diff --git a/INSTALL.md b/INSTALL.md
index fc7e40df9dedc8509dd13c9200151e5aee955368..414967da6a9bd6af917d6f9b4ae7f95cd1dbb5c9 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -152,7 +152,7 @@ meson setup builddir_fuzzing \
--buildtype=plain \
-Dfuzzer=enabled \
-Dfuzzer_ldflags=-fsanitize=fuzzer \
- -Dc_args="-O1 -gline-tables-only -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" \
+ -Dc_args="-O1 -gline-tables-only -fsanitize=fuzzer-no-link" \
-Db_sanitize=address,undefined \
-Ddebug_level=0 \
-Ddefault_library=static \
diff --git a/test/fuzz/fuzz_compression.c b/test/fuzz/fuzz_compression.c
index c0476546226b9fe472d01bcb802d874891376b55..e894ebc2e8b89425833fa9772f39be1768f25842 100644
--- a/test/fuzz/fuzz_compression.c
+++ b/test/fuzz/fuzz_compression.c
@@ -26,7 +26,6 @@
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
-#include "../test_common/test_common.h"
#include "../../lib/cmp_chunk.h"
@@ -62,7 +61,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
if (cmp_is_error(cmp_size_bound))
cmp_size_bound = 0;
cmp_data_capacity = FUZZ_dataProducer_uint32Range(producer, 0, cmp_size_bound+(uint32_t)size);
- cmp_data = (uint32_t *)TEST_malloc(cmp_data_capacity);
+ cmp_data = (uint32_t *)FUZZ_malloc(cmp_data_capacity);
FUZZ_dataProducer_cmp_par(producer, &cmp_par);
if (FUZZ_dataProducer_uint32Range(producer, 0, 1))
@@ -74,10 +73,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
up_model = NULL;
break;
case 1:
- up_model = TEST_malloc(size);
+ up_model = FUZZ_malloc(size);
break;
case 2:
- up_model = TEST_malloc(size);
+ up_model = FUZZ_malloc(size);
if (model && up_model) {
memcpy(up_model, model, size);
model = up_model; /* in-place update */
diff --git a/test/fuzz/fuzz_data_producer.c b/test/fuzz/fuzz_data_producer.c
index 9f03a948b6d8519e57a262d9e17ee16836b33f70..1ee59944a44d2b2754d5ca343542c7493c47f1d1 100644
--- a/test/fuzz/fuzz_data_producer.c
+++ b/test/fuzz/fuzz_data_producer.c
@@ -23,7 +23,6 @@
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
-#include "../test_common/test_common.h"
#include <cmp_chunk.h>
struct FUZZ_dataProducer_s{
@@ -32,7 +31,7 @@ struct FUZZ_dataProducer_s{
};
FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size) {
- FUZZ_dataProducer_t *producer = TEST_malloc(sizeof(FUZZ_dataProducer_t));
+ FUZZ_dataProducer_t *producer = FUZZ_malloc(sizeof(FUZZ_dataProducer_t));
producer->data = data;
producer->size = size;
diff --git a/test/fuzz/fuzz_decompression.c b/test/fuzz/fuzz_decompression.c
index 01ade21a0ae28b95a810b4c630e04307d8fc5171..85ec62e172cd60de227d091477735ad3edc6643b 100644
--- a/test/fuzz/fuzz_decompression.c
+++ b/test/fuzz/fuzz_decompression.c
@@ -22,7 +22,6 @@
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
-#include "../test_common/test_common.h"
#include "../../lib/decmp.h"
@@ -77,10 +76,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
up_model_buf = NULL;
break;
case 1:
- up_model_buf = TEST_malloc(model_of_data_size);
+ up_model_buf = FUZZ_malloc(model_of_data_size);
break;
case 2: /* in-place update */
- up_model_buf = TEST_malloc(model_of_data_size);
+ up_model_buf = FUZZ_malloc(model_of_data_size);
if (model_of_data && up_model_buf) {
memcpy(up_model_buf, model_of_data, model_of_data_size);
model_of_data = up_model_buf;
@@ -90,7 +89,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
FUZZ_ASSERT(0);
}
- decompressed_data = TEST_malloc((size_t)model_of_data_size);
+ decompressed_data = FUZZ_malloc((size_t)model_of_data_size);
decompress_cmp_entiy_save(ent, ent_size, model_of_data, up_model_buf, decompressed_data, model_of_data_size);
free(up_model_buf);
diff --git a/test/fuzz/fuzz_helpers.c b/test/fuzz/fuzz_helpers.c
new file mode 100644
index 0000000000000000000000000000000000000000..fab2f0bcce7f0e00c040deeafb6f8f5f7501dafb
--- /dev/null
+++ b/test/fuzz/fuzz_helpers.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) Meta Platforms, Inc. and affiliates.
