diff options
author | Douglas Bagnall <douglas.bagnall@catalyst.net.nz> | 2022-12-04 11:47:56 +1300 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2022-12-19 22:32:35 +0000 |
commit | e7489be7be4d05a75a7d31275654260f84a64c79 (patch) | |
tree | e4a971203b838116532a6a6cb6eec9db87340389 /lib/fuzzing | |
parent | 6f77b376d470dd318f0a9699b3528018ce8ea49a (diff) | |
download | samba-e7489be7be4d05a75a7d31275654260f84a64c79.tar.gz |
fuzz: fix lzxpress plain round-trip fuzzer
The 'compressed' string can be about 9/8 the size of the decompressed
string, but we didn't allow enough memory in the fuzz target for that.
Then when it failed, we didn't check.
Credit to OSSFuzz.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'lib/fuzzing')
-rw-r--r-- | lib/fuzzing/fuzz_lzxpress_round_trip.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/fuzzing/fuzz_lzxpress_round_trip.c b/lib/fuzzing/fuzz_lzxpress_round_trip.c index a6173bb68c9..ac38368527e 100644 --- a/lib/fuzzing/fuzz_lzxpress_round_trip.c +++ b/lib/fuzzing/fuzz_lzxpress_round_trip.c @@ -27,7 +27,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { - static uint8_t compressed[1024 * 1024] = {0}; + static uint8_t compressed[1024 * 1280] = {0}; static uint8_t decompressed[1024 * 1024] = {0}; ssize_t compressed_size; ssize_t decompressed_size; @@ -38,6 +38,9 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) compressed_size = lzxpress_compress(buf, len, compressed, sizeof(compressed)); + if (compressed_size < 0) { + abort(); + } decompressed_size = lzxpress_decompress(compressed, compressed_size, decompressed, sizeof(decompressed)); |