src/fuzzer.cc - platform/external/puffin - Gitiles

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <vector>

 #include "base/logging.h"
 #include "brillo/test_helpers.h"

 #include "puffin/src/bit_reader.h"
 #include "puffin/src/bit_writer.h"
 #include "puffin/src/include/puffin/common.h"
 #include "puffin/src/include/puffin/huffer.h"
 #include "puffin/src/include/puffin/puffer.h"
 #include "puffin/src/include/puffin/puffpatch.h"
 #include "puffin/src/memory_stream.h"
 #include "puffin/src/puff_reader.h"
 #include "puffin/src/puff_writer.h"

 using puffin::BitExtent;
 using puffin::Buffer;
 using puffin::BufferBitReader;
 using puffin::BufferBitWriter;
 using puffin::BufferPuffReader;
 using puffin::BufferPuffWriter;
 using puffin::ByteExtent;
 using puffin::Huffer;
 using puffin::MemoryStream;
 using puffin::Puffer;
 using puffin::UniqueStreamPtr;
 using std::vector;

 namespace puffin {
 // From puffpatch.cc
 bool DecodePatch(const uint8_t* patch,
                  size_t patch_length,
                  size_t* bsdiff_patch_offset,
                  size_t* bsdiff_patch_size,
                  vector<BitExtent>* src_deflates,
                  vector<BitExtent>* dst_deflates,
                  vector<ByteExtent>* src_puffs,
                  vector<ByteExtent>* dst_puffs,
                  uint64_t* src_puff_size,
                  uint64_t* dst_puff_size);
 }  // namespace puffin

 namespace {
 void FuzzPuff(const uint8_t* data, size_t size) {
   BufferBitReader bit_reader(data, size);
   Buffer puff_buffer(size * 2);
   BufferPuffWriter puff_writer(puff_buffer.data(), puff_buffer.size());
   vector<BitExtent> bit_extents;
   Puffer puffer;
   puffer.PuffDeflate(&bit_reader, &puff_writer, &bit_extents);
 }

 void FuzzHuff(const uint8_t* data, size_t size) {
   BufferPuffReader puff_reader(data, size);
   Buffer deflate_buffer(size);
   BufferBitWriter bit_writer(deflate_buffer.data(), deflate_buffer.size());
   Huffer huffer;
   huffer.HuffDeflate(&puff_reader, &bit_writer);
 }

 template <typename T>
 bool TestExtentsArrayForFuzzer(const vector<T>& extents) {
   const size_t kMaxArraySize = 100;
   if (extents.size() > kMaxArraySize) {
     return false;
   }

   const size_t kMaxBufferSize = 1024;  // 1Kb
   for (const auto& ext : extents) {
     if (ext.length > kMaxBufferSize) {
       return false;
     }
   }
   return true;
 }

 void FuzzPuffPatch(const uint8_t* data, size_t size) {
   // First decode the header and make sure the deflate and puff buffer sizes do
   // not excede some limits. This is to prevent the fuzzer complain with
   // out-of-memory errors when the fuzz data is in such a way that causes a huge
   // random size memory be allocated.

   size_t bsdiff_patch_offset;
   size_t bsdiff_patch_size = 0;
   vector<BitExtent> src_deflates, dst_deflates;
   vector<ByteExtent> src_puffs, dst_puffs;
   uint64_t src_puff_size, dst_puff_size;
   if (DecodePatch(data, size, &bsdiff_patch_offset, &bsdiff_patch_size,
                   &src_deflates, &dst_deflates, &src_puffs, &dst_puffs,
                   &src_puff_size, &dst_puff_size) &&
       TestExtentsArrayForFuzzer(src_deflates) &&
       TestExtentsArrayForFuzzer(dst_deflates) &&
       TestExtentsArrayForFuzzer(src_puffs) &&
       TestExtentsArrayForFuzzer(dst_puffs)) {
     const size_t kBufferSize = 1000;
     if ((!src_deflates.empty() &&
          kBufferSize <
              src_deflates.back().offset + src_deflates.back().length) ||
         (!dst_deflates.empty() &&
          kBufferSize <
              dst_deflates.back().offset + dst_deflates.back().length)) {
       return;
     }

     Buffer src_buffer(kBufferSize);
     Buffer dst_buffer(kBufferSize);
     auto src = MemoryStream::CreateForRead(src_buffer);
     auto dst = MemoryStream::CreateForWrite(&dst_buffer);
     puffin::PuffPatch(std::move(src), std::move(dst), data, size, kBufferSize);
   }
 }

 struct Environment {
   Environment() {
     // To turn off the logging.
     logging::SetMinLogLevel(logging::LOG_FATAL);

     // To turn off logging for bsdiff library.
     std::cerr.setstate(std::ios_base::failbit);
   }
 };
 Environment* env = new Environment();

 }  // namespace

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   FuzzPuff(data, size);
   FuzzHuff(data, size);
   FuzzPuffPatch(data, size);
   return 0;
 }
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <vector>

