summaryrefslogtreecommitdiff
path: root/neozip/test/fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'neozip/test/fuzz')
-rw-r--r--neozip/test/fuzz/CMakeLists.txt45
-rw-r--r--neozip/test/fuzz/fuzzer_checksum.c81
-rw-r--r--neozip/test/fuzz/fuzzer_compress.c82
-rw-r--r--neozip/test/fuzz/fuzzer_example_dict.c164
-rw-r--r--neozip/test/fuzz/fuzzer_example_flush.c119
-rw-r--r--neozip/test/fuzz/fuzzer_example_large.c137
-rw-r--r--neozip/test/fuzz/fuzzer_example_small.c118
-rw-r--r--neozip/test/fuzz/fuzzer_minigzip.c317
-rw-r--r--neozip/test/fuzz/standalone_fuzz_target_runner.c37
9 files changed, 1100 insertions, 0 deletions
diff --git a/neozip/test/fuzz/CMakeLists.txt b/neozip/test/fuzz/CMakeLists.txt
new file mode 100644
index 0000000000..a02f57d21b
--- /dev/null
+++ b/neozip/test/fuzz/CMakeLists.txt
@@ -0,0 +1,45 @@
+cmake_minimum_required(VERSION 3.14...4.2.1)
+
+if(CMAKE_C_COMPILER_ID MATCHES "Clang")
+ if(DEFINED ENV{LIB_FUZZING_ENGINE})
+ set(FUZZING_ENGINE $ENV{LIB_FUZZING_ENGINE})
+ set(FUZZING_ENGINE_FOUND ON)
+ else()
+ find_library(FUZZING_ENGINE "FuzzingEngine")
+ endif()
+endif()
+
+set(FUZZERS
+ fuzzer_checksum
+ fuzzer_compress
+ fuzzer_example_small
+ fuzzer_example_large
+ fuzzer_example_flush
+ fuzzer_example_dict
+ )
+
+if(WITH_GZFILEOP)
+ list(APPEND FUZZERS fuzzer_minigzip)
+endif()
+
+foreach(FUZZER ${FUZZERS})
+ add_executable(${FUZZER} ${FUZZER}.c)
+
+ if(NOT FUZZING_ENGINE_FOUND)
+ target_sources(${FUZZER} PRIVATE standalone_fuzz_target_runner.c)
+ endif()
+
+ if(NOT DEFINED BUILD_SHARED_LIBS)
+ target_link_libraries(${FUZZER} zlib-ng-static)
+ else()
+ target_link_libraries(${FUZZER} zlib-ng)
+ endif()
+
+ if(FUZZING_ENGINE_FOUND)
+ target_link_libraries(${FUZZER} ${FUZZING_ENGINE})
+ endif()
+
+ file(GLOB FUZZER_TEST_FILES ${PROJECT_SOURCE_DIR}/*)
+ set(FUZZER_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:${FUZZER}> ${FUZZER_TEST_FILES})
+ add_test(NAME ${FUZZER} COMMAND ${FUZZER_COMMAND})
+endforeach()
diff --git a/neozip/test/fuzz/fuzzer_checksum.c b/neozip/test/fuzz/fuzzer_checksum.c
new file mode 100644
index 0000000000..cedd284dbe
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_checksum.c
@@ -0,0 +1,81 @@
+#include <stdio.h>
+#include <assert.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataLen) {
+ uint32_t crc0 = PREFIX(crc32)(0L, NULL, 0);
+ uint32_t crc1 = crc0;
+ uint32_t crc2 = crc0;
+ uint32_t adler0 = PREFIX(adler32)(0L, NULL, 0);
+ uint32_t adler1 = adler0;
+ uint32_t adler2 = adler0;
+ uint32_t combine1, combine2;
+ /* Checksum with a buffer of size equal to the first byte in the input. */
+ uint32_t buffSize = data[0];
+ uint32_t offset = 0;
+ uint32_t op;
+
+ /* Discard inputs larger than 1Mb. */
+ static size_t kMaxSize = 1024 * 1024;
+ if (dataLen < 1 || dataLen > kMaxSize)
+ return 0;
+
+ /* Make sure the buffer has at least a byte. */
+ if (buffSize == 0)
+ ++buffSize;
+
+ /* CRC32 */
+ op = PREFIX(crc32_combine_gen)(buffSize);
+ for (offset = 0; offset + buffSize <= dataLen; offset += buffSize) {
+ uint32_t crc3 = PREFIX(crc32_z)(crc0, data + offset, buffSize);
+ uint32_t crc4 = PREFIX(crc32_combine_op)(crc1, crc3, op);
+ crc1 = PREFIX(crc32_z)(crc1, data + offset, buffSize);
+ assert(crc1 == crc4);
+ Z_UNUSED(crc1);
+ Z_UNUSED(crc4);
+ }
+ crc1 = PREFIX(crc32_z)(crc1, data + offset, dataLen % buffSize);
+
+ crc2 = PREFIX(crc32_z)(crc2, data, dataLen);
+
+ assert(crc1 == crc2);
+ Z_UNUSED(crc1);
+ Z_UNUSED(crc2);
+ combine1 = PREFIX(crc32_combine)(crc1, crc2, (z_off_t)dataLen);
+ combine2 = PREFIX(crc32_combine)(crc1, crc1, (z_off_t)dataLen);
+ assert(combine1 == combine2);
+
+ /* Fast CRC32 combine. */
+ op = PREFIX(crc32_combine_gen)((z_off_t)dataLen);
+ combine1 = PREFIX(crc32_combine_op)(crc1, crc2, op);
