diff --git a/test/fuzz/fuzz_compression.c b/test/fuzz/fuzz_compression.c
index 1c91d3462b6f5584ff0e54d00a8864a1cba847f0..9962dee6fc181123f5a76c2ce36fcec06a5651fc 100644
--- a/test/fuzz/fuzz_compression.c
+++ b/test/fuzz/fuzz_compression.c
@@ -22,6 +22,7 @@
 
 #include <stdint.h>
 #include <stddef.h>
+#include <string.h>
 
 #include "fuzz_helpers.h"
 #include "fuzz_data_producer.h"
@@ -73,10 +74,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
 		up_model = NULL;
 		break;
 	case 1:
-		up_model = malloc(size);
+		up_model = FUZZ_malloc(size);
 		break;
 	case 2:
-		up_model = (void *)model; /* in-place update */
+		up_model = FUZZ_malloc(size);
+		if (model && up_model) {
+			memcpy(up_model, model, size);
+			model = up_model; /* in-place update */
+		}
 		break;
 	default:
 		FUZZ_ASSERT(0);
@@ -130,8 +135,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
 	}
 
 	free(cmp_data);
-	if (up_model != model)
-		free(up_model);
+	free(up_model);
 	FUZZ_dataProducer_free(producer);
 	return 0;
 }