+ * All rights reserved.
+ *
+ * This source code is licensed under both the BSD-style license (found in the
+ * LICENSE.BSD-3.Zstandard file in the 3rdparty_licenses directory) and the GPLv2
+ * (found in the LICENSE.GPL-2 file in the 3rdparty_licenses directory).
+ * You may select, at your option, one of the above-listed licenses.
+ */
+
+/**
+ * Helper functions for fuzzing.
+ */
+
+#include <stdlib.h>
+
+#include "fuzz_helpers.h"
+
+
+void* FUZZ_malloc(size_t size)
+{
+ if (size > 0) {
+ void* const mem = malloc(size);
+ FUZZ_ASSERT(mem);
+ return mem;
+ }
+ return NULL;
+}
diff --git a/test/fuzz/fuzz_helpers.h b/test/fuzz/fuzz_helpers.h
index 0f95b74593d3c381e12e78838e694ef5d51a8da9..bdaa672c81e9f63dad8d5fe4119be0c085128ecf 100644
--- a/test/fuzz/fuzz_helpers.h
+++ b/test/fuzz/fuzz_helpers.h
@@ -35,6 +35,8 @@ extern "C" {
abort()))
#define FUZZ_ASSERT(cond) FUZZ_ASSERT_MSG((cond), "");
+void* FUZZ_malloc(size_t size);
+
#ifdef __cplusplus
}
#endif
diff --git a/test/fuzz/fuzz_round_trip.c b/test/fuzz/fuzz_round_trip.c
index c8a1ff1397354318ca267c04cfa3e1bc74a662c1..88079bbc1f2628a9819726bf3c7bd509de36ebdd 100644
--- a/test/fuzz/fuzz_round_trip.c
+++ b/test/fuzz/fuzz_round_trip.c
@@ -27,7 +27,6 @@
#include "fuzz_helpers.h"
#include "fuzz_data_producer.h"
#include "../test_common/chunk_round_trip.h"
-#include "../test_common/test_common.h"
int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
@@ -62,7 +61,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
/* 1/2 of the cases we use a updated model buffer */
if (FUZZ_dataProducer_uint32Range(producer, 0, 1)) {
- up_model = TEST_malloc(size);
+ up_model = FUZZ_malloc(size);
if (!model_mode_is_used(cmp_par.cmp_mode))
memset(up_model, 0, size); /* up_model is not used */
}
@@ -71,7 +70,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
if (cmp_is_error(cmp_size_bound))
cmp_size_bound = 0;
cmp_data_capacity = FUZZ_dataProducer_uint32Range(producer, 0, cmp_size_bound+(uint32_t)size);
- cmp_data = (uint32_t *)TEST_malloc(cmp_data_capacity);
+ cmp_data = (uint32_t *)FUZZ_malloc(cmp_data_capacity);
use_decmp_buf = FUZZ_dataProducer_int32Range(producer, 0, 1);
use_decmp_up_model = FUZZ_dataProducer_int32Range(producer, 0, 1);
diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build
index 89d67ad7ab120271d3baecaf616e475ee0ddfa7e..c9a73c9a8f05bc30add39690e8c983ea75bd9113 100644
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@@ -2,7 +2,7 @@ if get_option('fuzzer').disabled()
subdir_done()
endif
-fuzz_common = files('fuzz_data_producer.c')
+fuzz_common = files('fuzz_data_producer.c', 'fuzz_helpers.c')
fuzz_targets = ['fuzz_compression.c', 'fuzz_round_trip.c', 'fuzz_decompression.c']
add_languages('cpp', native: false) # libFuzzingEngine needs c++
