/src/cmp_tool/test/fuzz/fuzz_decompression.c
Line | Count | Source (jump to first uncovered line) |
1 | | /** |
2 | | * @file defuzz_compression.c |
3 | | * @date 2024 |
4 | | * |
5 | | * @copyright GPLv2 |
6 | | * This program is free software; you can redistribute it and/or modify it |
7 | | * under the terms and conditions of the GNU General Public License, |
8 | | * version 2, as published by the Free Software Foundation. |
9 | | * |
10 | | * This program is distributed in the hope it will be useful, but WITHOUT |
11 | | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
12 | | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
13 | | * more details. |
14 | | * |
15 | | * @brief decompression fuzz target |
16 | | */ |
17 | | |
18 | | |
19 | | #include <stdint.h> |
20 | | #include <stddef.h> |
21 | | #include <string.h> |
22 | | |
23 | | #include "fuzz_helpers.h" |
24 | | #include "fuzz_data_producer.h" |
25 | | |
26 | | #include "../../lib/decmp.h" |
27 | | |
28 | | |
29 | | int decompress_cmp_entiy_save(const struct cmp_entity *ent, size_t ent_size, const void *model_of_data, |
30 | | void *up_model_buf, void *decompressed_data, size_t decmp_size) |
31 | 714 | { |
32 | 714 | if (ent && ent_size < GENERIC_HEADER_SIZE) |
33 | 2 | return -1; |
34 | 712 | if (cmp_ent_get_size(ent) > ent_size) |
35 | 1 | return -1; |
36 | | |
37 | 711 | if (ent && (decompressed_data || up_model_buf)) { |
38 | 550 | int decmp_size_ent = decompress_cmp_entiy(ent, model_of_data, NULL, NULL); |
39 | | |
40 | 550 | if (decmp_size < (size_t)decmp_size_ent || decmp_size_ent < 0) |
41 | 1 | return -1; |
42 | 550 | } |
43 | | |
44 | 710 | return decompress_cmp_entiy(ent, model_of_data, up_model_buf, decompressed_data); |
45 | 711 | } |
46 | | |
47 | | int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) |
48 | 714 | { |
49 | 714 | const struct cmp_entity *ent = NULL; |
50 | 714 | const void *model_of_data = NULL; |
51 | 714 | void *up_model_buf; |
52 | 714 | uint32_t model_of_data_size; |
53 | 714 | uint32_t ent_size; |
54 | 714 | void *decompressed_data; |
55 | | |
56 | | /* Give a random portion of src data to the producer, to use for |
57 | | parameter generation. The rest will be used for data/model */ |
58 | 714 | FUZZ_dataProducer_t *producer = (FUZZ_dataProducer_t *)FUZZ_dataProducer_create(src, size); |
59 | | |
60 | 714 | size = FUZZ_dataProducer_reserveDataPrefix(producer); |
61 | 714 | FUZZ_ASSERT(size <= UINT32_MAX); |
62 | | |
63 | | /* spilt data to compressed data and model data */ |
64 | 714 | ent_size = FUZZ_dataProducer_uint32Range(producer, 0, (uint32_t)size); |
65 | 714 | model_of_data_size = FUZZ_dataProducer_uint32Range(producer, 0, (uint32_t)size-ent_size); |
66 | | |
67 | 714 | if (ent_size) |
68 | 704 | ent = (const struct cmp_entity *)src; |
69 | 714 | if (FUZZ_dataProducer_uint32Range(producer, 0, 1)) |
70 | 347 | model_of_data = src + ent_size; |
71 | 367 | else |
72 | 367 | model_of_data = NULL; |
73 | | |
74 | | |
75 | 714 | switch (FUZZ_dataProducer_int32Range(producer, 0, 2)) { |
76 | 562 | case 0: |
77 | 562 | up_model_buf = NULL; |
78 | 562 | break; |
79 | 62 | case 1: |
80 | 62 | up_model_buf = FUZZ_malloc(model_of_data_size); |
81 | 62 | break; |
82 | 90 | case 2: /* in-place update */ |
83 | 90 | up_model_buf = FUZZ_malloc(model_of_data_size); |
84 | 90 | if (model_of_data && up_model_buf) { |
85 | 77 | memcpy(up_model_buf, model_of_data, model_of_data_size); |
86 | 77 | model_of_data = up_model_buf; |
87 | 77 | } |
88 | 90 | break; |
89 | 0 | default: |
90 | 0 | FUZZ_ASSERT(0); |
91 | 714 | } |
92 | | |
93 | 714 | decompressed_data = FUZZ_malloc((size_t)model_of_data_size); |
94 | 714 | decompress_cmp_entiy_save(ent, ent_size, model_of_data, up_model_buf, decompressed_data, model_of_data_size); |
95 | | |
96 | 714 | free(up_model_buf); |
97 | 714 | free(decompressed_data); |
98 | 714 | FUZZ_dataProducer_free(producer); |
99 | | |
100 | 714 | return 0; |
101 | 714 | } |
102 | | |
103 | | |