[pcsx_rearmed.git] / deps / libchdr / deps / zstd-1.5.5 / tests / fuzz / dictionary_stream_round_trip.c

/*
 * Copyright (c) Meta Platforms, Inc. and affiliates.
 * All rights reserved.
 *
 * This source code is licensed under both the BSD-style license (found in the
 * LICENSE file in the root directory of this source tree) and the GPLv2 (found
 * in the COPYING file in the root directory of this source tree).
 * You may select, at your option, one of the above-listed licenses.
 */

/**
 * This fuzz target performs a zstd round-trip test (compress & decompress),
 * compares the result with the original, and calls abort() on corruption.
 */

#define ZSTD_STATIC_LINKING_ONLY

#include <stddef.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include "fuzz_helpers.h"
#include "zstd_helpers.h"
#include "fuzz_data_producer.h"
#include "fuzz_third_party_seq_prod.h"

ZSTD_CCtx *cctx = NULL;
static ZSTD_DCtx *dctx = NULL;
static uint8_t* cBuf = NULL;
static uint8_t* rBuf = NULL;
static size_t bufSize = 0;

static ZSTD_outBuffer makeOutBuffer(uint8_t *dst, size_t capacity,
                                    FUZZ_dataProducer_t *producer)
{
    ZSTD_outBuffer buffer = { dst, 0, 0 };

    FUZZ_ASSERT(capacity > 0);
    buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, capacity));
    FUZZ_ASSERT(buffer.size <= capacity);

    return buffer;
}

static ZSTD_inBuffer makeInBuffer(const uint8_t **src, size_t *size,
                                  FUZZ_dataProducer_t *producer)
{
    ZSTD_inBuffer buffer = { *src, 0, 0 };

    FUZZ_ASSERT(*size > 0);
    buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, *size));
    FUZZ_ASSERT(buffer.size <= *size);
    *src += buffer.size;
    *size -= buffer.size;

    return buffer;
}

static size_t compress(uint8_t *dst, size_t capacity,
                        const uint8_t *src, size_t srcSize,
                        const uint8_t* dict, size_t dictSize,
                        FUZZ_dataProducer_t *producer, int refPrefix,
                        ZSTD_dictContentType_e dictContentType)
{
    size_t dstSize = 0;
    ZSTD_CCtx_reset(cctx, ZSTD_reset_session_only);
    FUZZ_setRandomParameters(cctx, srcSize, producer);

    /* Disable checksum so we can use sizes smaller than compress bound. */
    FUZZ_ZASSERT(ZSTD_CCtx_setParameter(cctx, ZSTD_c_checksumFlag, 0));
    if (refPrefix)
        FUZZ_ZASSERT(ZSTD_CCtx_refPrefix_advanced(
            cctx, dict, dictSize,
            dictContentType));
    else
        FUZZ_ZASSERT(ZSTD_CCtx_loadDictionary_advanced(
            cctx, dict, dictSize,
            (ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
            dictContentType));

    while (srcSize > 0) {
        ZSTD_inBuffer in = makeInBuffer(&src, &srcSize, producer);
        /* Mode controls the action. If mode == -1 we pick a new mode */
        int mode = -1;
        while (in.pos < in.size || mode != -1) {
            ZSTD_outBuffer out = makeOutBuffer(dst, capacity, producer);
            /* Previous action finished, pick a new mode. */
            if (mode == -1) mode = FUZZ_dataProducer_uint32Range(producer, 0, 9);
            switch (mode) {
                case 0: /* fall-through */
                case 1: /* fall-through */
                case 2: {
                    size_t const ret =
                        ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_flush);
                    FUZZ_ZASSERT(ret);
                    if (ret == 0)
                        mode = -1;
                    break;
                }
                case 3: {
                    size_t ret =
                        ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_end);
                    FUZZ_ZASSERT(ret);
                    /* Reset the compressor when the frame is finished */
                    if (ret == 0) {
                        ZSTD_CCtx_reset(cctx, ZSTD_reset_session_only);
                        if (FUZZ_dataProducer_uint32Range(producer, 0, 7) == 0) {
                            size_t const remaining = in.size - in.pos;
                            FUZZ_setRandomParameters(cctx, remaining, producer);
                        }
                        mode = -1;
                    }
                    break;
                }
                case 4: {
                    ZSTD_inBuffer nullIn = { NULL, 0, 0 };
                    ZSTD_outBuffer nullOut = { NULL, 0, 0 };
                    size_t const ret = ZSTD_compressStream2(cctx, &nullOut, &nullIn, ZSTD_e_continue);
                    FUZZ_ZASSERT(ret);
                }
                /* fall-through */
                default: {
                    size_t const ret =
                        ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_continue);
                    FUZZ_ZASSERT(ret);
                    mode = -1;
                }
            }
            dst += out.pos;
            dstSize += out.pos;
            capacity -= out.pos;
        }
    }
    for (;;) {
        ZSTD_inBuffer in = {NULL, 0, 0};
        ZSTD_outBuffer out = makeOutBuffer(dst, capacity, producer);
        size_t const ret = ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_end);
        FUZZ_ZASSERT(ret);

