Coverage Report

Created: 2025-06-15 00:57

/src/cmp_tool/test/fuzz/fuzz_decompression.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * @file defuzz_compression.c
3
 * @date 2024
4
 *
5
 * @copyright GPLv2
6
 * This program is free software; you can redistribute it and/or modify it
7
 * under the terms and conditions of the GNU General Public License,
8
 * version 2, as published by the Free Software Foundation.
9
 *
10
 * This program is distributed in the hope it will be useful, but WITHOUT
11
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13
 * more details.
14
 *
15
 * @brief decompression fuzz target
16
 */
17
18
19
#include <stdint.h>
20
#include <stddef.h>
21
#include <string.h>
22
23
#include "fuzz_helpers.h"
24
#include "fuzz_data_producer.h"
25
26
#include "../../lib/decmp.h"
27
28
29
int decompress_cmp_entiy_save(const struct cmp_entity *ent, size_t ent_size, const void *model_of_data,
30
       void *up_model_buf, void *decompressed_data, size_t decmp_size)
31
714
{
32
714
  if (ent && ent_size < GENERIC_HEADER_SIZE)
33
2
    return -1;
34
712
  if (cmp_ent_get_size(ent) > ent_size)
35
1
    return -1;
36
37
711
  if (ent && (decompressed_data || up_model_buf)) {
38
550
    int decmp_size_ent = decompress_cmp_entiy(ent, model_of_data, NULL, NULL);
39
40
550
    if (decmp_size < (size_t)decmp_size_ent || decmp_size_ent < 0)
41
1
      return -1;
42
550
  }
43
44
710
  return decompress_cmp_entiy(ent, model_of_data, up_model_buf, decompressed_data);
45
711
}
46
47
int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
48
714
{
49
714
  const struct cmp_entity *ent = NULL;
50
714
  const void *model_of_data = NULL;
51
714
  void *up_model_buf;
52
714
  uint32_t model_of_data_size;
53
714
  uint32_t ent_size;
54
714
  void *decompressed_data;
55
56
  /* Give a random portion of src data to the producer, to use for
57
     parameter generation. The rest will be used for data/model */
58
714
  FUZZ_dataProducer_t *producer = (FUZZ_dataProducer_t *)FUZZ_dataProducer_create(src, size);
59
60
714
  size = FUZZ_dataProducer_reserveDataPrefix(producer);
61
714
  FUZZ_ASSERT(size <= UINT32_MAX);
62
63
  /* spilt data to compressed data and model data */
64
714
  ent_size = FUZZ_dataProducer_uint32Range(producer, 0, (uint32_t)size);
65
714
  model_of_data_size = FUZZ_dataProducer_uint32Range(producer, 0, (uint32_t)size-ent_size);
66
67
714
  if (ent_size)
68
704
    ent = (const struct cmp_entity *)src;
69
714
  if (FUZZ_dataProducer_uint32Range(producer, 0, 1))
70
347
    model_of_data = src + ent_size;
71
367
  else
72
367
    model_of_data = NULL;
73
74
75
714
  switch (FUZZ_dataProducer_int32Range(producer, 0, 2)) {
76
562
  case 0:
77
562
    up_model_buf = NULL;
78
562
    break;
79
62
  case 1:
80
62
    up_model_buf = FUZZ_malloc(model_of_data_size);
81
62
    break;
82
90
  case 2: /* in-place update */
83
90
    up_model_buf = FUZZ_malloc(model_of_data_size);
84
90
    if (model_of_data && up_model_buf) {
85
77
      memcpy(up_model_buf, model_of_data, model_of_data_size);
86
77
      model_of_data = up_model_buf;
87
77
    }
88
90
    break;
89
0
  default:
90
0
    FUZZ_ASSERT(0);
91
714
  }
92
93
714
  decompressed_data = FUZZ_malloc((size_t)model_of_data_size);
94
714
  decompress_cmp_entiy_save(ent, ent_size, model_of_data, up_model_buf, decompressed_data, model_of_data_size);
95
96
714
  free(up_model_buf);
97
714
  free(decompressed_data);
98
714
  FUZZ_dataProducer_free(producer);
99
100
714
  return 0;
101
714
}
102
103