mirror of
https://git.tukaani.org/xz.git
synced 2024-04-04 12:36:23 +02:00
ee2f483500
Most of these fixes are small typos and tweaks. A few were caused by bad advice from me. Here is the summary of what is changed: - Author line edits - Small comment changes/additions - Using the return value in the error messages in the fuzz targets' coder initialization code - Removed fuzz_encode_stream.options. This set a max length, which may prevent some worthwhile code paths from being properly exercised. - Removed the max_len option from fuzz_decode_stream.options for the same reason as fuzz_encode_stream. The alone decoder fuzz target still has this restriction. - Altered the dictionary contents for fuzz_lzma.dict. Instead of keeping the properties static and varying the dictionary size, the properties are varied and the dictionary size is kept small. The dictionary size doesn't have much impact on the code paths but the properties do. Closes: https://github.com/tukaani-project/xz/pull/73
54 lines
1.7 KiB
C
54 lines
1.7 KiB
C
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
/// \file fuzz_decode_stream.c
|
|
/// \brief Fuzz test program for single threaded .xz decoding
|
|
//
|
|
// Authors: Lasse Collin
|
|
// Maksym Vatsyk
|
|
//
|
|
// This file has been put into the public domain.
|
|
// You can do whatever you want with this file.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include "lzma.h"
|
|
#include "fuzz_common.h"
|
|
|
|
|
|
extern int
|
|
LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
|
|
{
|
|
lzma_stream strm = LZMA_STREAM_INIT;
|
|
// Initialize a LZMA decoder using the memory usage limit
|
|
// defined in fuzz_common.h
|
|
//
|
|
// Enable support for concatenated .xz files which is used when
|
|
// decompressing regular .xz files (instead of data embedded inside
|
|
// some other file format). Integrity checks on the uncompressed
|
|
// data are ignored to make fuzzing more effective (incorrect check
|
|
// values won't prevent the decoder from processing more input).
|
|
//
|
|
// The flag LZMA_IGNORE_CHECK doesn't disable verification of
|
|
// header CRC32 values. Those checks are disabled when liblzma is
|
|
// built with the #define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION.
|
|
lzma_ret ret = lzma_stream_decoder(&strm, MEM_LIMIT,
|
|
LZMA_CONCATENATED | LZMA_IGNORE_CHECK);
|
|
|
|
if (ret != LZMA_OK) {
|
|
// This should never happen unless the system has
|
|
// no free memory or address space to allow the small
|
|
// allocations that the initialization requires.
|
|
fprintf(stderr, "lzma_stream_decoder() failed (%d)\n", ret);
|
|
abort();
|
|
}
|
|
|
|
fuzz_code(&strm, inbuf, inbuf_size);
|
|
|
|
// Free the allocated memory.
|
|
lzma_end(&strm);
|
|
|
|
return 0;
|
|
}
|