        dst += out.pos;
        dstSize += out.pos;
        capacity -= out.pos;
        if (ret == 0)
            break;
    }
    return dstSize;
}

int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
{
    FUZZ_SEQ_PROD_SETUP();
    size_t neededBufSize;

    /* Give a random portion of src data to the producer, to use for
    parameter generation. The rest will be used for (de)compression */
    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
    size = FUZZ_dataProducer_reserveDataPrefix(producer);

    neededBufSize = ZSTD_compressBound(size) * 15;

    /* Allocate all buffers and contexts if not already allocated */
    if (neededBufSize > bufSize) {
        free(cBuf);
        free(rBuf);
        cBuf = (uint8_t*)FUZZ_malloc(neededBufSize);
        rBuf = (uint8_t*)FUZZ_malloc(neededBufSize);
        bufSize = neededBufSize;
    }
    if (!cctx) {
        cctx = ZSTD_createCCtx();
        FUZZ_ASSERT(cctx);
    }
    if (!dctx) {
        dctx = ZSTD_createDCtx();
        FUZZ_ASSERT(dctx);
    }

    {
        ZSTD_dictContentType_e dictContentType = FUZZ_dataProducer_uint32Range(producer, 0, 2);
        FUZZ_dict_t dict = FUZZ_train(src, size, producer);
        int const refPrefix = FUZZ_dataProducer_uint32Range(producer, 0, 1) != 0;

        size_t const cSize = compress(cBuf, neededBufSize, src, size, dict.buff, dict.size, producer, refPrefix, dictContentType);

        if (refPrefix)
            FUZZ_ZASSERT(ZSTD_DCtx_refPrefix_advanced(
                dctx, dict.buff, dict.size,
                dictContentType));
        else
            FUZZ_ZASSERT(ZSTD_DCtx_loadDictionary_advanced(
                dctx, dict.buff, dict.size,
                (ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
                dictContentType));
        size_t const rSize =
            ZSTD_decompressDCtx(dctx, rBuf, neededBufSize, cBuf, cSize);
        FUZZ_ZASSERT(rSize);
        FUZZ_ASSERT_MSG(rSize == size, "Incorrect regenerated size");
        FUZZ_ASSERT_MSG(!FUZZ_memcmp(src, rBuf, size), "Corruption!");
        free(dict.buff);
    }

