lz4

1
/**
2
 * This fuzz target performs a lz4 round-trip test (compress & decompress),
3
 * compares the result with the original, and calls abort() on corruption.
4
 */
5

6
#include <stddef.h>
7
#include <stdint.h>
8
#include <stdlib.h>
9
#include <string.h>
10

11
#include "fuzz_helpers.h"
12
#include "fuzz_data_producer.h"
13
#include "lz4.h"
14
#include "lz4hc.h"
15

16
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
17
{
18
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
19
    int const level = FUZZ_dataProducer_range32(producer,
20
        LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
21
    size = FUZZ_dataProducer_remainingBytes(producer);
22

23
    size_t const dstCapacity = LZ4_compressBound(size);
24
    char* const dst = (char*)malloc(dstCapacity);
25
    char* const rt = (char*)malloc(size);
26

27
    FUZZ_ASSERT(dst);
28
    FUZZ_ASSERT(rt);
29

30
    /* Compression must succeed and round trip correctly. */
31
    int const dstSize = LZ4_compress_HC((const char*)data, dst, size,
32
                                        dstCapacity, level);
33
    FUZZ_ASSERT(dstSize > 0);
34

35
    int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size);
36
    FUZZ_ASSERT_MSG(rtSize == size, "Incorrect size");
37
    FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!");
38

39
    free(dst);
40
    free(rt);
41
    FUZZ_dataProducer_free(producer);
42

43
    return 0;
44
}
45