diff options
author | bimbashrestha <bshrestha.msae@gmail.com> | 2019-08-16 14:19:06 -0700 |
---|---|---|
committer | bimbashrestha <bshrestha.msae@gmail.com> | 2019-08-16 14:19:06 -0700 |
commit | a9ac05645644a0615b558f6ac655c4ae46c4a926 (patch) | |
tree | 4edf495099dc938d8b29d5f2bc299fcac524532b /ossfuzz | |
parent | fad8c97532f74d92f6aa4427a739610035fcbbd1 (diff) | |
download | lz4-a9ac05645644a0615b558f6ac655c4ae46c4a926.tar.gz lz4-a9ac05645644a0615b558f6ac655c4ae46c4a926.tar.bz2 lz4-a9ac05645644a0615b558f6ac655c4ae46c4a926.zip |
Created a data producer API and used in decompress_fuzzer
Diffstat (limited to 'ossfuzz')
-rw-r--r-- | ossfuzz/decompress_fuzzer.c | 7 | ||||
-rw-r--r-- | ossfuzz/fuzz_data_producer.h | 25 |
2 files changed, 26 insertions, 6 deletions
diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c index b17783c..49f71b0 100644 --- a/ossfuzz/decompress_fuzzer.c +++ b/ossfuzz/decompress_fuzzer.c @@ -14,7 +14,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - size_t const dstCapacity = FUZZ_produceUint32Range(data, size, 0, 4 * size); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); + size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, 4 * size); size_t const smallDictSize = size + 1; size_t const largeDictSize = 64 * 1024 - 1; size_t const dictSize = MAX(smallDictSize, largeDictSize); @@ -24,6 +25,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) char* const dataAfterDict = dict + dictSize; char* const smallDict = dataAfterDict - smallDictSize; + /* Restrict to remaining data from producer */ + size = producer->size; + FUZZ_ASSERT(dst); FUZZ_ASSERT(dict); @@ -52,6 +56,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) dstCapacity, dstCapacity); free(dst); free(dict); + FUZZ_dataProducer_free(producer); return 0; } diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h index c41aaec..6c4ef8a 100644 --- a/ossfuzz/fuzz_data_producer.h +++ b/ossfuzz/fuzz_data_producer.h @@ -3,8 +3,22 @@ #include <stdio.h> #include <stdlib.h> -FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size, - uint32_t min, uint32_t max) { +typedef struct { + const uint8_t *data; + size_t size; +} FUZZ_dataProducer_t; + +FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) { + FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t)); + producer->data = data; + producer->size = size; + return producer; +} + +void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); } + +uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min, + uint32_t max) { if (min > max) { return 0; } @@ -13,10 +27,11 @@ FUZZ_STATIC uint32_t FUZZ_produceUint32Range(uint8_t *data, size_t size, uint32_t rolling = range; uint32_t result = 0; - while (rolling > 0 && size > 0) { - uint8_t next = *(data + size - 1); - size -= 1; + while (rolling > 0 && producer->size > 0) { + uint8_t next = *(producer->data + producer->size - 1); + producer->size -= 1; result = (result << 8) | next; + rolling >>= 8; } if (range == 0xffffffff) { |