root/xz
1
0
Fork 0
mirror of https://git.tukaani.org/xz.git synced 2025-04-16 12:40:50 +00:00
Code Issues Releases Wiki Activity
xz/tests/ossfuzz/fuzz_decode_stream_mt.c
Lasse Collin 48440e24a2
Tests: Add a fuzzing target for the multithreaded .xz decoder 
It doesn't seem possible to trigger the CVE-2025-31115 bug with this
fuzzing target at the moment. It's because the code in fuzz_common.h
passes the whole input buffer to lzma_code() at once.
2025-04-03 14:34:43 +03:00

48 lines
1.1 KiB
C
Raw Blame History

// SPDX-License-Identifier: 0BSD
///////////////////////////////////////////////////////////////////////////////
//
/// \file fuzz_decode_stream_mt.c
/// \brief Fuzz test program for multithreaded .xz decoding
//
// Author: Lasse Collin
//
///////////////////////////////////////////////////////////////////////////////
#include <inttypes.h>
#include <stdlib.h>
#include <stdio.h>
#include "lzma.h"
#include "fuzz_common.h"
extern int
LLVMFuzzerTestOneInput(const uint8_t *inbuf, size_t inbuf_size)
{
lzma_stream strm = LZMA_STREAM_INIT;
lzma_mt mt = {
.flags = LZMA_CONCATENATED | LZMA_IGNORE_CHECK,
.threads = 2,
.timeout = 0,
.memlimit_threading = MEM_LIMIT / 2,
.memlimit_stop = MEM_LIMIT,
};
lzma_ret ret = lzma_stream_decoder_mt(&strm, &mt);
if (ret != LZMA_OK) {
// This should never happen unless the system has
// no free memory or address space to allow the small
// allocations that the initialization requires.
fprintf(stderr, "lzma_stream_decoder_mt() failed (%d)\n", ret);
abort();
}
fuzz_code(&strm, inbuf, inbuf_size);
lzma_end(&strm);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink