diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-15 09:41:35 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-15 09:41:35 +0000 |
| commit | 2ed1dcfa30b3967f7d6df74fba78ce23ed065497 (patch) | |
| tree | 8ff5a74b07bf976cd88df2460e1c9cafb27f050a /tests/ossfuzz/fuzz_decode_stream.c | |
| parent | Releasing progress-linux version 5.6.1+really5.4.5-1~progress7.99u1. (diff) | |
| download | xz-utils-2ed1dcfa30b3967f7d6df74fba78ce23ed065497.tar.xz xz-utils-2ed1dcfa30b3967f7d6df74fba78ce23ed065497.zip | |
Merging upstream version 5.6.2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/ossfuzz/fuzz_decode_stream.c')
| -rw-r--r-- | tests/ossfuzz/fuzz_decode_stream.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/tests/ossfuzz/fuzz_decode_stream.c b/tests/ossfuzz/fuzz_decode_stream.c new file mode 100644 index 0000000..d786061 --- /dev/null +++ b/tests/ossfuzz/fuzz_decode_stream.c @@ -0,0 +1,53 @@ +// SPDX-License-Identifier: 0BSD + +/////////////////////////////////////////////////////////////////////////////// +// +/// \file fuzz_decode_stream.c +/// \brief Fuzz test program for single threaded .xz decoding +// +// Authors: Lasse Collin +// Maksym Vatsyk +// +/////////////////////////////////////////////////////////////////////////////// + +#include <inttypes.h> +#include <stdlib.h> +#include <stdio.h> +#include "lzma.h" +#include "fuzz_common.h" + + +extern int +LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size) +{ + lzma_stream strm = LZMA_STREAM_INIT; + // Initialize a .xz decoder using the memory usage limit + // defined in fuzz_common.h + // + // Enable support for concatenated .xz files which is used when + // decompressing regular .xz files (instead of data embedded inside + // some other file format). Integrity checks on the uncompressed + // data are ignored to make fuzzing more effective (incorrect check + // values won't prevent the decoder from processing more input). + // + // The flag LZMA_IGNORE_CHECK doesn't disable verification of + // header CRC32 values. Those checks are disabled when liblzma is + // built with the #define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. + lzma_ret ret = lzma_stream_decoder(&strm, MEM_LIMIT, + LZMA_CONCATENATED | LZMA_IGNORE_CHECK); + + if (ret != LZMA_OK) { + // This should never happen unless the system has + // no free memory or address space to allow the small + // allocations that the initialization requires. + fprintf(stderr, "lzma_stream_decoder() failed (%d)\n", ret); + abort(); + } + + fuzz_code(&strm, inbuf, inbuf_size); + + // Free the allocated memory. + lzma_end(&strm); + + return 0; +} |