+ combine2 = PREFIX(crc32_combine_op)(crc2, crc1, op);
+ assert(combine1 == combine2);
+ combine1 = PREFIX(crc32_combine)(crc1, crc2, (z_off_t)dataLen);
+ combine2 = PREFIX(crc32_combine_op)(crc2, crc1, op);
+ assert(combine1 == combine2);
+
+ /* Adler32 */
+ for (offset = 0; offset + buffSize <= dataLen; offset += buffSize)
+ adler1 = PREFIX(adler32_z)(adler1, data + offset, buffSize);
+ adler1 = PREFIX(adler32_z)(adler1, data + offset, dataLen % buffSize);
+
+ adler2 = PREFIX(adler32_z)(adler2, data, dataLen);
+
+ assert(adler1 == adler2);
+ Z_UNUSED(adler1);
+ Z_UNUSED(adler2);
+ combine1 = PREFIX(adler32_combine)(adler1, adler2, (z_off_t)dataLen);
+ combine2 = PREFIX(adler32_combine)(adler1, adler1, (z_off_t)dataLen);
+ assert(combine1 == combine2);
+ Z_UNUSED(combine1);
+ Z_UNUSED(combine2);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_compress.c b/neozip/test/fuzz/fuzzer_compress.c
new file mode 100644
index 0000000000..2eca038234
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_compress.c
@@ -0,0 +1,82 @@
+#include <stdio.h>
+#include <assert.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+static const uint8_t *data;
+static size_t dataLen;
+
+static void check_compress_level(uint8_t *compr, z_uintmax_t comprLen,
+ uint8_t *uncompr, z_uintmax_t uncomprLen,
+ int level) {
+ PREFIX(compress2)(compr, &comprLen, data, dataLen, level);
+ PREFIX(uncompress)(uncompr, &uncomprLen, compr, comprLen);
+
+ /* Make sure compress + uncompress gives back the input data. */
+ assert(dataLen == uncomprLen);
+ assert(0 == memcmp(data, uncompr, dataLen));
+}
+
+#define put_byte(s, i, c) {s[i] = (unsigned char)(c);}
+
+static void write_zlib_header(uint8_t *s) {
+ unsigned level_flags = 0; /* compression level (0..3) */
+ unsigned w_bits = 8; /* window size log2(w_size) (8..16) */
+ unsigned int header = (Z_DEFLATED + ((w_bits-8)<<4)) << 8;
+ header |= (level_flags << 6);
+
+ header += 31 - (header % 31);
+
+ /* s is guaranteed to be longer than 2 bytes. */
+ put_byte(s, 0, (header >> 8));
+ put_byte(s, 1, (header & 0xff));
+}
+
+static void check_decompress(uint8_t *compr, z_uintmax_t comprLen) {
+ /* We need to write a valid zlib header of size two bytes. Copy the input data
+ in a larger buffer. Do not modify the input data to avoid libFuzzer error:
+ fuzz target overwrites its const input. */
+ size_t copyLen = dataLen + 2;
+ uint8_t *copy = (uint8_t *)malloc(copyLen);
+ memcpy(copy + 2, data, dataLen);
+ write_zlib_header(copy);
+
+ PREFIX(uncompress)(compr, &comprLen, copy, (z_uintmax_t)copyLen);
+ free(copy);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
+ /* compressBound does not provide enough space for low compression levels. */
+ z_size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
+ z_size_t uncomprLen = (z_size_t)size;
+ uint8_t *compr, *uncompr;
+
+ /* Discard inputs larger than 1Mb. */
+ static size_t kMaxSize = 1024 * 1024;
+
+ if (size < 1 || size > kMaxSize)
+ return 0;
+
+ data = d;
+ dataLen = size;
+ compr = (uint8_t *)calloc(1, comprLen);
+ uncompr = (uint8_t *)calloc(1, uncomprLen);
+
+ check_compress_level(compr, comprLen, uncompr, uncomprLen, 1);
+ check_compress_level(compr, comprLen, uncompr, uncomprLen, 3);
+ check_compress_level(compr, comprLen, uncompr, uncomprLen, 6);
+ check_compress_level(compr, comprLen, uncompr, uncomprLen, 7);
+
+ check_decompress(compr, comprLen);
+
+ free(compr);
+ free(uncompr);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_example_dict.c b/neozip/test/fuzz/fuzzer_example_dict.c
new file mode 100644
index 0000000000..053a3e101a
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_example_dict.c
@@ -0,0 +1,164 @@
+#include <stdio.h>
