2 * Copyright (c) 2016-present, Yann Collet, Facebook, Inc.
5 * This source code is licensed under the BSD-style license found in the
6 * LICENSE file in the root directory of this source tree. An additional grant
7 * of patent rights can be found in the PATENTS file in the same directory.
11 * This fuzz target attempts to decompress the fuzzed data with the simple
12 * decompression function to ensure the decompressor never crashes.
15 #define ZSTD_STATIC_LINKING_ONLY
20 #include "fuzz_helpers.h"
23 static size_t const kBufSize = ZSTD_BLOCKSIZE_ABSOLUTEMAX;
25 static ZSTD_DStream *dstream = NULL;
26 static void* buf = NULL;
29 static ZSTD_outBuffer makeOutBuffer(void)
31 ZSTD_outBuffer buffer = { buf, 0, 0 };
33 buffer.size = (FUZZ_rand(&seed) % kBufSize) + 1;
34 FUZZ_ASSERT(buffer.size <= kBufSize);
39 static ZSTD_inBuffer makeInBuffer(const uint8_t **src, size_t *size)
41 ZSTD_inBuffer buffer = { *src, 0, 0 };
43 FUZZ_ASSERT(*size > 0);
44 buffer.size = (FUZZ_rand(&seed) % *size) + 1;
45 FUZZ_ASSERT(buffer.size <= *size);
52 int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
54 seed = FUZZ_seed(src, size);
56 /* Allocate all buffers and contexts if not already allocated */
58 buf = malloc(kBufSize);
63 dstream = ZSTD_createDStream();
65 FUZZ_ASSERT(!ZSTD_isError(ZSTD_initDStream(dstream)));
67 FUZZ_ASSERT(!ZSTD_isError(ZSTD_resetDStream(dstream)));
71 ZSTD_inBuffer in = makeInBuffer(&src, &size);
72 while (in.pos != in.size) {
73 ZSTD_outBuffer out = makeOutBuffer();
74 size_t const rc = ZSTD_decompressStream(dstream, &out, &in);
75 if (ZSTD_isError(rc)) goto error;
76 if (rc == 0) FUZZ_ASSERT(!ZSTD_isError(ZSTD_resetDStream(dstream)));
81 #ifndef STATEFULL_FUZZING
82 ZSTD_freeDStream(dstream); dstream = NULL;