@@ -12,9 +12,9 @@ foreach target : fuzz_targets
target_name = file_name.split('.').get(0)
fuzz_exe = executable(target_name,
- fuzz_common, file_name,
+ fuzz_common, chunk_round_trip, file_name,
include_directories : incdir,
- link_with : [cmp_lib, test_common_lib],
+ link_with : [cmp_lib],
link_args : get_option('fuzzer_ldflags'),
link_language : 'cpp' # libFuzzingEngine needs c++
)
diff --git a/test/test_common/chunk_round_trip.c b/test/test_common/chunk_round_trip.c
index d0324d254803cecbd4ab478bec56e91307f1993c..fa538f9297a5358f49dc46dac735ec9e193b50f0 100644
--- a/test/test_common/chunk_round_trip.c
+++ b/test/test_common/chunk_round_trip.c
@@ -32,6 +32,26 @@
#endif
+
+/**
+ * @brief allocates memory safely for tests
+ *
+ * @param size the size of memory to allocate
+ *
+ * @returns a pointer to the allocated memory, or NULL if allocation fails
+ */
+
+static void* TEST_malloc(size_t size)
+{
+ if (size > 0) {
+ void* const mem = malloc(size);
+ TEST_ASSERT(mem);
+ return mem;
+ }
+ return NULL;
+}
+
+
/**
* @brief performs chunk compression and checks if a decompression is possible
*
diff --git a/test/test_common/meson.build b/test/test_common/meson.build
index ab030dcba818ca56b9582deb9492859805da7b9e..ecc5614874603747e38f52d1d4ecb6ce5d8ea577 100644
--- a/test/test_common/meson.build
+++ b/test/test_common/meson.build
@@ -1,9 +1,10 @@
pcg_proj = subproject('pcg-c-basic')
pcb_dep = pcg_proj.get_variable('libpcg_basic_dep')
+chunk_round_trip = files('chunk_round_trip.c')
test_common_lib = static_library(
'test_common',
'test_common.c',
- 'chunk_round_trip.c',
+ chunk_round_trip,
dependencies: [pcb_dep, unity_dep]
)
diff --git a/test/test_common/test_common.c b/test/test_common/test_common.c
index 0cdd826a041d1876a61a324131d8d2b45ef93390..1a3e79d8eff4d06ae52a56e14c32ba647b4c4402 100644
--- a/test/test_common/test_common.c
+++ b/test/test_common/test_common.c
@@ -50,22 +50,3 @@ uint32_t cmp_rand_nbits(unsigned int n_bits)
return cmp_rand32() >> (32 - n_bits);
}
-
-
-/**
- * @brief allocates memory safely for tests
- *
- * @param size The size of memory to allocate.
- *
- * @returns a pointer to the allocated memory, or NULL if allocation fails
- */
-
-void* TEST_malloc(size_t size)
-{
- if (size > 0) {
- void* const mem = malloc(size);
- TEST_ASSERT(mem);
- return mem;
- }
- return NULL;
-}
diff --git a/test/test_common/test_common.h b/test/test_common/test_common.h
index a5e72f9963b3debe5486034d7ccf3abf5624b5bf..870b083d087600d3534c7b9e300f3750decbefea 100644
--- a/test/test_common/test_common.h
+++ b/test/test_common/test_common.h
@@ -12,6 +12,4 @@ uint32_t cmp_rand_between(uint32_t min, uint32_t max);
uint32_t cmp_rand_nbits(unsigned int n_bits);
-void* TEST_malloc(size_t size);
-
#endif /* TEST_COMMON_H */