Skip to content

Commit

Permalink
fixed another invalid scenario
Browse files Browse the repository at this point in the history 
compressSequencesAndLiterals() doesn't support sequence validation
  • Loading branch information
@Cyan4973
Cyan4973 committed Dec 24, 2024
1 parent 7b294ca commit 72ce56b
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 22 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dev-long-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ jobs:
- name: ASan + UBSan + Regression Test
run: make -j uasanregressiontest

clang-ubsan-regression:
clang-asan-ubsan-regression:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
Expand Down
5 changes: 3 additions & 2 deletions tests/fuzz/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,9 +263,10 @@ corpora: $(patsubst %,corpora/%,$(FUZZ_TARGETS))
.PHONY: seedcorpora
seedcorpora: $(patsubst %,corpora/%_seed_corpus.zip,$(FUZZ_TARGETS))

REGRESSION_TARGET ?= all
regressiontest: corpora
CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" $(PYTHON) ./fuzz.py build all --debug=$(DEBUGLEVEL)
$(PYTHON) ./fuzz.py regression all
CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" $(PYTHON) ./fuzz.py build $(REGRESSION_TARGET) --debug=$(DEBUGLEVEL)
$(PYTHON) ./fuzz.py regression $(REGRESSION_TARGET)

clean:
@$(RM) *.a *.o $(FUZZ_TARGETS)
Expand Down
6 changes: 3 additions & 3 deletions tests/fuzz/dictionary_loader.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
FUZZ_dataProducer_uint32Range(producer, 0, 2);
size = FUZZ_dataProducer_remainingBytes(producer);

DEBUGLOG(2, "Dict load method %d", dlm);
DEBUGLOG(2, "Dict content type %d", dct);
DEBUGLOG(2, "Dict size %u", (unsigned)size);
DEBUGLOG(4, "Dict load method %d", dlm);
DEBUGLOG(4, "Dict content type %d", dct);
DEBUGLOG(4, "Dict size %u", (unsigned)size);

void* const rBuf = FUZZ_malloc(size);
size_t const cBufSize = ZSTD_compressBound(size);
Expand Down
32 changes: 16 additions & 16 deletions tests/fuzz/sequence_compression_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,8 @@ transferLiterals(void* dst, size_t dstCapacity, const ZSTD_Sequence* seqs, size_
for (n=0; n<nbSeqs; n++) {
size_t litLen = seqs[n].litLength;
size_t mlen = seqs[n].matchLength;
assert(op + litLen < oend);
assert(ip + litLen + mlen <= iend);
assert(op + litLen < oend); (void)oend;
assert(ip + litLen + mlen <= iend); (void)iend;
memcpy(op, ip, litLen);
op += litLen;
ip += litLen + mlen;
Expand All @@ -253,8 +253,7 @@ static size_t roundTripTest_compressSequencesAndLiterals(
void* result, size_t resultCapacity,
void* compressed, size_t compressedCapacity,
const void* src, size_t srcSize,
const ZSTD_Sequence* seqs, size_t nbSeqs,
ZSTD_SequenceFormat_e mode)
const ZSTD_Sequence* seqs, size_t nbSeqs)
{
size_t const litCapacity = srcSize + 8;
void* literals = malloc(litCapacity);
Expand All @@ -267,21 +266,21 @@ static size_t roundTripTest_compressSequencesAndLiterals(
compressed, compressedCapacity,
seqs, nbSeqs,
literals, litSize, litCapacity, srcSize);
if ( (ZSTD_getErrorCode(cSize) == ZSTD_error_dstSize_tooSmall)
&& (mode == ZSTD_sf_explicitBlockDelimiters) ) {
free(literals);
if (ZSTD_getErrorCode(cSize) == ZSTD_error_cannotProduce_uncompressedBlock) {
/* Valid scenario : ZSTD_compressSequencesAndLiterals cannot generate uncompressed blocks */
return 0;
}
if (ZSTD_getErrorCode(cSize) == ZSTD_error_dstSize_tooSmall) {
/* Valid scenario : in explicit delimiter mode,
* it might be possible for the compressed size to outgrow dstCapacity.
* In which case, it's still a valid fuzzer scenario,
* but no roundtrip shall be possible */
return 0;
}

/* round-trip */
if (ZSTD_isError(cSize)) {
ZSTD_ErrorCode err = ZSTD_getErrorCode(cSize);
/* this specific error might happen as a result of data being uncompressible */
if (err != ZSTD_error_cannotProduce_uncompressedBlock)
FUZZ_ZASSERT(cSize);
}
FUZZ_ZASSERT(cSize);
{ size_t const dSize = ZSTD_decompressDCtx(dctx, result, resultCapacity, compressed, cSize);
FUZZ_ZASSERT(dSize);
FUZZ_ASSERT_MSG(dSize == srcSize, "Incorrect regenerated size");
Expand All @@ -305,11 +304,12 @@ static size_t roundTripTest(void* result, size_t resultCapacity,
FUZZ_ZASSERT(ZSTD_DCtx_refDDict(dctx, ddict));
}

{ int blockMode;
/* compressSequencesAndLiterals() only supports explicitBlockDelimiters */
{ int blockMode, validation;
/* compressSequencesAndLiterals() only supports explicitBlockDelimiters and no validation */
FUZZ_ZASSERT(ZSTD_CCtx_getParameter(cctx, ZSTD_c_blockDelimiters, &blockMode));
if (blockMode == ZSTD_sf_explicitBlockDelimiters) {
FUZZ_ZASSERT(roundTripTest_compressSequencesAndLiterals(result, resultCapacity, compressed, compressedCapacity, src, srcSize, seqs, nbSeqs, mode));
FUZZ_ZASSERT(ZSTD_CCtx_getParameter(cctx, ZSTD_c_validateSequences, &validation));
if ((blockMode == ZSTD_sf_explicitBlockDelimiters) && (!validation)) {
FUZZ_ZASSERT(roundTripTest_compressSequencesAndLiterals(result, resultCapacity, compressed, compressedCapacity, src, srcSize, seqs, nbSeqs));
}
}

Expand Down

0 comments on commit 72ce56b

Please sign in to comment.