    FUZZ_dataProducer_free(producer);
#ifndef STATEFUL_FUZZING
    ZSTD_freeCCtx(cctx); cctx = NULL;
    ZSTD_freeDCtx(dctx); dctx = NULL;
#endif
    FUZZ_SEQ_PROD_TEARDOWN();
    return 0;
}
Commit	Line	Data
648db22b	1	/*
	2	* Copyright (c) Meta Platforms, Inc. and affiliates.
	3	* All rights reserved.
	4	*
	5	* This source code is licensed under both the BSD-style license (found in the
	6	* LICENSE file in the root directory of this source tree) and the GPLv2 (found
	7	* in the COPYING file in the root directory of this source tree).
	8	* You may select, at your option, one of the above-listed licenses.
	9	*/
	10
	11	/**
	12	* This fuzz target performs a zstd round-trip test (compress & decompress),
	13	* compares the result with the original, and calls abort() on corruption.
	14	*/
	15
	16	#define ZSTD_STATIC_LINKING_ONLY
	17
	18	#include <stddef.h>
	19	#include <stdlib.h>
	20	#include <stdio.h>
	21	#include <string.h>
	22	#include "fuzz_helpers.h"
	23	#include "zstd_helpers.h"
	24	#include "fuzz_data_producer.h"
	25	#include "fuzz_third_party_seq_prod.h"
	26
	27	ZSTD_CCtx *cctx = NULL;
	28	static ZSTD_DCtx *dctx = NULL;
	29	static uint8_t* cBuf = NULL;
	30	static uint8_t* rBuf = NULL;
	31	static size_t bufSize = 0;
	32
	33	static ZSTD_outBuffer makeOutBuffer(uint8_t *dst, size_t capacity,
	34	FUZZ_dataProducer_t *producer)
	35	{
	36	ZSTD_outBuffer buffer = { dst, 0, 0 };
	37
	38	FUZZ_ASSERT(capacity > 0);
	39	buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, capacity));
	40	FUZZ_ASSERT(buffer.size <= capacity);
	41
	42	return buffer;
	43	}
	44
	45	static ZSTD_inBuffer makeInBuffer(const uint8_t *src, size_t size,
	46	FUZZ_dataProducer_t *producer)
	47	{
	48	ZSTD_inBuffer buffer = { *src, 0, 0 };
	49
	50	FUZZ_ASSERT(*size > 0);
	51	buffer.size = (FUZZ_dataProducer_uint32Range(producer, 1, *size));
	52	FUZZ_ASSERT(buffer.size <= *size);
	53	*src += buffer.size;
	54	*size -= buffer.size;
	55
	56	return buffer;
	57	}
	58
	59	static size_t compress(uint8_t *dst, size_t capacity,
	60	const uint8_t *src, size_t srcSize,
	61	const uint8_t* dict, size_t dictSize,
	62	FUZZ_dataProducer_t *producer, int refPrefix,
	63	ZSTD_dictContentType_e dictContentType)
	64	{
65	size_t dstSize = 0;
66	ZSTD_CCtx_reset(cctx, ZSTD_reset_session_only);
67	FUZZ_setRandomParameters(cctx, srcSize, producer);
68
69	/* Disable checksum so we can use sizes smaller than compress bound. */
70	FUZZ_ZASSERT(ZSTD_CCtx_setParameter(cctx, ZSTD_c_checksumFlag, 0));
71	if (refPrefix)
72	FUZZ_ZASSERT(ZSTD_CCtx_refPrefix_advanced(
73	cctx, dict, dictSize,
74	dictContentType));
75	else
76	FUZZ_ZASSERT(ZSTD_CCtx_loadDictionary_advanced(
77	cctx, dict, dictSize,
78	(ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
79	dictContentType));
80
81	while (srcSize > 0) {
82	ZSTD_inBuffer in = makeInBuffer(&src, &srcSize, producer);
83	/* Mode controls the action. If mode == -1 we pick a new mode */
84	int mode = -1;
85	while (in.pos < in.size \|\| mode != -1) {
86	ZSTD_outBuffer out = makeOutBuffer(dst, capacity, producer);
87	/* Previous action finished, pick a new mode. */
88	if (mode == -1) mode = FUZZ_dataProducer_uint32Range(producer, 0, 9);
89	switch (mode) {
90	case 0: /* fall-through */
91	case 1: /* fall-through */
92	case 2: {
93	size_t const ret =
94	ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_flush);
95	FUZZ_ZASSERT(ret);
