1 /**
2 * This fuzz target attempts to compress the fuzzed data with the simple
3 * compression function with an output buffer that may be too small to
4 * ensure that the compressor never crashes.
5 */
6
7 #include <stddef.h>
8 #include <stdint.h>
9 #include <stdlib.h>
10 #include <string.h>
11
12 #include "fuzz_helpers.h"
13 #include "fuzz_data_producer.h"
14 #include "lz4.h"
15
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)16 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17 {
18 FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
19 size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
20 size = FUZZ_dataProducer_remainingBytes(producer);
21
22 size_t const compressBound = LZ4_compressBound(size);
23 size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
24
25 char* const dst = (char*)malloc(dstCapacity);
26 char* const rt = (char*)malloc(size);
27
28 FUZZ_ASSERT(dst);
29 FUZZ_ASSERT(rt);
30
31 /* If compression succeeds it must round trip correctly. */
32 {
33 int const dstSize = LZ4_compress_default((const char*)data, dst,
34 size, dstCapacity);
35 if (dstSize > 0) {
36 int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
37 FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
38 FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
39 }
40 }
41
42 if (dstCapacity > 0) {
43 /* Compression succeeds and must round trip correctly. */
44 int compressedSize = size;
45 int const dstSize = LZ4_compress_destSize((const char*)data, dst,
46 &compressedSize, dstCapacity);
47 FUZZ_ASSERT(dstSize > 0);
48 int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
49 FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
50 FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
51 }
52
53 free(dst);
54 free(rt);
55 FUZZ_dataProducer_free(producer);
56
57 return 0;
58 }
59