+#include <assert.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+ if (err != Z_OK) { \
+ fprintf(stderr, "%s error: %d\n", msg, err); \
+ exit(1); \
+ } \
+}
+
+static const uint8_t *data;
+static size_t dataLen;
+static alloc_func zalloc = NULL;
+static free_func zfree = NULL;
+static unsigned int dictionaryLen = 0;
+static unsigned long dictId; /* Adler32 value of the dictionary */
+
+/* ===========================================================================
+ * Test deflate() with preset dictionary
+ */
+void test_dict_deflate(unsigned char **compr, size_t *comprLen) {
+ PREFIX3(stream) c_stream; /* compression stream */
+ int err;
+ int level = data[0] % 11 - 1; /* [-1..9]
+ compression levels
+ #define Z_NO_COMPRESSION 0
+ #define Z_BEST_SPEED 1
+ #define Z_BEST_COMPRESSION 9
+ #define Z_DEFAULT_COMPRESSION (-1) */
+
+ int method = Z_DEFLATED; /* The deflate compression method (the only one
+ supported in this version) */
+ int windowBits = 8 + data[(dataLen > 1) ? 1:0] % 8; /* The windowBits parameter is the base
+ two logarithm of the window size (the size of the history buffer). It
+ should be in the range 8..15 for this version of the library. */
+ int memLevel = 1 + data[(dataLen > 2) ? 2:0] % 9; /* memLevel=1 uses minimum memory but is
+ slow and reduces compression ratio; memLevel=9 uses maximum memory for
+ optimal speed. */
+ int strategy = data[(dataLen > 3) ? 3:0] % 5; /* [0..4]
+ #define Z_FILTERED 1
+ #define Z_HUFFMAN_ONLY 2
+ #define Z_RLE 3
+ #define Z_FIXED 4
+ #define Z_DEFAULT_STRATEGY 0 */
+
+ /* deflate would fail for no-compression or for speed levels. */
+ if (level == 0 || level == 1)
+ level = -1;
+
+ c_stream.zalloc = zalloc;
+ c_stream.zfree = zfree;
+ c_stream.opaque = (void *)0;
+
+ err = PREFIX(deflateInit2)(&c_stream, level, method, windowBits, memLevel,
+ strategy);
+ CHECK_ERR(err, "deflateInit");
+
+ err = PREFIX(deflateSetDictionary)(
+ &c_stream, (const unsigned char *)data, dictionaryLen);
+ CHECK_ERR(err, "deflateSetDictionary");
+
+ /* deflateBound does not provide enough space for low compression levels. */
+ *comprLen = 100 + 2 * PREFIX(deflateBound)(&c_stream, (unsigned long)dataLen);
+ *compr = (uint8_t *)calloc(1, *comprLen);
+
+ dictId = c_stream.adler;
+ c_stream.next_out = *compr;
+ c_stream.avail_out = (unsigned int)(*comprLen);
+
+ c_stream.next_in = (z_const unsigned char *)data;
+ c_stream.avail_in = (uint32_t)dataLen;
+
+ err = PREFIX(deflate)(&c_stream, Z_FINISH);
+ if (err != Z_STREAM_END) {
+ fprintf(stderr, "deflate dict should report Z_STREAM_END\n");
+ exit(1);
+ }
+ err = PREFIX(deflateEnd)(&c_stream);
+ CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with a preset dictionary
+ */
+void test_dict_inflate(unsigned char *compr, size_t comprLen) {
+ int err;
+ PREFIX3(stream) d_stream; /* decompression stream */
+ unsigned char *uncompr;
+
+ d_stream.zalloc = zalloc;
+ d_stream.zfree = zfree;
+ d_stream.opaque = (void *)0;
+
+ d_stream.next_in = compr;
+ d_stream.avail_in = (unsigned int)comprLen;
+
+ err = PREFIX(inflateInit)(&d_stream);
+ CHECK_ERR(err, "inflateInit");
+
+ uncompr = (uint8_t *)calloc(1, dataLen);
+ d_stream.next_out = uncompr;
+ d_stream.avail_out = (unsigned int)dataLen;
+
+ for (;;) {
+ err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
+ if (err == Z_STREAM_END)
+ break;
+ if (err == Z_NEED_DICT) {
+ if (d_stream.adler != dictId) {
+ fprintf(stderr, "unexpected dictionary");
+ exit(1);
+ }
+ err = PREFIX(inflateSetDictionary)(
+ &d_stream, (const unsigned char *)data, dictionaryLen);
+ }
+ CHECK_ERR(err, "inflate with dict");
+ }
+
+ err = PREFIX(inflateEnd)(&d_stream);
+ CHECK_ERR(err, "inflateEnd");
+
+ if (memcmp(uncompr, data, dataLen)) {
+ fprintf(stderr, "bad inflate with dict\n");
