mirror of
https://git.tukaani.org/xz.git
synced 2024-04-04 12:36:23 +02:00
ee2f483500
Most of these fixes are small typos and tweaks. A few were caused by bad advice from me. Here is the summary of what is changed: - Author line edits - Small comment changes/additions - Using the return value in the error messages in the fuzz targets' coder initialization code - Removed fuzz_encode_stream.options. This set a max length, which may prevent some worthwhile code paths from being properly exercised. - Removed the max_len option from fuzz_decode_stream.options for the same reason as fuzz_encode_stream. The alone decoder fuzz target still has this restriction. - Altered the dictionary contents for fuzz_lzma.dict. Instead of keeping the properties static and varying the dictionary size, the properties are varied and the dictionary size is kept small. The dictionary size doesn't have much impact on the code paths but the properties do. Closes: https://github.com/tukaani-project/xz/pull/73
56 lines
1.8 KiB
C
56 lines
1.8 KiB
C
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
/// \file fuzz_common.h
|
|
/// \brief Common macros and functions needed by the fuzz targets
|
|
//
|
|
// Authors: Maksym Vatsyk
|
|
// Lasse Collin
|
|
//
|
|
// This file has been put into the public domain.
|
|
// You can do whatever you want with this file.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <inttypes.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include "lzma.h"
|
|
|
|
// Some header values can make liblzma allocate a lot of RAM
|
|
// (up to about 4 GiB with liblzma 5.2.x). We set a limit here to
|
|
// prevent extreme allocations when fuzzing.
|
|
#define MEM_LIMIT (300 << 20) // 300 MiB
|
|
|
|
|
|
static void
|
|
fuzz_code(lzma_stream *stream, const uint8_t *inbuf, size_t inbuf_size) {
|
|
// Output buffer for decompressed data. This is write only; nothing
|
|
// cares about the actual data written here.
|
|
uint8_t outbuf[4096];
|
|
|
|
// Give the whole input buffer at once to liblzma.
|
|
// Output buffer isn't initialized as liblzma only writes to it.
|
|
stream->next_in = inbuf;
|
|
stream->avail_in = inbuf_size;
|
|
stream->next_out = outbuf;
|
|
stream->avail_out = sizeof(outbuf);
|
|
|
|
lzma_ret ret;
|
|
while ((ret = lzma_code(stream, LZMA_FINISH)) == LZMA_OK) {
|
|
if (stream->avail_out == 0) {
|
|
// outbuf became full. We don't care about the
|
|
// uncompressed data there, so we simply reuse
|
|
// the outbuf and overwrite the old data.
|
|
stream->next_out = outbuf;
|
|
stream->avail_out = sizeof(outbuf);
|
|
}
|
|
}
|
|
|
|
// LZMA_PROG_ERROR should never happen as long as the code calling
|
|
// the liblzma functions is correct. Thus LZMA_PROG_ERROR is a sign
|
|
// of a bug in either this function or in liblzma.
|
|
if (ret == LZMA_PROG_ERROR) {
|
|
fprintf(stderr, "lzma_code() returned LZMA_PROG_ERROR\n");
|
|
abort();
|
|
}
|
|
}
|