xref: /aosp_15_r20/external/zstd/tests/fuzz/simple_decompress.c (revision 01826a4963a0d8a59bc3812d29bdf0fb76416722) 
1*01826a49SYabin Cui /*
2*01826a49SYabin Cui  * Copyright (c) Meta Platforms, Inc. and affiliates.
3*01826a49SYabin Cui  * All rights reserved.
4*01826a49SYabin Cui  *
5*01826a49SYabin Cui  * This source code is licensed under both the BSD-style license (found in the
6*01826a49SYabin Cui  * LICENSE file in the root directory of this source tree) and the GPLv2 (found
7*01826a49SYabin Cui  * in the COPYING file in the root directory of this source tree).
8*01826a49SYabin Cui  * You may select, at your option, one of the above-listed licenses.
9*01826a49SYabin Cui  */
10*01826a49SYabin Cui 
11*01826a49SYabin Cui /**
12*01826a49SYabin Cui  * This fuzz target attempts to decompress the fuzzed data with the simple
13*01826a49SYabin Cui  * decompression function to ensure the decompressor never crashes.
14*01826a49SYabin Cui  */
15*01826a49SYabin Cui 
16*01826a49SYabin Cui #include <stddef.h>
17*01826a49SYabin Cui #include <stdlib.h>
18*01826a49SYabin Cui #include <stdio.h>
19*01826a49SYabin Cui 
20*01826a49SYabin Cui #define ZSTD_STATIC_LINKING_ONLY
21*01826a49SYabin Cui 
22*01826a49SYabin Cui #include "fuzz_helpers.h"
23*01826a49SYabin Cui #include "zstd.h"
24*01826a49SYabin Cui #include "fuzz_data_producer.h"
25*01826a49SYabin Cui 
26*01826a49SYabin Cui static ZSTD_DCtx *dctx = NULL;
27*01826a49SYabin Cui 
LLVMFuzzerTestOneInput(const uint8_t * src,size_t size)28*01826a49SYabin Cui int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
29*01826a49SYabin Cui {
30*01826a49SYabin Cui     /* Give a random portion of src data to the producer, to use for
31*01826a49SYabin Cui     parameter generation. The rest will be used for (de)compression */
32*01826a49SYabin Cui     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
33*01826a49SYabin Cui     size = FUZZ_dataProducer_reserveDataPrefix(producer);
34*01826a49SYabin Cui 
35*01826a49SYabin Cui     if (!dctx) {
36*01826a49SYabin Cui         dctx = ZSTD_createDCtx();
37*01826a49SYabin Cui         FUZZ_ASSERT(dctx);
38*01826a49SYabin Cui     }
39*01826a49SYabin Cui 
40*01826a49SYabin Cui     {
41*01826a49SYabin Cui         size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, 10 * size);
42*01826a49SYabin Cui         void *rBuf = FUZZ_malloc(bufSize);
43*01826a49SYabin Cui         size_t const dSize = ZSTD_decompressDCtx(dctx, rBuf, bufSize, src, size);
44*01826a49SYabin Cui         if (!ZSTD_isError(dSize)) {
45*01826a49SYabin Cui             /* If decompression was successful, the content size from the frame header(s) should be valid. */
46*01826a49SYabin Cui             unsigned long long const expectedSize = ZSTD_findDecompressedSize(src, size);
47*01826a49SYabin Cui             FUZZ_ASSERT(expectedSize != ZSTD_CONTENTSIZE_ERROR);
48*01826a49SYabin Cui             FUZZ_ASSERT(expectedSize == ZSTD_CONTENTSIZE_UNKNOWN || expectedSize == dSize);
49*01826a49SYabin Cui         }
50*01826a49SYabin Cui         free(rBuf);
51*01826a49SYabin Cui     }
52*01826a49SYabin Cui 
53*01826a49SYabin Cui     FUZZ_dataProducer_free(producer);
54*01826a49SYabin Cui 
55*01826a49SYabin Cui #ifndef STATEFUL_FUZZING
56*01826a49SYabin Cui     ZSTD_freeDCtx(dctx); dctx = NULL;
57*01826a49SYabin Cui #endif
58*01826a49SYabin Cui     return 0;
59*01826a49SYabin Cui }
60