+ exit(1);
+ }
+
+ free(uncompr);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
+ size_t comprLen = 0;
+ uint8_t *compr;
+
+ /* Discard inputs larger than 100Kb. */
+ static size_t kMaxSize = 100 * 1024;
+
+ if (size < 1 || size > kMaxSize)
+ return 0;
+
+ data = d;
+ dataLen = size;
+
+ /* Set up the contents of the dictionary. The size of the dictionary is
+ intentionally selected to be of unusual size. To help cover more corner
+ cases, the size of the dictionary is read from the input data. */
+ dictionaryLen = data[0];
+ if (dictionaryLen > dataLen)
+ dictionaryLen = (unsigned int)dataLen;
+
+ test_dict_deflate(&compr, &comprLen);
+ test_dict_inflate(compr, comprLen);
+
+ free(compr);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_example_flush.c b/neozip/test/fuzz/fuzzer_example_flush.c
new file mode 100644
index 0000000000..baa6988e36
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_example_flush.c
@@ -0,0 +1,119 @@
+#include <stdio.h>
+#include <assert.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+ if (err != Z_OK) { \
+ fprintf(stderr, "%s error: %d\n", msg, err); \
+ exit(1); \
+ } \
+}
+
+static const uint8_t *data;
+static size_t dataLen;
+static alloc_func zalloc = NULL;
+static free_func zfree = NULL;
+
+/* ===========================================================================
+ * Test deflate() with full flush
+ */
+void test_flush(unsigned char *compr, z_size_t *comprLen) {
+ PREFIX3(stream) c_stream; /* compression stream */
+ int err;
+ unsigned int len = (unsigned int)dataLen;
+
+ c_stream.zalloc = zalloc;
+ c_stream.zfree = zfree;
+ c_stream.opaque = (void *)0;
+
+ err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
+ CHECK_ERR(err, "deflateInit");
+
+ c_stream.next_in = (z_const unsigned char *)data;
+ c_stream.next_out = compr;
+ c_stream.avail_in = 3;
+ c_stream.avail_out = (unsigned int)*comprLen;
+ err = PREFIX(deflate)(&c_stream, Z_FULL_FLUSH);
+ CHECK_ERR(err, "deflate flush 1");
+
+ compr[3]++; /* force an error in first compressed block */
+ c_stream.avail_in = len - 3;
+
+ err = PREFIX(deflate)(&c_stream, Z_FINISH);
+ if (err != Z_STREAM_END) {
+ CHECK_ERR(err, "deflate flush 2");
+ }
+ err = PREFIX(deflateEnd)(&c_stream);
+ CHECK_ERR(err, "deflateEnd");
+
+ *comprLen = (z_size_t)c_stream.total_out;
+}
+
+/* ===========================================================================
+ * Test inflateSync()
+ */
+void test_sync(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen) {
+ int err;
+ PREFIX3(stream) d_stream; /* decompression stream */
+
+ d_stream.zalloc = zalloc;
+ d_stream.zfree = zfree;
+ d_stream.opaque = (void *)0;
+
+ d_stream.next_in = compr;
+ d_stream.avail_in = 2; /* just read the zlib header */
+
+ err = PREFIX(inflateInit)(&d_stream);
+ CHECK_ERR(err, "inflateInit");
+
+ d_stream.next_out = uncompr;
+ d_stream.avail_out = (unsigned int)uncomprLen;
+
+ err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
+ CHECK_ERR(err, "inflate");
+
+ d_stream.avail_in = (unsigned int)comprLen - 2; /* read all compressed data */
+ err = PREFIX(inflateSync)(&d_stream); /* but skip the damaged part */
+ CHECK_ERR(err, "inflateSync");
+
+ err = PREFIX(inflate)(&d_stream, Z_FINISH);
+ if (err != Z_STREAM_END) {
+ fprintf(stderr, "inflate should report Z_STREAM_END\n");
+ exit(1);
+ }
+ err = PREFIX(inflateEnd)(&d_stream);
+ CHECK_ERR(err, "inflateEnd");
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
+ z_size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
+ z_size_t uncomprLen = (z_size_t)size;
+ uint8_t *compr, *uncompr;
+
+ /* Discard inputs larger than 1Mb. */
+ static size_t kMaxSize = 1024 * 1024;
+
+ // This test requires at least 3 bytes of input data.
