Commit Graph

2282 Commits

Author SHA1 Message Date
Bimba Shrestha
8edc5879d0 Retreiving 32 bits from the end for fuzzer 2019-09-13 18:08:58 -07:00
Bimba Shrestha
9cb73d69c4 Addressing naming nits and moving size modification up in all fuzzers 2019-09-13 16:04:48 -07:00
Bimba Shrestha
208694297a Seperating the seed generation and use 2019-09-13 14:07:52 -07:00
Bimba Shrestha
7d153a704d Making fuzzers use dataProducer api instead of random seed for decisions 2019-08-30 10:27:42 -07:00
bimbashrestha
dc17d39c2f Adding comments, fixing nit, and hiding the struct in data producer api 2019-08-16 17:14:47 -07:00
bimbashrestha
f839e9fe8a Seperating fuzz data producer api impl and header, using data producer on the easy fuzzers 2019-08-16 16:43:28 -07:00
bimbashrestha
a9ac056456 Created a data producer API and used in decompress_fuzzer 2019-08-16 14:19:06 -07:00
bimbashrestha
fad8c97532 Adding fuzz data producer for uint32 and using in decompress_fuzzer
Summary: Consuming bytes from the end of data instead of from the front to prevent "all-in-one" decisions.

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
2019-08-16 10:50:46 -07:00
Yann Collet
fdf2ef5809 fixed test error
could trigger %0 on exceptional circumstances
due to wrong buffer size parameter.
2019-08-15 13:59:59 +02:00
Yann Collet
dfad84ca3e
Merge pull request #777 from terrelln/off-by-one
[LZ4_compress_destSize] Fix off-by-one error
2019-08-10 02:08:03 +02:00
Nick Terrell
d7cad81093 [LZ4_compress_destSize] Fix off-by-one error
PR#756 fixed the data corruption bug, but didn't clear `ip`. PR#760
fixed that off-by-one error, but missed the case where `ip == filledIp`,
which is harder for the fuzzers to find (it took 20 days not 1 day).

Verified this fixed the issue reported by OSS-Fuzz.

Credit to OSS-Fuzz.
2019-08-09 10:36:46 -07:00
Yann Collet
1bcde6414a
Merge pull request #773 from felixhandte/attach-empty-dict-behavior-conformance
Make Attaching an Empty Dict Behave the Same as Using it Directly
2019-08-08 01:48:53 +02:00
W. Felix Handte
4c58006719 Only Bump Offset When Attaching Non-Null Dictionary
We do want to bump, even if the dictionary is empty, but we **don't** want to
bump if the dictionary is null.
2019-08-06 19:08:41 -04:00
W. Felix Handte
4f49d744e8 Add Attach Dict Debug Log 2019-08-06 18:54:03 -04:00
W. Felix Handte
918269a4e3 Make Attaching an Empty Dict Behave the Same as Using it Directly
When using an empty dictionary, we bail out of loading or attaching it in
ways that leave the working context in potentially slightly different states.
In particular, in some paths, we will cause the currentOffset to be non-zero,
while in others we would allow it to remain 0.

This difference in behavior is perfectly harmless, but in some situations, it
can produce slight differences in the compressed output. For sanity's sake,
we currently try to maintain a strict correspondence between the behavior of
the dict attachment and the dict loading paths. This patch restores them to
behaving identically.

This shouldn't have any negative side-effects, as far as I can tell. When
writing the dict attachment code, I tried to preserve zeroed currentOffsets
when possible, since they benchmarked as very slightly faster. However, the
case of attaching an empty dictionary is probably rare enought that it's
acceptable to minisculely degrade performance in that corner case.
2019-08-06 18:50:33 -04:00
Yann Collet
b5b9760c80
Merge pull request #772 from lz4/offset0
silence msan warning when offset==0
2019-08-06 19:17:16 +02:00
Yann Collet
e18fbd51c1 silence msan warning when offset==0 2019-08-06 15:35:49 +02:00
Yann Collet
0726bddabd
Merge pull request #771 from terrelln/rep-ext-fix
[lz4hc] Further improve pattern detection and chain swapping
2019-08-02 01:27:53 +02:00
Nick Terrell
064adb2e8d [lz4hc] Chain swap with acceleration 2019-07-31 10:17:26 -07:00
Nick Terrell
38c3945de3 [lz4hc] Only allow chain swapping forwards
When the match is very long and found quickly, we can do
matchLength * nbCompares iterations through the chain
swapping, which can really slow down compression.
2019-07-31 10:17:26 -07:00
Nick Terrell
be1738aa46 [lz4hc] Fix pattern detection end of dictionary
The pattern detection in extDict mode could put `matchIndex`
within the last 3 bytes of the dictionary. This would cause
a read out of bounds.
2019-07-31 10:17:21 -07:00
Nick Terrell
58ea585878 [lz4hc] Fix minor pessimization in extDict pattern matching
We should be comparing `matchPtr` not `ip`. This bug just means
that this branch was not taken, so we might miss some of the
forward length.
2019-07-31 10:16:25 -07:00
Nick Terrell
7e97bf377d [lz4hc] Improve pattern detection in ext dict
It is important to continue to look backwards if the current pattern
reaches `lowPrefixPtr`. If the pattern detection doesn't go all the
way to the beginning of the pattern, or the end of the pattern it
slows down the search instead of speeding it up.

The slow unit in `round_trip_stream_fuzzer` used to take 12 seconds
to run with -O3, now it takes 0.2 seconds.

