2
* This fuzz target attempts to compress the fuzzed data with the simple
3
* compression function with an output buffer that may be too small to
4
* ensure that the compressor never crashes.
12
#include "fuzz_helpers.h"
13
#include "fuzz_data_producer.h"
17
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
19
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
20
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
21
size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
22
size = FUZZ_dataProducer_remainingBytes(producer);
24
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
25
int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
27
char* const dst = (char*)malloc(dstCapacity);
28
char* const rt = (char*)malloc(size);
33
/* If compression succeeds it must round trip correctly. */
35
int const dstSize = LZ4_compress_HC((const char*)data, dst, size,
38
int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
39
FUZZ_ASSERT_MSG(rtSize == size, "Incorrect regenerated size");
40
FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
44
if (dstCapacity > 0) {
45
/* Compression succeeds and must round trip correctly. */
46
void* state = malloc(LZ4_sizeofStateHC());
48
int compressedSize = size;
49
int const dstSize = LZ4_compress_HC_destSize(state, (const char*)data,
52
FUZZ_ASSERT(dstSize > 0);
53
int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
54
FUZZ_ASSERT_MSG(rtSize == compressedSize, "Incorrect regenerated size");
55
FUZZ_ASSERT_MSG(!memcmp(data, rt, compressedSize), "Corruption!");
61
FUZZ_dataProducer_free(producer);