1 #include <fuzzer/FuzzedDataProvider.h>
2 #include "xz.h"
3
4 constexpr size_t kMinSize = 0;
5 constexpr size_t kMaxSize = 1000;
6
7 // Function to initialize xz_dec structure using xz_dec_init
init_xz_dec(FuzzedDataProvider & stream)8 struct xz_dec *init_xz_dec(FuzzedDataProvider& stream) {
9 // Randomly select a mode from the xz_mode enum
10 const std::array<enum xz_mode, 3> modes = {XZ_SINGLE, XZ_PREALLOC, XZ_DYNALLOC};
11 enum xz_mode mode = stream.PickValueInArray(modes);
12
13 // Generate a random dict_max value
14 uint32_t dict_max =
15 stream.ConsumeIntegralInRange<uint32_t>(kMinSize, kMaxSize);
16
17 // Initialize the xz_dec structure
18 struct xz_dec *s = xz_dec_init(mode, dict_max);
19
20 return s;
21 }
22
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)23 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
24 FuzzedDataProvider stream(data, size);
25
26 // Initialize xz_dec structure
27 struct xz_dec *s = init_xz_dec(stream);
28
29 // Initialize xz_buf structure
30 struct xz_buf b;
31 size_t in_buffer_size = stream.ConsumeIntegralInRange<size_t>(0, size);
32 std::vector<uint8_t> in_buffer(in_buffer_size);
33 for (size_t i = 0; i < in_buffer_size; ++i) {
34 in_buffer[i] = stream.ConsumeIntegral<uint8_t>();
35 }
36 b.in = in_buffer.data();
37 b.in_pos = 0;
38 b.in_size = in_buffer_size;
39
40 size_t out_buffer_size = stream.ConsumeIntegralInRange<size_t>(0, size);
41 std::vector<uint8_t> out_buffer(out_buffer_size);
42 b.out = out_buffer.data();
43 b.out_pos = 0;
44 b.out_size = out_buffer_size;
45
46 // Call the function under test
47 xz_ret result = xz_dec_run(s, &b);
48 xz_dec_end(s);
49 return 0; // Non-zero return values are usually reserved for fatal errors
50 }
51