+ if (size <= 3 || size > kMaxSize)
+ return 0;
+
+ data = d;
+ dataLen = size;
+ compr = (uint8_t *)calloc(1, comprLen);
+ uncompr = (uint8_t *)calloc(1, uncomprLen);
+
+ test_flush(compr, &comprLen);
+ test_sync(compr, comprLen, uncompr, uncomprLen);
+
+ free(compr);
+ free(uncompr);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_example_large.c b/neozip/test/fuzz/fuzzer_example_large.c
new file mode 100644
index 0000000000..4114597218
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_example_large.c
@@ -0,0 +1,137 @@
+#include <stdio.h>
+#include <assert.h>
+#include <inttypes.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+ if (err != Z_OK) { \
+ fprintf(stderr, "%s error: %d\n", msg, err); \
+ exit(1); \
+ } \
+}
+
+static const uint8_t *data;
+static size_t dataLen;
+static alloc_func zalloc = NULL;
+static free_func zfree = NULL;
+static unsigned int diff;
+
+/* ===========================================================================
+ * Test deflate() with large buffers and dynamic change of compression level
+ */
+void test_large_deflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen) {
+ PREFIX3(stream) c_stream; /* compression stream */
+ int err;
+
+ c_stream.zalloc = zalloc;
+ c_stream.zfree = zfree;
+ c_stream.opaque = (void *)0;
+
+ err = PREFIX(deflateInit)(&c_stream, Z_BEST_COMPRESSION);
+ CHECK_ERR(err, "deflateInit");
+
+ c_stream.next_out = compr;
+ c_stream.avail_out = (unsigned int)comprLen;
+
+ /* At this point, uncompr is still mostly zeroes, so it should compress
+ * very well:
+ */
+ c_stream.next_in = uncompr;
+ c_stream.avail_in = (unsigned int)uncomprLen;
+ err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
+ CHECK_ERR(err, "deflate large 1");
+ if (c_stream.avail_in != 0) {
+ fprintf(stderr, "deflate not greedy\n");
+ exit(1);
+ }
+
+ /* Feed in already compressed data and switch to no compression: */
+ PREFIX(deflateParams)(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
+ c_stream.next_in = compr;
+ diff = (unsigned int)(c_stream.next_out - compr);
+ c_stream.avail_in = diff;
+ err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
+ CHECK_ERR(err, "deflate large 2");
+
+ /* Switch back to compressing mode: */
+ PREFIX(deflateParams)(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
+ c_stream.next_in = uncompr;
+ c_stream.avail_in = (unsigned int)uncomprLen;
+ err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
+ CHECK_ERR(err, "deflate large 3");
+
+ err = PREFIX(deflate)(&c_stream, Z_FINISH);
+ if (err != Z_STREAM_END) {
+ fprintf(stderr, "deflate large should report Z_STREAM_END\n");
+ exit(1);
+ }
+ err = PREFIX(deflateEnd)(&c_stream);
+ CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with large buffers
+ */
+void test_large_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen) {
+ int err;
+ PREFIX3(stream) d_stream; /* decompression stream */
+
+ d_stream.zalloc = zalloc;
+ d_stream.zfree = zfree;
+ d_stream.opaque = (void *)0;
+
+ d_stream.next_in = compr;
+ d_stream.avail_in = (unsigned int)comprLen;
+
+ err = PREFIX(inflateInit)(&d_stream);
+ CHECK_ERR(err, "inflateInit");
+
+ for (;;) {
+ d_stream.next_out = uncompr; /* discard the output */
+ d_stream.avail_out = (unsigned int)uncomprLen;
+ err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
+ if (err == Z_STREAM_END)
+ break;
+ CHECK_ERR(err, "large inflate");
+ }
+
+ err = PREFIX(inflateEnd)(&d_stream);
+ CHECK_ERR(err, "inflateEnd");
+
+ if (d_stream.total_out != 2 * uncomprLen + diff) {
+ fprintf(stderr, "bad large inflate: %" PRIu64 "\n", (uint64_t)d_stream.total_out);
+ exit(1);
+ }
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
+ size_t comprLen = 100 + 3 * size;
+ size_t uncomprLen = comprLen;
+ uint8_t *compr, *uncompr;
+
+ /* Discard inputs larger than 512Kb. */
+ static size_t kMaxSize = 512 * 1024;
+
+ if (size < 1 || size > kMaxSize)
+ return 0;
+
+ data = d;
+ dataLen = size;
+ compr = (uint8_t *)calloc(1, comprLen);
+ uncompr = (uint8_t *)calloc(1, uncomprLen);
+
+ test_large_deflate(compr, comprLen, uncompr, uncomprLen);
+ test_large_inflate(compr, comprLen, uncompr, uncomprLen);
+
+ free(compr);
+ free(uncompr);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_example_small.c b/neozip/test/fuzz/fuzzer_example_small.c
new file mode 100644
index 0000000000..e59c720835
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_example_small.c
@@ -0,0 +1,118 @@
+#include <stdio.h>
+#include <assert.h>
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+#define CHECK_ERR(err, msg) { \
+ if (err != Z_OK) { \
+ fprintf(stderr, "%s error: %d\n", msg, err); \
+ exit(1); \
+ } \
+}
+
+static const uint8_t *data;
+static size_t dataLen;
+static alloc_func zalloc = NULL;