	#include "base/logging.h"
	#include "brillo/test_helpers.h"

	#include "puffin/src/bit_reader.h"
	#include "puffin/src/bit_writer.h"
	#include "puffin/src/include/puffin/common.h"
	#include "puffin/src/include/puffin/huffer.h"
	#include "puffin/src/include/puffin/puffer.h"
	#include "puffin/src/include/puffin/puffpatch.h"
	#include "puffin/src/memory_stream.h"
	#include "puffin/src/puff_reader.h"
	#include "puffin/src/puff_writer.h"

	using puffin::BitExtent;
	using puffin::Buffer;
	using puffin::BufferBitReader;
	using puffin::BufferBitWriter;
	using puffin::BufferPuffReader;
	using puffin::BufferPuffWriter;
	using puffin::ByteExtent;
	using puffin::Huffer;
	using puffin::MemoryStream;
	using puffin::Puffer;
	using puffin::UniqueStreamPtr;
	using std::vector;

	namespace puffin {
	// From puffpatch.cc
	bool DecodePatch(const uint8_t* patch,
	size_t patch_length,
	size_t* bsdiff_patch_offset,
	size_t* bsdiff_patch_size,
	vector<BitExtent>* src_deflates,
	vector<BitExtent>* dst_deflates,
	vector<ByteExtent>* src_puffs,
	vector<ByteExtent>* dst_puffs,
	uint64_t* src_puff_size,
	uint64_t* dst_puff_size);
	} // namespace puffin

	namespace {
	void FuzzPuff(const uint8_t* data, size_t size) {
	BufferBitReader bit_reader(data, size);
	Buffer puff_buffer(size * 2);
	BufferPuffWriter puff_writer(puff_buffer.data(), puff_buffer.size());
	vector<BitExtent> bit_extents;
	Puffer puffer;
	puffer.PuffDeflate(&bit_reader, &puff_writer, &bit_extents);
	}

	void FuzzHuff(const uint8_t* data, size_t size) {
	BufferPuffReader puff_reader(data, size);
	Buffer deflate_buffer(size);
	BufferBitWriter bit_writer(deflate_buffer.data(), deflate_buffer.size());
	Huffer huffer;
	huffer.HuffDeflate(&puff_reader, &bit_writer);
	}

	template <typename T>
	bool TestExtentsArrayForFuzzer(const vector<T>& extents) {
	const size_t kMaxArraySize = 100;
	if (extents.size() > kMaxArraySize) {
	return false;
	}

	const size_t kMaxBufferSize = 1024; // 1Kb
	for (const auto& ext : extents) {
	if (ext.length > kMaxBufferSize) {
	return false;
	}
	}
	return true;
	}

	void FuzzPuffPatch(const uint8_t* data, size_t size) {
	// First decode the header and make sure the deflate and puff buffer sizes do
	// not excede some limits. This is to prevent the fuzzer complain with
	// out-of-memory errors when the fuzz data is in such a way that causes a huge
	// random size memory be allocated.

	size_t bsdiff_patch_offset;
	size_t bsdiff_patch_size = 0;
	vector<BitExtent> src_deflates, dst_deflates;
	vector<ByteExtent> src_puffs, dst_puffs;
	uint64_t src_puff_size, dst_puff_size;
	if (DecodePatch(data, size, &bsdiff_patch_offset, &bsdiff_patch_size,
	&src_deflates, &dst_deflates, &src_puffs, &dst_puffs,
	&src_puff_size, &dst_puff_size) &&
	TestExtentsArrayForFuzzer(src_deflates) &&
	TestExtentsArrayForFuzzer(dst_deflates) &&
	TestExtentsArrayForFuzzer(src_puffs) &&
	TestExtentsArrayForFuzzer(dst_puffs)) {
	const size_t kBufferSize = 1000;
	if ((!src_deflates.empty() &&
	kBufferSize <
	src_deflates.back().offset + src_deflates.back().length) \|\|
	(!dst_deflates.empty() &&
	kBufferSize <
	dst_deflates.back().offset + dst_deflates.back().length)) {
	return;
	}

	Buffer src_buffer(kBufferSize);
	Buffer dst_buffer(kBufferSize);
	auto src = MemoryStream::CreateForRead(src_buffer);
	auto dst = MemoryStream::CreateForWrite(&dst_buffer);
	puffin::PuffPatch(std::move(src), std::move(dst), data, size, kBufferSize);
	}
	}

	struct Environment {
	Environment() {
	// To turn off the logging.
	logging::SetMinLogLevel(logging::LOG_FATAL);

	// To turn off logging for bsdiff library.
	std::cerr.setstate(std::ios_base::failbit);
	}
	};
	Environment* env = new Environment();

	} // namespace

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
	FuzzPuff(data, size);
	FuzzHuff(data, size);
	FuzzPuffPatch(data, size);
	return 0;
	}