1/** 2 * This fuzz target performs a lz4 round-trip test (compress & decompress), 3 * compares the result with the original, and calls abort() on corruption. 4 */ 5 6#include <stddef.h> 7#include <stdint.h> 8#include <stdlib.h> 9#include <string.h> 10 11#include "fuzz_helpers.h" 12#include "fuzz_data_producer.h" 13#include "lz4.h" 14#include "lz4hc.h" 15 16int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 17{ 18 FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); 19 int const level = FUZZ_dataProducer_range32(producer, 20 LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX); 21 size = FUZZ_dataProducer_remainingBytes(producer); 22 23 size_t const dstCapacity = LZ4_compressBound(size); 24 char* const dst = (char*)malloc(dstCapacity); 25 char* const rt = (char*)malloc(size); 26 27 FUZZ_ASSERT(dst); 28 FUZZ_ASSERT(rt); 29 30 /* Compression must succeed and round trip correctly. */ 31 int const dstSize = LZ4_compress_HC((const char*)data, dst, size, 32 dstCapacity, level); 33 FUZZ_ASSERT(dstSize > 0); 34 35 int const rtSize = LZ4_decompress_safe(dst, rt, dstSize, size); 36 FUZZ_ASSERT_MSG(rtSize == size, "Incorrect size"); 37 FUZZ_ASSERT_MSG(!memcmp(data, rt, size), "Corruption!"); 38 39 free(dst); 40 free(rt); 41 FUZZ_dataProducer_free(producer); 42 43 return 0; 44} 45