+static free_func zfree = NULL;
+
+/* ===========================================================================
+ * Test deflate() with small buffers
+ */
+void test_deflate(unsigned char *compr, size_t comprLen) {
+ PREFIX3(stream) c_stream; /* compression stream */
+ int err;
+ unsigned long len = (unsigned long)dataLen;
+
+ c_stream.zalloc = zalloc;
+ c_stream.zfree = zfree;
+ c_stream.opaque = (void *)0;
+
+ err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
+ CHECK_ERR(err, "deflateInit");
+
+ c_stream.next_in = (z_const unsigned char *)data;
+ c_stream.next_out = compr;
+
+ while (c_stream.total_in != len && c_stream.total_out < comprLen) {
+ c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
+ err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
+ CHECK_ERR(err, "deflate small 1");
+ }
+ /* Finish the stream, still forcing small buffers: */
+ for (;;) {
+ c_stream.avail_out = 1;
+ err = PREFIX(deflate)(&c_stream, Z_FINISH);
+ if (err == Z_STREAM_END)
+ break;
+ CHECK_ERR(err, "deflate small 2");
+ }
+
+ err = PREFIX(deflateEnd)(&c_stream);
+ CHECK_ERR(err, "deflateEnd");
+}
+
+/* ===========================================================================
+ * Test inflate() with small buffers
+ */
+void test_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen) {
+ int err;
+ PREFIX3(stream) d_stream; /* decompression stream */
+
+ d_stream.zalloc = zalloc;
+ d_stream.zfree = zfree;
+ d_stream.opaque = (void *)0;
+
+ d_stream.next_in = compr;
+ d_stream.avail_in = 0;
+ d_stream.next_out = uncompr;
+
+ err = PREFIX(inflateInit)(&d_stream);
+ CHECK_ERR(err, "inflateInit");
+
+ while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
+ d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
+ err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
+ if (err == Z_STREAM_END)
+ break;
+ CHECK_ERR(err, "inflate");
+ }
+
+ err = PREFIX(inflateEnd)(&d_stream);
+ CHECK_ERR(err, "inflateEnd");
+
+ if (memcmp(uncompr, data, dataLen)) {
+ fprintf(stderr, "bad inflate\n");
+ exit(1);
+ }
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
+ size_t comprLen = PREFIX(compressBound)(size);
+ size_t uncomprLen = size;
+ uint8_t *compr, *uncompr;
+
+ /* Discard inputs larger than 1Mb. */
+ static size_t kMaxSize = 1024 * 1024;
+
+ if (size < 1 || size > kMaxSize)
+ return 0;
+
+ data = d;
+ dataLen = size;
+ compr = (uint8_t *)calloc(1, comprLen);
+ uncompr = (uint8_t *)calloc(1, uncomprLen);
+
+ test_deflate(compr, comprLen);
+ test_inflate(compr, comprLen, uncompr, uncomprLen);
+
+ free(compr);
+ free(uncompr);
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/fuzzer_minigzip.c b/neozip/test/fuzz/fuzzer_minigzip.c
new file mode 100644
index 0000000000..3f58f4a299
--- /dev/null
+++ b/neozip/test/fuzz/fuzzer_minigzip.c
@@ -0,0 +1,317 @@
+/* minigzip.c -- simulate gzip using the zlib compression library
+ * Copyright (C) 1995-2006, 2010, 2011, 2016 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * minigzip is a minimal implementation of the gzip utility. This is
+ * only an example of using zlib and isn't meant to replace the
+ * full-featured gzip. No attempt is made to deal with file systems
+ * limiting names to 14 or 8+3 characters, etc... Error checking is
+ * very limited. So use minigzip only for testing; use gzip for the
+ * real thing.
+ */
+
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+#include <stdio.h>
+#include <assert.h>
+
+#ifdef USE_MMAP
+# include <sys/types.h>
+# include <sys/mman.h>
+# include <sys/stat.h>
+#endif
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+# include <fcntl.h>
+# include <io.h>
+# define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
+#else
+# define SET_BINARY_MODE(file)
+#endif
+
+#if defined(_MSC_VER) && _MSC_VER < 1900
+# define snprintf _snprintf
+#endif
+
+#if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE)
+#ifndef _WIN32 /* unlink already in stdio.h for Win32 */
+extern int unlink (const char *);
+#endif
+#endif
+
+#ifndef GZ_SUFFIX
+# define GZ_SUFFIX ".gz"
+#endif
+#define SUFFIX_LEN (sizeof(GZ_SUFFIX)-1)
+
+#define BUFLEN 16384 /* read buffer size */
+#define BUFLENW (BUFLEN * 3) /* write buffer size */
+#define MAX_NAME_LEN 1024
+
+static const char *prog = "minigzip_fuzzer";
+
+/* ===========================================================================
+ * Display error message and exit
+ */
+static void error(const char *msg) {
+ fprintf(stderr, "%s: %s\n", prog, msg);
+ exit(1);
+}
+
+#ifdef USE_MMAP /* MMAP version, Miguel Albrecht <malbrech@eso.org> */
+/* ===========================================================================
+ * Try compressing the input file at once using mmap. Return Z_OK if
+ * success, Z_ERRNO otherwise.
