s3: smbd: Deliberately currupt an uninitialized pointer.
[Samba.git] / lib / fuzzing / fuzz_lzxpress_huffman_compress.c
blob165244ca8bfd6d1e9ae3f073a4291cc38ece57cd
1 /*
2 Fuzzing for lzxpress_huffman_compress_talloc
3 Copyright (C) Michael Hanselmann 2019
4 Copyright (C) Douglas Bagnall 2022 <dbagnall@samba.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "fuzzing/fuzzing.h"
22 #include "compression/lzxpress_huffman.h"
24 int LLVMFuzzerInitialize(int *argc, char ***argv)
26 return 0;
30 #define MAX_SIZE (1024 * 1024)
32 int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
34 static uint8_t *output;
35 size_t output_len;
36 TALLOC_CTX *mem_ctx = NULL;
37 struct lzxhuff_compressor_mem cmp_mem;
40 * The round-trip fuzzer checks the compressor with an unconstrained
41 * output buffer; here we see what happens if the buffer is possibly too
42 * small.
44 if (len < 3) {
45 return 0;
47 output_len = MIN(MAX_SIZE, buf[0] | (buf[1] << 8) | (buf[2] << 16));
48 buf += 3;
49 len -= 3;
50 mem_ctx = talloc_new(NULL);
52 output = talloc_array(mem_ctx, uint8_t, output_len);
54 lzxpress_huffman_compress(&cmp_mem, buf, len, output, output_len);
56 talloc_free(mem_ctx);
57 return 0;