| /* |
| * Copyright (c) 2016-present, Facebook, Inc. |
| * All rights reserved. |
| * |
| * This source code is licensed under both the BSD-style license (found in the |
| * LICENSE file in the root directory of this source tree) and the GPLv2 (found |
| * in the COPYING file in the root directory of this source tree). |
| */ |
| |
| /** |
| * This fuzz target attempts to decompress the fuzzed data with the simple |
| * decompression function to ensure the decompressor never crashes. |
| */ |
| |
| #include <stddef.h> |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include "fuzz_helpers.h" |
| #include "zstd.h" |
| #include "fuzz_data_producer.h" |
| |
| static ZSTD_DCtx *dctx = NULL; |
| |
| int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) |
| { |
| /* Give a random portion of src data to the producer, to use for |
| parameter generation. The rest will be used for (de)compression */ |
| FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size); |
| size = FUZZ_dataProducer_reserveDataPrefix(producer); |
| |
| if (!dctx) { |
| dctx = ZSTD_createDCtx(); |
| FUZZ_ASSERT(dctx); |
| } |
| |
| size_t const bufSize = FUZZ_dataProducer_uint32Range(producer, 0, 10 * size); |
| void *rBuf = malloc(bufSize); |
| FUZZ_ASSERT(rBuf); |
| |
| ZSTD_decompressDCtx(dctx, rBuf, bufSize, src, size); |
| free(rBuf); |
| |
| FUZZ_dataProducer_free(producer); |
| |
| #ifndef STATEFUL_FUZZING |
| ZSTD_freeDCtx(dctx); dctx = NULL; |
| #endif |
| return 0; |
| } |