+ */
+static int gz_compress_mmap(FILE *in, gzFile out) {
+ int err;
+ int ifd = fileno(in);
+ void *buf; /* mmap'ed buffer for the entire input file */
+ size_t buf_len; /* length of the input file */
+ size_t len;
+ struct stat sb;
+
+ /* Determine the size of the file, needed for mmap: */
+ if (fstat(ifd, &sb) < 0) return Z_ERRNO;
+ /* Check size_t overflow */
+ if (sb.st_size <= 0 || sb.st_size > PTRDIFF_MAX) return Z_ERRNO;
+ buf_len = (size_t)sb.st_size;
+
+ /* Now do the actual mmap: */
+ buf = mmap(NULL, buf_len, PROT_READ, MAP_SHARED, ifd, (off_t)0);
+ if (buf == MAP_FAILED) return Z_ERRNO;
+
+ /* Compress the whole file at once: */
+ len = PREFIX(gzfwrite)(buf, 1, buf_len, out);
+
+ if (len != buf_len) error(PREFIX(gzerror)(out, &err));
+
+ munmap(buf, buf_len);
+ fclose(in);
+ if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
+ return Z_OK;
+}
+#endif /* USE_MMAP */
+
+/* ===========================================================================
+ * Compress input to output then close both files.
+ */
+
+static void gz_compress(FILE *in, gzFile out) {
+ char buf[BUFLEN];
+ int len;
+ int err;
+
+#ifdef USE_MMAP
+ /* Try first compressing with mmap. If mmap fails (minigzip used in a
+ * pipe), use the normal fread loop.
+ */
+ if (gz_compress_mmap(in, out) == Z_OK) return;
+#endif
+ /* Clear out the contents of buf before reading from the file to avoid
+ MemorySanitizer: use-of-uninitialized-value warnings. */
+ memset(buf, 0, sizeof(buf));
+ for (;;) {
+ len = (int)fread(buf, 1, sizeof(buf), in);
+ if (ferror(in)) {
+ perror("fread");
+ exit(1);
+ }
+ if (len == 0) break;
+
+ if (PREFIX(gzwrite)(out, buf, (unsigned)len) != len) error(PREFIX(gzerror)(out, &err));
+ }
+ fclose(in);
+ if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
+}
+
+/* ===========================================================================
+ * Uncompress input to output then close both files.
+ */
+static void gz_uncompress(gzFile in, FILE *out) {
+ char buf[BUFLENW];
+ int len;
+ int err;
+
+ for (;;) {
+ len = PREFIX(gzread)(in, buf, sizeof(buf));
+ if (len < 0) error (PREFIX(gzerror)(in, &err));
+ if (len == 0) break;
+
+ if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
+ error("failed fwrite");
+ }
+ }
+ if (fclose(out)) error("failed fclose");
+
+ if (PREFIX(gzclose)(in) != Z_OK) error("failed gzclose");
+}
+
+
+/* ===========================================================================
+ * Compress the given file: create a corresponding .gz file and remove the
+ * original.
+ */
+static void file_compress(char *file, char *mode) {
+ char outfile[MAX_NAME_LEN];
+ FILE *in;
+ gzFile out;
+
+ if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
+ fprintf(stderr, "%s: filename too long\n", prog);
+ exit(1);
+ }
+
+ snprintf(outfile, sizeof(outfile), "%s%s", file, GZ_SUFFIX);
+
+ in = fopen(file, "rb");
+ if (in == NULL) {
+ perror(file);
+ exit(1);
+ }
+ out = PREFIX(gzopen)(outfile, mode);
+ if (out == NULL) {
+ fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
+ exit(1);
+ }
+ gz_compress(in, out);
+
+ unlink(file);
+}
+
+/* ===========================================================================
+ * Uncompress the given file and remove the original.
