mirror of
https://git.tukaani.org/xz.git
synced 2024-04-04 12:36:23 +02:00
ee2f483500
Most of these fixes are small typos and tweaks. A few were caused by bad advice from me. Here is the summary of what is changed: - Author line edits - Small comment changes/additions - Using the return value in the error messages in the fuzz targets' coder initialization code - Removed fuzz_encode_stream.options. This set a max length, which may prevent some worthwhile code paths from being properly exercised. - Removed the max_len option from fuzz_decode_stream.options for the same reason as fuzz_encode_stream. The alone decoder fuzz target still has this restriction. - Altered the dictionary contents for fuzz_lzma.dict. Instead of keeping the properties static and varying the dictionary size, the properties are varied and the dictionary size is kept small. The dictionary size doesn't have much impact on the code paths but the properties do. Closes: https://github.com/tukaani-project/xz/pull/73
87 lines
2.1 KiB
C
87 lines
2.1 KiB
C
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
/// \file fuzz_encode_stream.c
|
|
/// \brief Fuzz test program for .xz encoding
|
|
//
|
|
// Authors: Maksym Vatsyk
|
|
// Lasse Collin
|
|
//
|
|
// This file has been put into the public domain.
|
|
// You can do whatever you want with this file.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include "lzma.h"
|
|
#include "fuzz_common.h"
|
|
|
|
|
|
extern int
|
|
LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
|
|
{
|
|
if (inbuf_size == 0) {
|
|
fprintf(stderr, "no input data provided\n");
|
|
return 0;
|
|
}
|
|
|
|
// Set the LZMA options based on the first input byte. The fuzzer
|
|
// will learn through its mutational genetic algorithm with the
|
|
// code coverage feedback that the first byte must be one of the
|
|
// values with a switch case label. This allows us to have one fuzz
|
|
// target cover many critical code paths so the fuzz resources can
|
|
// be used efficiently.
|
|
uint32_t preset_level;
|
|
const uint8_t decider = inbuf[0];
|
|
|
|
switch (decider) {
|
|
case 0:
|
|
case 1:
|
|
case 5:
|
|
preset_level = (uint32_t)decider;
|
|
break;
|
|
case 6:
|
|
preset_level = 0 | LZMA_PRESET_EXTREME;
|
|
break;
|
|
case 7:
|
|
preset_level = 3 | LZMA_PRESET_EXTREME;
|
|
break;
|
|
default:
|
|
return 0;
|
|
}
|
|
|
|
// Initialize lzma_options with the above preset level
|
|
lzma_options_lzma opt_lzma;
|
|
if (lzma_lzma_preset(&opt_lzma, preset_level)){
|
|
fprintf(stderr, "lzma_lzma_preset() failed\n");
|
|
abort();
|
|
}
|
|
|
|
// Set the filter chain as only LZMA2.
|
|
lzma_filter filters[2] = {
|
|
{
|
|
.id = LZMA_FILTER_LZMA2,
|
|
.options = &opt_lzma,
|
|
}, {
|
|
.id = LZMA_VLI_UNKNOWN,
|
|
}
|
|
};
|
|
|
|
// initialize empty LZMA stream
|
|
lzma_stream strm = LZMA_STREAM_INIT;
|
|
|
|
// Initialize the stream encoder using the above
|
|
// stream, filter chain and CRC64.
|
|
lzma_ret ret = lzma_stream_encoder(&strm, filters, LZMA_CHECK_CRC64);
|
|
if (ret != LZMA_OK) {
|
|
fprintf(stderr, "lzma_stream_encoder() failed (%d)\n", ret);
|
|
abort();
|
|
}
|
|
|
|
fuzz_code(&strm, inbuf + 1, inbuf_size - 1);
|
|
|
|
// Free the allocated memory.
|
|
lzma_end(&strm);
|
|
return 0;
|
|
}
|