Making fuzzers use dataProducer api instead of random seed for decisions
This commit is contained in:
parent
dc17d39c2f
commit
7d153a704d
@ -13,19 +13,23 @@
|
|||||||
#include "lz4.h"
|
#include "lz4.h"
|
||||||
#include "lz4frame.h"
|
#include "lz4frame.h"
|
||||||
#include "lz4_helpers.h"
|
#include "lz4_helpers.h"
|
||||||
|
#include "fuzz_data_producer.h"
|
||||||
|
|
||||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||||
{
|
{
|
||||||
uint32_t seed = FUZZ_seed(&data, &size);
|
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
|
||||||
LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed);
|
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
|
||||||
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
|
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
|
||||||
size_t const dstCapacity = FUZZ_rand32(&seed, 0, compressBound);
|
size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, compressBound);
|
||||||
char* const dst = (char*)malloc(dstCapacity);
|
char* const dst = (char*)malloc(dstCapacity);
|
||||||
char* const rt = (char*)malloc(size);
|
char* const rt = (char*)malloc(size);
|
||||||
|
|
||||||
FUZZ_ASSERT(dst);
|
FUZZ_ASSERT(dst);
|
||||||
FUZZ_ASSERT(rt);
|
FUZZ_ASSERT(rt);
|
||||||
|
|
||||||
|
/* Restrict to remaining data from producer */
|
||||||
|
size = FUZZ_dataProducer_remainingBytes(producer);
|
||||||
|
|
||||||
/* If compression succeeds it must round trip correctly. */
|
/* If compression succeeds it must round trip correctly. */
|
||||||
size_t const dstSize =
|
size_t const dstSize =
|
||||||
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
|
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
|
||||||
@ -37,6 +41,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
|
|
||||||
free(dst);
|
free(dst);
|
||||||
free(rt);
|
free(rt);
|
||||||
|
FUZZ_dataProducer_free(producer);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -39,6 +39,31 @@ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
|
|||||||
return min + result % (range + 1);
|
return min + result % (range + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer)
|
||||||
|
{
|
||||||
|
LZ4F_frameInfo_t info = LZ4F_INIT_FRAMEINFO;
|
||||||
|
info.blockSizeID = FUZZ_dataProducer_uint32(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
|
||||||
|
if (info.blockSizeID < LZ4F_max64KB) {
|
||||||
|
info.blockSizeID = LZ4F_default;
|
||||||
|
}
|
||||||
|
info.blockMode = FUZZ_dataProducer_uint32(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
|
||||||
|
info.contentChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noContentChecksum,
|
||||||
|
LZ4F_contentChecksumEnabled);
|
||||||
|
info.blockChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noBlockChecksum,
|
||||||
|
LZ4F_blockChecksumEnabled);
|
||||||
|
return info;
|
||||||
|
}
|
||||||
|
|
||||||
|
LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer)
|
||||||
|
{
|
||||||
|
LZ4F_preferences_t prefs = LZ4F_INIT_PREFERENCES;
|
||||||
|
prefs.frameInfo = FUZZ_dataProducer_frameInfo(producer);
|
||||||
|
prefs.compressionLevel = FUZZ_dataProducer_uint32(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
|
||||||
|
prefs.autoFlush = FUZZ_dataProducer_uint32(producer, 0, 1);
|
||||||
|
prefs.favorDecSpeed = FUZZ_dataProducer_uint32(producer, 0, 1);
|
||||||
|
return prefs;
|
||||||
|
}
|
||||||
|
|
||||||
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer){
|
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer){
|
||||||
return producer->size;
|
return producer->size;
|
||||||
}
|
}
|
||||||
|
@ -4,6 +4,8 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
||||||
#include "fuzz_helpers.h"
|
#include "fuzz_helpers.h"
|
||||||
|
#include "lz4frame.h"
|
||||||
|
#include "lz4hc.h"
|
||||||
|
|
||||||
/* Struct used for maintaining the state of the data */
|
/* Struct used for maintaining the state of the data */
|
||||||
typedef struct FUZZ_dataProducer_s FUZZ_dataProducer_t;
|
typedef struct FUZZ_dataProducer_s FUZZ_dataProducer_t;
|
||||||
@ -18,5 +20,11 @@ void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
|
|||||||
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
|
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
|
||||||
uint32_t max);
|
uint32_t max);
|
||||||
|
|
||||||
|
/* Returns lz4 preferences */
|
||||||
|
LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer);
|
||||||
|
