$(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) $< -o $@
# Generic rule for generating fuzzers
-%_fuzzer: %_fuzzer.o lz4_helpers.o $(LZ4DIR)/liblz4.a
+%_fuzzer: %_fuzzer.o lz4_helpers.o fuzz_data_producer.o $(LZ4DIR)/liblz4.a
# Compile the standalone code just in case. The OSS-Fuzz code might
# override the LIB_FUZZING_ENGINE value to "-fsanitize=fuzzer"
$(CC) -c $(LZ4_CFLAGS) $(LZ4_CPPFLAGS) standaloneengine.c -o standaloneengine.o
#include <string.h>
#include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
#include "lz4.h"
#include "lz4frame.h"
#include "lz4_helpers.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
uint32_t seed = FUZZ_seed(&data, &size);
LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed);
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
#include <string.h>
#include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
#include "lz4.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
- size_t const dstCapacity = FUZZ_rand32(&seed, 0, LZ4_compressBound(size));
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
+ size_t const dstCapacity = FUZZ_dataProducer_uint32(
+ producer, 0, LZ4_compressBound(size));
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
+ /* Restrict to remaining data from producer */
+ size = producer->size;
+
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}
#include <string.h>
#include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
#include "lz4.h"
#include "lz4hc.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
- size_t const dstCapacity = FUZZ_rand32(&seed, 0, LZ4_compressBound(size));
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
+ size_t const dstCapacity = FUZZ_dataProducer_uint32(
+ producer, 0, LZ4_compressBound(size));
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
- int const level = FUZZ_rand32(&seed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+ int const level = FUZZ_dataProducer_uint32(
+ producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+
+ /* Restrict to remaining data from producer */
+ size = producer->size;
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}
#include <string.h>
#include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
#include "lz4.h"
#define LZ4F_STATIC_LINKING_ONLY
#include "lz4frame.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
-
- uint32_t seed = FUZZ_seed(&data, &size);
- size_t const dstCapacity = FUZZ_rand32(&seed, 0, 4 * size);
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
+ size_t const dstCapacity = FUZZ_dataProducer_uint32(
+ producer, 0, 4 * size);
size_t const largeDictSize = 64 * 1024;
- size_t const dictSize = FUZZ_rand32(&seed, 0, largeDictSize);
+ size_t const dictSize = FUZZ_dataProducer_uint32(
+ producer, 0, largeDictSize);
char* const dst = (char*)malloc(dstCapacity);
char* const dict = (char*)malloc(dictSize);
LZ4F_decompressOptions_t opts;
LZ4F_dctx* dctx;
LZ4F_createDecompressionContext(&dctx, LZ4F_VERSION);
+ /* Restrict to remaining data from producer */
+ size = producer->size;
+
FUZZ_ASSERT(dctx);
FUZZ_ASSERT(dst);
FUZZ_ASSERT(dict);
LZ4F_freeDecompressionContext(dctx);
free(dst);
free(dict);
+ FUZZ_dataProducer_free(producer);
return 0;
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
- size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, 4 * size);
+ size_t const dstCapacity = FUZZ_dataProducer_uint32(
+ producer, 0, 4 * size);
size_t const smallDictSize = size + 1;
size_t const largeDictSize = 64 * 1024 - 1;
size_t const dictSize = MAX(smallDictSize, largeDictSize);
--- /dev/null
+#include "fuzz_data_producer.h"
+
+FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) {
+ FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t));
+ producer->data = data;
+ producer->size = size;
+ return producer;
+}
+
+void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
+
+uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
+ uint32_t max) {
+ FUZZ_ASSERT(min <= max);
+
+ uint32_t range = max - min;
+ uint32_t rolling = range;
+ uint32_t result = 0;
+
+ while (rolling > 0 && producer->size > 0) {
+ uint8_t next = *(producer->data + producer->size - 1);
+ producer->size -= 1;
+ result = (result << 8) | next;
+ rolling >>= 8;
+ }
+
+ if (range == 0xffffffff) {
+ return result;
+ }
+
+ return min + result % (range + 1);
+}
#include <stdio.h>
#include <stdlib.h>
+#include "fuzz_helpers.h"
+
typedef struct {
const uint8_t *data;
size_t size;
} FUZZ_dataProducer_t;
-FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) {
- FUZZ_dataProducer_t *producer = malloc(sizeof(FUZZ_dataProducer_t));
- producer->data = data;
- producer->size = size;
- return producer;
-}
+FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size);
-void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
+void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
- uint32_t max) {
- if (min > max) {
- return 0;
- }
-
- uint32_t range = max - min;
- uint32_t rolling = range;
- uint32_t result = 0;
-
- while (rolling > 0 && producer->size > 0) {
- uint8_t next = *(producer->data + producer->size - 1);
- producer->size -= 1;
- result = (result << 8) | next;
- rolling >>= 8;
- }
-
- if (range == 0xffffffff) {
- return result;
- }
-
- return min + result % (range + 1);
-}
+ uint32_t max);
#include <string.h>
#include "fuzz_helpers.h"
+#include "fuzz_data_producer.h"
#include "lz4.h"
#include "lz4hc.h"
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- uint32_t seed = FUZZ_seed(&data, &size);
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const dstCapacity = LZ4_compressBound(size);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);
- int const level = FUZZ_rand32(&seed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+ int const level = FUZZ_dataProducer_uint32(
+ producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+
+ /* Restrict to remaining data from producer */
+ size = producer->size;
FUZZ_ASSERT(dst);
FUZZ_ASSERT(rt);
free(dst);
free(rt);
+ FUZZ_dataProducer_free(producer);
return 0;
}