96	if (ret == 0)
97	mode = -1;
98	break;
99	}
100	case 3: {
101	size_t ret =
102	ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_end);
103	FUZZ_ZASSERT(ret);
104	/* Reset the compressor when the frame is finished */
105	if (ret == 0) {
106	ZSTD_CCtx_reset(cctx, ZSTD_reset_session_only);
107	if (FUZZ_dataProducer_uint32Range(producer, 0, 7) == 0) {
108	size_t const remaining = in.size - in.pos;
109	FUZZ_setRandomParameters(cctx, remaining, producer);
110	}
111	mode = -1;
112	}
113	break;
114	}
115	case 4: {
116	ZSTD_inBuffer nullIn = { NULL, 0, 0 };
117	ZSTD_outBuffer nullOut = { NULL, 0, 0 };
118	size_t const ret = ZSTD_compressStream2(cctx, &nullOut, &nullIn, ZSTD_e_continue);
119	FUZZ_ZASSERT(ret);
120	}
121	/* fall-through */
122	default: {
123	size_t const ret =
124	ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_continue);
125	FUZZ_ZASSERT(ret);
126	mode = -1;
127	}
128	}
129	dst += out.pos;
130	dstSize += out.pos;
131	capacity -= out.pos;
132	}
133	}
134	for (;;) {
135	ZSTD_inBuffer in = {NULL, 0, 0};
136	ZSTD_outBuffer out = makeOutBuffer(dst, capacity, producer);
137	size_t const ret = ZSTD_compressStream2(cctx, &out, &in, ZSTD_e_end);
138	FUZZ_ZASSERT(ret);
139
140	dst += out.pos;
141	dstSize += out.pos;
142	capacity -= out.pos;
143	if (ret == 0)
144	break;
145	}
146	return dstSize;
147	}
148
149	int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
150	{
151	FUZZ_SEQ_PROD_SETUP();
152	size_t neededBufSize;
153
154	/* Give a random portion of src data to the producer, to use for
155	parameter generation. The rest will be used for (de)compression */
156	FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(src, size);
157	size = FUZZ_dataProducer_reserveDataPrefix(producer);
158
159	neededBufSize = ZSTD_compressBound(size) * 15;
160
161	/* Allocate all buffers and contexts if not already allocated */
162	if (neededBufSize > bufSize) {
163	free(cBuf);
164	free(rBuf);
165	cBuf = (uint8_t*)FUZZ_malloc(neededBufSize);
166	rBuf = (uint8_t*)FUZZ_malloc(neededBufSize);
167	bufSize = neededBufSize;
168	}
169	if (!cctx) {
170	cctx = ZSTD_createCCtx();
171	FUZZ_ASSERT(cctx);
172	}
173	if (!dctx) {
174	dctx = ZSTD_createDCtx();
175	FUZZ_ASSERT(dctx);
176	}
177
178	{
179	ZSTD_dictContentType_e dictContentType = FUZZ_dataProducer_uint32Range(producer, 0, 2);
180	FUZZ_dict_t dict = FUZZ_train(src, size, producer);
181	int const refPrefix = FUZZ_dataProducer_uint32Range(producer, 0, 1) != 0;
182
183	size_t const cSize = compress(cBuf, neededBufSize, src, size, dict.buff, dict.size, producer, refPrefix, dictContentType);
184
185	if (refPrefix)
186	FUZZ_ZASSERT(ZSTD_DCtx_refPrefix_advanced(
187	dctx, dict.buff, dict.size,
188	dictContentType));
189	else
190	FUZZ_ZASSERT(ZSTD_DCtx_loadDictionary_advanced(
191	dctx, dict.buff, dict.size,
192	(ZSTD_dictLoadMethod_e)FUZZ_dataProducer_uint32Range(producer, 0, 1),
193	dictContentType));
194	size_t const rSize =
195	ZSTD_decompressDCtx(dctx, rBuf, neededBufSize, cBuf, cSize);
196	FUZZ_ZASSERT(rSize);
197	FUZZ_ASSERT_MSG(rSize == size, "Incorrect regenerated size");
198	FUZZ_ASSERT_MSG(!FUZZ_memcmp(src, rBuf, size), "Corruption!");
199	free(dict.buff);
200	}
201
202	FUZZ_dataProducer_free(producer);
203	#ifndef STATEFUL_FUZZING
204	ZSTD_freeCCtx(cctx); cctx = NULL;
205	ZSTD_freeDCtx(dctx); dctx = NULL;
206	#endif
207	FUZZ_SEQ_PROD_TEARDOWN();
208	return 0;
209	}