1 #include <stdio.h>
2 #include <assert.h>
3 
4 #include "zbuild.h"
5 #ifdef ZLIB_COMPAT
6 #  include "zlib.h"
7 #else
8 #  include "zlib-ng.h"
9 #endif
10 
11 static const uint8_t *data;
12 static size_t dataLen;
13 
check_compress_level(uint8_t * compr,z_size_t comprLen,uint8_t * uncompr,z_size_t uncomprLen,int level)14 static void check_compress_level(uint8_t *compr, z_size_t comprLen,
15                                  uint8_t *uncompr, z_size_t uncomprLen,
16                                  int level) {
17     PREFIX(compress2)(compr, &comprLen, data, dataLen, level);
18     PREFIX(uncompress)(uncompr, &uncomprLen, compr, comprLen);
19 
20     /* Make sure compress + uncompress gives back the input data. */
21     assert(dataLen == uncomprLen);
22     assert(0 == memcmp(data, uncompr, dataLen));
23 }
24 
25 #define put_byte(s, i, c) {s[i] = (unsigned char)(c);}
26 
write_zlib_header(uint8_t * s)27 static void write_zlib_header(uint8_t *s) {
28     unsigned level_flags = 0; /* compression level (0..3) */
29     unsigned w_bits = 8; /* window size log2(w_size) (8..16) */
30     unsigned int header = (Z_DEFLATED + ((w_bits-8)<<4)) << 8;
31     header |= (level_flags << 6);
32 
33     header += 31 - (header % 31);
34 
35     /* s is guaranteed to be longer than 2 bytes. */
36     put_byte(s, 0, (header >> 8));
37     put_byte(s, 1, (header & 0xff));
38 }
39 
check_decompress(uint8_t * compr,size_t comprLen)40 static void check_decompress(uint8_t *compr, size_t comprLen) {
41     /* We need to write a valid zlib header of size two bytes. Copy the input data
42        in a larger buffer. Do not modify the input data to avoid libFuzzer error:
43        fuzz target overwrites its const input. */
44     size_t copyLen = dataLen + 2;
45     uint8_t *copy = (uint8_t *)malloc(copyLen);
46     memcpy(copy + 2, data, dataLen);
47     write_zlib_header(copy);
48 
49     PREFIX(uncompress)(compr, &comprLen, copy, copyLen);
50     free(copy);
51 }
52 
LLVMFuzzerTestOneInput(const uint8_t * d,size_t size)53 int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
54     /* compressBound does not provide enough space for low compression levels. */
55     z_size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
56     z_size_t uncomprLen = (z_size_t)size;
57     uint8_t *compr, *uncompr;
58 
59     /* Discard inputs larger than 1Mb. */
60     static size_t kMaxSize = 1024 * 1024;
61 
62     if (size < 1 || size > kMaxSize)
63         return 0;
64 
65     data = d;
66     dataLen = size;
67     compr = (uint8_t *)calloc(1, comprLen);
68     uncompr = (uint8_t *)calloc(1, uncomprLen);
69 
70     check_compress_level(compr, comprLen, uncompr, uncomprLen, 1);
71     check_compress_level(compr, comprLen, uncompr, uncomprLen, 3);
72     check_compress_level(compr, comprLen, uncompr, uncomprLen, 6);
73     check_compress_level(compr, comprLen, uncompr, uncomprLen, 7);
74 
75     check_decompress(compr, comprLen);
76 
77     free(compr);
78     free(uncompr);
79 
80     /* This function must return 0. */
81     return 0;
82 }
83