xref: /aosp_15_r20/external/zstd/tests/fuzz/huf_decompress.c (revision 01826a4963a0d8a59bc3812d29bdf0fb76416722) 
1 /*
2  * Copyright (c) Meta Platforms, Inc. and affiliates.
3  * All rights reserved.
4  *
5  * This source code is licensed under both the BSD-style license (found in the
6  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
7  * in the COPYING file in the root directory of this source tree).
8  * You may select, at your option, one of the above-listed licenses.
9  */
10 
11 /**
12  * This fuzz target performs a zstd round-trip test (compress & decompress),
13  * compares the result with the original, and calls abort() on corruption.
14  */
15 
16 #include <stddef.h>
17 #include <stdlib.h>
18 #include <stdio.h>
19 #include <string.h>
20 #include "common/cpu.h"
21 #include "common/huf.h"
22 #include "fuzz_helpers.h"
23 #include "fuzz_data_producer.h"
24 
LLVMFuzzerTestOneInput(const uint8_t * src,size_t size)25 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
26 {
27     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
28     /* Select random parameters: #streams, X1 or X2 decoding, bmi2 */
29     int const streams = FUZZ_dataProducer_int32Range(producer, 0, 1);
30     int const symbols = FUZZ_dataProducer_int32Range(producer, 0, 1);
31     int const flags = 0
32         | (ZSTD_cpuid_bmi2(ZSTD_cpuid()) && FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_bmi2 : 0)
33         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_optimalDepth : 0)
34         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_preferRepeat : 0)
35         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_suspectUncompressible : 0)
36         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableAsm : 0)
37         | (FUZZ_dataProducer_int32Range(producer, 0, 1) ? HUF_flags_disableFast : 0);
38     /* Select a random cBufSize - it may be too small */
39     size_t const dBufSize = FUZZ_dataProducer_uint32Range(producer, 0, 8 * size + 500);
40     size_t const maxTableLog = FUZZ_dataProducer_uint32Range(producer, 1, HUF_TABLELOG_MAX);
41     HUF_DTable* dt = (HUF_DTable*)FUZZ_malloc(HUF_DTABLE_SIZE(maxTableLog) * sizeof(HUF_DTable));
42     size_t const wkspSize = HUF_WORKSPACE_SIZE;
43     void* wksp = FUZZ_malloc(wkspSize);
44     void* dBuf = FUZZ_malloc(dBufSize);
45     dt[0] = maxTableLog * 0x01000001;
46     size = FUZZ_dataProducer_remainingBytes(producer);
47 
48     if (symbols == 0) {
49         size_t const err = HUF_readDTableX1_wksp(dt, src, size, wksp, wkspSize, flags);
50         if (ZSTD_isError(err))
51             goto _out;
52     } else {
53         size_t const err = HUF_readDTableX2_wksp(dt, src, size, wksp, wkspSize, flags);
54         if (ZSTD_isError(err))
55             goto _out;
56     }
57     if (streams == 0)
58         HUF_decompress1X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
59     else
60         HUF_decompress4X_usingDTable(dBuf, dBufSize, src, size, dt, flags);
61 
62 _out:
63     free(dt);
64     free(wksp);
65     free(dBuf);
66     FUZZ_dataProducer_free(producer);
67     return 0;
68 }
69