +#include "fuzz_data_producer.h" + +FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) { + FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t)); + producer->data = data; + producer->size = size; + return producer; +} + +void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); } + +uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, + uint32_t max) { + FUZZ_ASSERT(min <= max); + + uint32_t range = max - min; + uint32_t rolling = range; + uint32_t result = 0; + + while (rolling > 0 && producer->size > 0) { + uint8_t next = *(producer->data + producer->size - 1); + producer->size -= 1; + result = (result << 8) | next; + rolling >>= 8; + } + + if (range == 0xffffffff) { + return result; + } + + return min + result % (range + 1); +} diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h index 6c4ef8a..389ec2a 100644 --- a/ossfuzz/fuzz_data_producer.h +++ b/ossfuzz/fuzz_data_producer.h @@ -3,40 +3,16 @@ #include #include +#include "fuzz_helpers.h" + typedef struct { const uint8_t *data; size_t size; } FUZZ_dataProducer_t; -FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) { - FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t)); - producer->data = data; - producer->size = size; - return producer; -} +FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size); -void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); } +void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer); uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, - uint32_t max) { - if (min > max) { - return 0; - } - - uint32_t range = max - min; - uint32_t rolling = range; - uint32_t result = 0; - - while (rolling > 0 && producer->size > 0) { - uint8_t next = *(producer->data + producer->size - 1); - producer->size -= 1; - result = (result << 8) | next; - rolling >>= 8; - } - - if (range == 0xffffffff) { - return result; - } - - return min + result % (range + 1); -} + uint32_t max); diff --git a/ossfuzz/round_trip_hc_fuzzer.c b/ossfuzz/round_trip_hc_fuzzer.c index 325cdf0..22b5e8f 100644 --- a/ossfuzz/round_trip_hc_fuzzer.c +++ b/ossfuzz/round_trip_hc_fuzzer.c @@ -9,16 +9,21 @@ #include #include "fuzz_helpers.h" +#include "fuzz_data_producer.h" #include "lz4.h" #include "lz4hc.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - uint32_t seed = FUZZ_seed(&data, &size); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); size_t const dstCapacity = LZ4_compressBound(size); char* const dst = (char*)malloc(dstCapacity); char* const rt = (char*)malloc(size); - int const level = FUZZ_rand32(&seed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); + int const level = FUZZ_dataProducer_uint32( + producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); + + /* Restrict to remaining data from producer */ + size = producer->size; FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); @@ -34,6 +39,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) free(dst); free(rt); + FUZZ_dataProducer_free(producer); return 0; } -- cgit v0.12 From dc17d39c2fb962b591c73cf1467d89cf53b89156 Mon Sep 17 00:00:00 2001 From: bimbashrestha Date: Fri, 16 Aug 2019 17:14:47 -0700 Subject: Adding comments, fixing nit, and hiding the struct in data producer api --- ossfuzz/compress_frame_fuzzer.c | 2 -- ossfuzz/compress_fuzzer.c | 2 +- ossfuzz/compress_hc_fuzzer.c | 2 +- ossfuzz/decompress_frame_fuzzer.c | 2 +- ossfuzz/decompress_fuzzer.c | 2 +- ossfuzz/fuzz_data_producer.c | 12 ++++++++++++ ossfuzz/fuzz_data_producer.h | 12 ++++++++---- ossfuzz/round_trip_hc_fuzzer.c | 2 +- 8 files changed, 25 insertions(+), 11 deletions(-) diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c index 344917a..75c609f 100644 --- a/ossfuzz/compress_frame_fuzzer.c +++ b/ossfuzz/compress_frame_fuzzer.c @@ -10,14 +10,12 @@ #include #include "fuzz_helpers.h" -#include "fuzz_data_producer.h" #include "lz4.h" #include "lz4frame.h" #include "lz4_helpers.h" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); uint32_t seed = FUZZ_seed(&data, &size); LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed); size_t const compressBound = LZ4F_compressFrameBound(size, &prefs); diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c index 42efbd3..9d72e72 100644 --- a/ossfuzz/compress_fuzzer.c +++ b/ossfuzz/compress_fuzzer.c @@ -22,7 +22,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) char* const rt = (char*)malloc(size); /* Restrict to remaining data from producer */ - size = producer->size; + size = FUZZ_dataProducer_remainingBytes(producer); FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); diff --git a/ossfuzz/compress_hc_fuzzer.c b/ossfuzz/compress_hc_fuzzer.c index f06f6dd..5f22104 100644 --- a/ossfuzz/compress_hc_fuzzer.c +++ b/ossfuzz/compress_hc_fuzzer.c @@ -25,7 +25,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); /* Restrict to remaining data from producer */ - size = producer->size; + size = FUZZ_dataProducer_remainingBytes(producer); FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); diff --git a/ossfuzz/decompress_frame_fuzzer.c b/ossfuzz/decompress_frame_fuzzer.c index 4c8ac39..60d2ea1 100644 --- a/ossfuzz/decompress_frame_fuzzer.c +++ b/ossfuzz/decompress_frame_fuzzer.c @@ -43,7 +43,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) LZ4F_createDecompressionContext(&dctx, LZ4F_VERSION); /* Restrict to remaining data from producer */ - size = producer->size; + size = FUZZ_dataProducer_remainingBytes(producer); FUZZ_ASSERT(dctx); FUZZ_ASSERT(dst); diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index ae03ba9..bc4190b 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -27,7 +27,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) char* const smallDict = dataAfterDict - smallDictSize; /* Restrict to remaining data from producer */ - size = producer->size; + size = FUZZ_dataProducer_remainingBytes(producer); FUZZ_ASSERT(dst); FUZZ_ASSERT(dict); diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c index ae07575..992f5a7 100644 --- a/ossfuzz/fuzz_data_producer.c +++ b/ossfuzz/fuzz_data_producer.c @@ -1,7 +1,15 @@ #include "fuzz_data_producer.h" +struct FUZZ_dataProducer_s{ + const uint8_t *data; + size_t size; +}; + FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) { FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t)); + + FUZZ_ASSERT(producer != NULL); + producer->data = data; producer->size = size; return producer; @@ -30,3 +38,7 @@ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, return min + result % (range + 1); } + +size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer){ + return producer->size; +} diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h index 389ec2a..8df5257 100644 --- a/ossfuzz/fuzz_data_producer.h +++ b/ossfuzz/fuzz_data_producer.h @@ -5,14 +5,18 @@ #include "fuzz_helpers.h" -typedef struct { - const uint8_t *data; - size_t size; -} FUZZ_dataProducer_t; +/* Struct used for maintaining the state of the data */ +typedef struct FUZZ_dataProducer_s FUZZ_dataProducer_t; +/* Returns a data producer state struct. Use for producer initialization. */ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size); +/* Frees the data producer */ void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer); +/* Returns value between [min, max] */ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, uint32_t max); + +/* Returns the size of the remaining bytes of data in the producer */ +size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer); diff --git a/ossfuzz/round_trip_hc_fuzzer.c b/ossfuzz/round_trip_hc_fuzzer.c index 22b5e8f..8406809 100644 --- a/ossfuzz/round_trip_hc_fuzzer.c +++ b/ossfuzz/round_trip_hc_fuzzer.c @@ -23,7 +23,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); /* Restrict to remaining data from producer */ - size = producer->size; + size = FUZZ_dataProducer_remainingBytes(producer); FUZZ_ASSERT(dst); FUZZ_ASSERT(rt); -- cgit v0.12