AuroraMiddleware/lz4
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Retreiving 32 bits from the end for fuzzer

Browse Source
This commit is contained in:
Bimba Shrestha 2019-09-13 18:08:58 -07:00
parent 9cb73d69c4
commit 8edc5879d0
10 changed files with 36 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ossfuzz/compress_frame_fuzzer.c
View File

@ -19,13 +19,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, compressBound);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);

7
ossfuzz/compress_fuzzer.c
View File

@ -16,10 +16,11 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, LZ4_compressBound(size));
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, LZ4_compressBound(size));
size_t const compressBound = LZ4_compressBound(size);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, compressBound);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);

8
ossfuzz/compress_hc_fuzzer.c
View File

@ -17,12 +17,10 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer,
0, LZ4_compressBound(size));
size_t const levelSeed = FUZZ_dataProducer_uint32(producer,
LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size_t const levelSeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, size);
int const level = FUZZ_getRange_from_uint32(levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);

10
ossfuzz/decompress_frame_fuzzer.c
View File

@ -31,15 +31,13 @@ static void decompress(LZ4F_dctx* dctx, void* dst, size_t dstCapacity,
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer,
0, 4 * size);
size_t const largeDictSize = 64 * 1024;
size_t const dictSizeSeed = FUZZ_dataProducer_uint32(producer,
0, largeDictSize);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size_t const dictSizeSeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = FUZZ_getRange_from_uint32(
dstCapacitySeed, 0, 4 * size);
size_t const largeDictSize = 64 * 1024;
size_t const dictSize = FUZZ_getRange_from_uint32(
dictSizeSeed, 0, largeDictSize);

5
ossfuzz/decompress_fuzzer.c
View File

@ -15,11 +15,10 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const dstCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, 4 * size);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, 4 * size);
size_t const dstCapacity = FUZZ_getRange_from_uint32(dstCapacitySeed, 0, 4 * size);
size_t const smallDictSize = size + 1;
size_t const largeDictSize = 64 * 1024 - 1;
size_t const dictSize = MAX(smallDictSize, largeDictSize);

30
ossfuzz/fuzz_data_producer.c
View File

@ -17,22 +17,18 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size)
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
uint32_t max) {
FUZZ_ASSERT(min <= max);
uint32_t range = max - min;
uint32_t rolling = range;
uint32_t result = 0;
while (rolling > 0 && producer->size > 0) {
uint8_t next = *(producer->data + producer->size - 1);
producer->size -= 1;
result = (result << 8) | next;
rolling >>= 8;
}
return result;
uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer) {
const uint8_t* data = producer->data;
const size_t size = producer->size;
if (size == 0) {
return 0;
} else if (size < 4) {
producer->size -= 1;
return (uint32_t)data[size - 1];
} else {
producer->size -= 4;
return *(data + size - 4);
}
}
uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
@ -47,7 +43,7 @@ uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max)
uint32_t FUZZ_dataProducer_range32(FUZZ_dataProducer_t* producer,
uint32_t min, uint32_t max)
{
size_t const seed = FUZZ_dataProducer_uint32(producer, min, max);
size_t const seed = FUZZ_dataProducer_retrieve32(producer);
return FUZZ_getRange_from_uint32(seed, min, max);
}

5
ossfuzz/fuzz_data_producer.h
View File

@ -16,9 +16,8 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size);
/* Frees the data producer */
void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
/* Returns a seed value for the function after this one to consume */
uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
uint32_t max);
/* Returns 32 bits from the end of data */
uint32_t FUZZ_dataProducer_retrieve32(FUZZ_dataProducer_t *producer);
/* Returns value between [min, max] */
uint32_t FUZZ_getRange_from_uint32(uint32_t seed, uint32_t min, uint32_t max);

3
ossfuzz/round_trip_frame_fuzzer.c
View File

@ -18,10 +18,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, size);
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
size_t const dstCapacity = LZ4F_compressFrameBound(LZ4_compressBound(size), &prefs);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(FUZZ_dataProducer_remainingBytes(producer));

7
ossfuzz/round_trip_fuzzer.c
View File

@ -15,11 +15,10 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
size_t const partialCapacitySeed = FUZZ_dataProducer_uint32(producer, 0, size);
size_t const partialCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed,
0, size);
size_t const partialCapacity = FUZZ_getRange_from_uint32(partialCapacitySeed, 0, size);
size_t const dstCapacity = LZ4_compressBound(size);
char* const dst = (char*)malloc(dstCapacity);

3
ossfuzz/round_trip_hc_fuzzer.c
View File

@ -18,10 +18,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
int const level = FUZZ_dataProducer_range32(producer,
LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
size = FUZZ_dataProducer_remainingBytes(producer);
size_t const dstCapacity = LZ4_compressBound(size);
size_t const dstCapacity = LZ4_compressBound(size);
char* const dst = (char*)malloc(dstCapacity);
char* const rt = (char*)malloc(size);