Tests: Add fuzz_decode_alone OSS-Fuzz target

This fuzz target that handles LZMA alone decoding. A new fuzz dictionary .dict was also created with common LZMA header values to help speed up the discovery of valid headers.
2024-04-04 12:36:23 +02:00 · 2023-12-04 17:23:24 +01:00 · 2023-12-04 17:23:24 +01:00 · 7ca8c9869d
commit 7ca8c9869d
parent 37581a77ad
3 changed files with 66 additions and 0 deletions
--- a/tests/ossfuzz/config/fuzz_decode_alone.options
+++ b/tests/ossfuzz/config/fuzz_decode_alone.options
@ -0,0 +1,3 @@
 [libfuzzer]
 max_len = 4096
 dict = fuzz_lzma.dict
--- a/tests/ossfuzz/config/fuzz_lzma.dict
+++ b/tests/ossfuzz/config/fuzz_lzma.dict
@ -0,0 +1,22 @@
 # first 5 header bytes of .lzma archives based on the info from
 # https://github.com/tukaani-project/xz/blob/master/doc/lzma-file-format.txt
 # byte 0 value (properties=0x5d) is created by encoding
 # common values (lc=3, lp=0, pb=2) using the algorithm,
 # described in the documentation above
 # compression preset 1    (dictionary size = 0x00100000)
 "\x5d\x00\x00\x10\x00"
 # compression preset 2    (dictionary size = 0x00200000)
 "\x5d\x00\x00\x20\x00"
 # compression preset 3, 4 (dictionary size = 0x00400000)
 "\x5d\x00\x00\x40\x00"
 # compression preset 5, 6 (dictionary size = 0x00800000)
 "\x5d\x00\x00\x80\x00"
 # compression preset 7    (dictionary size = 0x01000000)
 "\x5d\x00\x00\x00\x01"
 # compression preset 8    (dictionary size = 0x02000000)
 "\x5d\x00\x00\x00\x02"
 # compression preset 9    (dictionary size = 0x04000000)
 "\x5d\x00\x00\x00\x04"
--- a/tests/ossfuzz/fuzz_decode_alone.c
+++ b/tests/ossfuzz/fuzz_decode_alone.c
@ -0,0 +1,41 @@
 ///////////////////////////////////////////////////////////////////////////////
 //
 /// \file       fuzz_decode_auto.c
 /// \brief      Fuzz test program for liblzma lzma_auto_decoder()
 //
 //  Author:     Maksym Vatsyk
 //
 //  Based on Lasse Collin's original fuzzer for liblzma
 //
 //  This file has been put into the public domain.
 //  You can do whatever you want with this file.
 //
 ///////////////////////////////////////////////////////////////////////////////
 #include <inttypes.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include "lzma.h"
 #include "fuzz_common.h"
 extern int
 LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
 {
 	lzma_stream strm = LZMA_STREAM_INIT;
 	// Initialize a LZMA alone decoder using the memory usage limit
 	// defined in fuzz_common.h
 	if (lzma_alone_decoder(&strm, MEM_LIMIT) != LZMA_OK) {
 		// This should never happen unless the system has
 		// no free memory or address space to allow the small
 		// allocations that the initialization requires.
 		fprintf(stderr, "lzma_alone_decoder() failed\n");
 		abort();
 	}
 	fuzz_code(&strm, inbuf, inbuf_size);
 	// Free the allocated memory.
 	lzma_end(&strm);
 	return 0;
 }