From e7489be7be4d05a75a7d31275654260f84a64c79 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Sun, 4 Dec 2022 11:47:56 +1300 Subject: [PATCH] fuzz: fix lzxpress plain round-trip fuzzer The 'compressed' string can be about 9/8 the size of the decompressed string, but we didn't allow enough memory in the fuzz target for that. Then when it failed, we didn't check. Credit to OSSFuzz. Signed-off-by: Douglas Bagnall Reviewed-by: Jeremy Allison --- lib/fuzzing/fuzz_lzxpress_round_trip.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/fuzzing/fuzz_lzxpress_round_trip.c b/lib/fuzzing/fuzz_lzxpress_round_trip.c index a6173bb68c9..ac38368527e 100644 --- a/lib/fuzzing/fuzz_lzxpress_round_trip.c +++ b/lib/fuzzing/fuzz_lzxpress_round_trip.c @@ -27,7 +27,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { - static uint8_t compressed[1024 * 1024] = {0}; + static uint8_t compressed[1024 * 1280] = {0}; static uint8_t decompressed[1024 * 1024] = {0}; ssize_t compressed_size; ssize_t decompressed_size; @@ -38,6 +38,9 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) compressed_size = lzxpress_compress(buf, len, compressed, sizeof(compressed)); + if (compressed_size < 0) { + abort(); + } decompressed_size = lzxpress_decompress(compressed, compressed_size, decompressed, sizeof(decompressed));