+ */
+static void file_uncompress(char *file) {
+ char buf[MAX_NAME_LEN];
+ char *infile, *outfile;
+ FILE *out;
+ gzFile in;
+ size_t len = strlen(file);
+
+ if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
+ fprintf(stderr, "%s: filename too long\n", prog);
+ exit(1);
+ }
+
+ snprintf(buf, sizeof(buf), "%s", file);
+
+ if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
+ infile = file;
+ outfile = buf;
+ outfile[len-3] = '\0';
+ } else {
+ outfile = file;
+ infile = buf;
+ snprintf(buf + len, sizeof(buf) - len, "%s", GZ_SUFFIX);
+ }
+ in = PREFIX(gzopen)(infile, "rb");
+ if (in == NULL) {
+ fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
+ exit(1);
+ }
+ out = fopen(outfile, "wb");
+ if (out == NULL) {
+ perror(file);
+ exit(1);
+ }
+
+ gz_uncompress(in, out);
+
+ unlink(infile);
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataLen) {
+ char *inFileName = "minigzip_fuzzer.out";
+ char *outFileName = "minigzip_fuzzer.out.gz";
+ char outmode[20];
+ FILE *in;
+ char buf[BUFLEN];
+ uint32_t offset = 0;
+
+ /* Discard inputs larger than 1Mb. */
+ static size_t kMaxSize = 1024 * 1024;
+ if (dataLen < 1 || dataLen > kMaxSize)
+ return 0;
+
+ in = fopen(inFileName, "wb");
+ if (fwrite(data, 1, (unsigned)dataLen, in) != dataLen)
+ error("failed fwrite");
+ if (fclose(in))
+ error("failed fclose");
+
+ memset(outmode, 0, sizeof(outmode));
+ snprintf(outmode, sizeof(outmode), "%s", "wb");
+
+ /* Compression level: [0..9]. */
+ outmode[2] = '0' + (data[0] % 10);
+
+ switch (data[dataLen-1] % 6) {
+ default:
+ case 0:
+ outmode[3] = 0;
+ break;
+ case 1:
+ /* compress with Z_FILTERED */
+ outmode[3] = 'f';
+ break;
+ case 2:
+ /* compress with Z_HUFFMAN_ONLY */
+ outmode[3] = 'h';
+ break;
+ case 3:
+ /* compress with Z_RLE */
+ outmode[3] = 'R';
+ break;
+ case 4:
+ /* compress with Z_FIXED */
+ outmode[3] = 'F';
+ break;
+ case 5:
+ /* direct */
+ outmode[3] = 'T';
+ break;
+ }
+
+ file_compress(inFileName, outmode);
+
+ /* gzopen does not support reading in direct mode */
+ if (outmode[3] == 'T')
+ inFileName = outFileName;
+ else
+ file_uncompress(outFileName);
+
+ /* Check that the uncompressed file matches the input data. */
+ in = fopen(inFileName, "rb");
+ if (in == NULL) {
+ perror(inFileName);
+ exit(1);
+ }
+
+ memset(buf, 0, sizeof(buf));
+ for (;;) {
+ int len = (int)fread(buf, 1, sizeof(buf), in);
+ if (ferror(in)) {
+ perror("fread");
+ exit(1);
+ }
+ if (len == 0)
+ break;
+ int c = memcmp(data + offset, buf, len);
+ assert(0 == c);
+ Z_UNUSED(c); // in Release build, assert() is a no-op.
+ offset += len;
+ }
+
+ if (fclose(in))
+ error("failed fclose");
+
+ /* This function must return 0. */
+ return 0;
+}
diff --git a/neozip/test/fuzz/standalone_fuzz_target_runner.c b/neozip/test/fuzz/standalone_fuzz_target_runner.c
new file mode 100644
index 0000000000..810a56072f
--- /dev/null
+++ b/neozip/test/fuzz/standalone_fuzz_target_runner.c
@@ -0,0 +1,37 @@
+#include <assert.h>
+#include <stdio.h>
+
+#include "zbuild.h"
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+
+int main(int argc, char **argv) {
+ int i;
+ fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
+
+ for (i = 1; i < argc; i++) {
+ size_t len, n_read, err;
+ unsigned char *buf;
+ FILE *f = fopen(argv[i], "rb+");
+ if (!f) {
+ /* Failed to open this file: it may be a directory. */
+ fprintf(stderr, "Skipping: %s\n", argv[i]);
+ continue;
+ }
+ fprintf(stderr, "Running: %s %s\n", argv[0], argv[i]);
+ fseek(f, 0, SEEK_END);
+ len = ftell(f);
+ fseek(f, 0, SEEK_SET);
+ buf = (unsigned char *)malloc(len);
+ n_read = fread(buf, 1, len, f);
+ assert(n_read == len);
+ LLVMFuzzerTestOneInput(buf, len);
+ free(buf);
+ err = fclose(f);
+ assert(err == 0);
+ Z_UNUSED(err);
+ fprintf(stderr, "Done: %s: (%d bytes)\n", argv[i], (int)n_read);
+ }
+
+ return 0;
+}
generated by cgit 0.0.5-2-1-g0f52 (git 2.46.0) at 2026-04-05 18:22:27 +0000