|
||||||
|
/* Returns lz4 frame info */
|
||||||
|
LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer);
|
||||||
|
|
||||||
/* Returns the size of the remaining bytes of data in the producer */
|
/* Returns the size of the remaining bytes of data in the producer */
|
||||||
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer);
|
size_t FUZZ_dataProducer_remainingBytes(FUZZ_dataProducer_t *producer);
|
||||||
|
@ -12,11 +12,12 @@
|
|||||||
#include "lz4.h"
|
#include "lz4.h"
|
||||||
#include "lz4frame.h"
|
#include "lz4frame.h"
|
||||||
#include "lz4_helpers.h"
|
#include "lz4_helpers.h"
|
||||||
|
#include "fuzz_data_producer.h"
|
||||||
|
|
||||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||||
{
|
{
|
||||||
uint32_t seed = FUZZ_seed(&data, &size);
|
FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
|
||||||
LZ4F_preferences_t const prefs = FUZZ_randomPreferences(&seed);
|
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
|
||||||
size_t const dstCapacity = LZ4F_compressFrameBound(size, &prefs);
|
size_t const dstCapacity = LZ4F_compressFrameBound(size, &prefs);
|
||||||
char* const dst = (char*)malloc(dstCapacity);
|
char* const dst = (char*)malloc(dstCapacity);
|
||||||
char* const rt = (char*)malloc(size);
|
char* const rt = (char*)malloc(size);
|
||||||
@ -24,6 +25,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
FUZZ_ASSERT(dst);
|
FUZZ_ASSERT(dst);
|
||||||
FUZZ_ASSERT(rt);
|
FUZZ_ASSERT(rt);
|
||||||
|
|
||||||
|
/* Restrict to remaining data from producer */
|
||||||
|
size = FUZZ_dataProducer_remainingBytes(producer);
|
||||||
|
|
||||||
/* Compression must succeed and round trip correctly. */
|
/* Compression must succeed and round trip correctly. */
|
||||||
size_t const dstSize =
|
size_t const dstSize =
|
||||||
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
|
LZ4F_compressFrame(dst, dstCapacity, data, size, &prefs);
|
||||||
@ -34,6 +38,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
|
|
||||||
free(dst);
|
free(dst);
|
||||||
free(rt);
|
free(rt);
|
||||||
|
FUZZ_dataProducer_free(producer);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -10,10 +10,12 @@
|
|||||||
|
|
||||||
#include "fuzz_helpers.h"
|
#include "fuzz_helpers.h"
|
||||||
#include "lz4.h"
|
#include "lz4.h"
|
||||||
|
#include "fuzz_data_producer.h"
|
||||||
|
|
||||||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
||||||
{
|
{
|
||||||
uint32_t seed = FUZZ_seed(&data, &size);
|
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
|
||||||
|
size_t const partialCapacity = FUZZ_dataProducer_uint32(producer, 0, size);
|
||||||
size_t const dstCapacity = LZ4_compressBound(size);
|
size_t const dstCapacity = LZ4_compressBound(size);
|
||||||
char* const dst = (char*)malloc(dstCapacity);
|
char* const dst = (char*)malloc(dstCapacity);
|
||||||
char* const rt = (char*)malloc(size);
|
char* const rt = (char*)malloc(size);
|
||||||
@ -21,6 +23,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
FUZZ_ASSERT(dst);
|
FUZZ_ASSERT(dst);
|
||||||
FUZZ_ASSERT(rt);
|
FUZZ_ASSERT(rt);
|
||||||
|
|
||||||
|
/* Restrict to remaining data from producer */
|
||||||
|
size = FUZZ_dataProducer_remainingBytes(producer);
|
||||||
|
|
||||||
/* Compression must succeed and round trip correctly. */
|
/* Compression must succeed and round trip correctly. */
|
||||||
int const dstSize = LZ4_compress_default((const char*)data, dst,
|
int const dstSize = LZ4_compress_default((const char*)data, dst,
|
||||||
size, dstCapacity);
|
size, dstCapacity);
|
||||||
@ -32,7 +37,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
|
|
||||||
/* Partial decompression must succeed. */
|
/* Partial decompression must succeed. */
|
||||||
{
|
{
|
||||||
size_t const partialCapacity = FUZZ_rand32(&seed, 0, size);
|
|
||||||
char* const partial = (char*)malloc(partialCapacity);
|
char* const partial = (char*)malloc(partialCapacity);
|
||||||
FUZZ_ASSERT(partial);
|
FUZZ_ASSERT(partial);
|
||||||
int const partialSize = LZ4_decompress_safe_partial(
|
int const partialSize = LZ4_decompress_safe_partial(
|
||||||
@ -43,8 +47,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|||||||
free(partial);
|
free(partial);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
free(dst);
|
free(dst);
|
||||||
free(rt);
|
free(rt);
|
||||||
|
FUZZ_dataProducer_free(producer);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user