Credit to OSS-Fuzz
2019-07-31 10:16:21 -07:00
Yann Collet
ce9176a68d
Merge pull request #768 from terrelln/rep-ext
[LZ4HC] Speed up pattern compression with external dictionary
2019-07-24 13:47:19 -07:00
Nick Terrell
4c1d4c437d [LZ4HC] Speed up pattern compression with external dictionary
Fixes #761.
2019-07-24 10:59:20 -07:00
Yann Collet
805947ffcb
Merge pull request #766 from Low-power/cli-option---best
Add option '--best' to lz4(1)
2019-07-23 01:00:53 -07:00
WHR
eee8cc79e7 lz4cli: add option '--best' as an alias of '-12' 2019-07-23 13:37:11 +08:00
Yann Collet
fb8a159436
Merge pull request #763 from terrelln/unused
[lz4frame] Fix unused variable warnings in fuzzing mode
2019-07-19 16:54:01 -07:00
Yann Collet
7a516411d4
Merge pull request #760 from terrelln/destSize
[LZ4_compress_destSize] Fix off-by-one error in fix
2019-07-19 15:22:51 -07:00
Nick Terrell
87e52f7d5d [lz4frame] Fix unused variable warnings in fuzzing mode 2019-07-19 14:44:06 -07:00
Yann Collet
ee23c273e2
Merge pull request #758 from dooxe/develop
Added `BUNDLE	DESTINATION`
2019-07-19 09:11:12 -07:00
Yann Collet
316f2b6f4d
Merge pull request #762 from terrelln/frame-fuzz
[fuzz] Add LZ4 frame fuzzers
2019-07-18 21:53:33 -07:00
Nick Terrell
d28159c025 [fuzz] Add LZ4 frame fuzzers
* Round trip fuzzer
* Compress fuzzer
* Decompress fuzzer
2019-07-18 18:54:59 -07:00
Nick Terrell
b487660309 [lz4frame] Skip magic and checksums in fuzzing mode
When `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` is defined we skip
magic and checksum checks. This makes it easier to fuzz decompression.
2019-07-18 18:45:32 -07:00
Nick Terrell
1f236e0790 Fix LZ4_attach_dictionary with empty dictionary 2019-07-18 12:29:15 -07:00
Nick Terrell
675ef9a9fc [fuzz] Add HC fuzzers for round trip, compress, and streaming 2019-07-18 12:29:15 -07:00
Nick Terrell
399a80d48e [fuzzer] Update scripts for new fuzzers 2019-07-18 12:29:15 -07:00
Nick Terrell
9b258abd93 [fuzz] Add a streaming round trip fuzzer 2019-07-18 12:29:15 -07:00
Nick Terrell
7c32101c65 [LZ4_compress_destSize] Fix off-by-one error in fix
The next match is looking at the current ip, not the next ip,
so it needs to be cleared as well.

Credit to OSS-Fuzz
2019-07-18 12:20:29 -07:00
W. Felix Handte
40943ba0c9 Unconditionally Clear dictCtx 2019-07-18 13:35:12 -04:00
W. Felix Handte
369fb3900c Fix Data Corruption Bug when Streaming with an Attached Dict in HC Mode
This diff fixes an issue in which we failed to clear the `dictCtx` in HC
compression. The `dictCtx` is not supposed to be used when an `extDict` is
present: matches found in the `dictCtx` do not account for the presence of an
`extDict` segment, and their offsets are therefore miscalculated when one is
present. This can lead to data corruption.

This diff clears the `dictCtx` whenever setting an `extDict`.

This issue was uncovered by @terrelln's fuzzing work.
2019-07-18 12:48:41 -04:00
dooxe
99d925f997 Added BUNDLE DESTINATION in CMakeLists.txt so that it works with newer versions of cmake 2019-07-18 11:25:43 +02:00
Yann Collet
19b099986a
Merge pull request #756 from terrelln/destSize
[LZ4_compress_destSize + multi-blocks streaming] Fix rare data corruption bug
2019-07-17 13:25:41 -07:00
Nick Terrell
13a2d9e34f [LZ4_compress_destSize] Fix overflow condition 2019-07-17 11:50:47 -07:00
Nick Terrell
6bc6f836a1 [LZ4_compress_destSize] Fix rare data corruption bug 2019-07-17 11:38:38 -07:00
Nick Terrell
690009e2c2 [LZ4_compress_destSize] Allow 2 more bytes of match length 2019-07-17 11:07:24 -07:00
Yann Collet
7654a5a6d2
Merge pull request #752 from terrelln/fuzzers
[ossfuzz] Improve the fuzzers
2019-07-16 11:18:09 -07:00
Yann Collet
81a14ccccb
Merge pull request #755 from lz4/custom_distance
ensure conformance with custom LZ4_DISTANCE_MAX
2019-07-15 16:38:28 -07:00
Nick Terrell
3c40db8d25 [ossfuzz] Improve the fuzzers
* Run more decompression variants
* Round trip the compression fuzzer and do partial decompression as well
* Add a compression fuzzer that compresses into a smaller output buffer
  and test the destSize variant

These fuzzers caught 2 bugs that were fixed in the previous commit.
* Input buffer over-read in partial decompress
* Partial decompress fails if output size is 0
2019-07-15 12:22:04 -07:00
Nick Terrell
725cb0aafd [lz4] Fix bugs in partial decoding
* Partial decoding could read a few bytes beyond the end of the input
* Partial decoding returned an error with an empty output buffer
2019-07-15 12:21:59 -07:00