Seperating the seed generation and use

author: Bimba Shrestha <bshrestha.msae@gmail.com> 2019-09-13 14:07:52 -0700
committer: Bimba Shrestha <bshrestha.msae@gmail.com> 2019-09-13 14:07:52 -0700
commit: 208694297a308da8dae2b3bb104bdab486d1b683 (patch)
tree: 95930ec739b3e8d45be17732f5ef7d82bb584b23
parent: 7d153a704d00a266c9601c947e07fd33e1cd6f4d (diff)
download: lz4-208694297a308da8dae2b3bb104bdab486d1b683.tar.gz
10 files changed, 68 insertions, 33 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 7fe09a11..a99bb74c 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -19,8 +19,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
-    size_t const compressBound = LZ4F_compressFrameBound(size, &prefs);
-    size_t const dstCapacity = FUZZ_dataProducer_uint32(producer, 0, compressBound);
+    size_t const compressBound = LZ4F_compressFrameBound(FUZZ_dataProducer_remainingBytes(producer), &prefs);
+    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32_seed(producer, 0, compressBound);
+    size_t const dstCapacity = FUZZ_dataProducer_uint32(dstCapacitySeed,
+        0, FUZZ_dataProducer_remainingBytes(producer));
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
 
diff --git a/ossfuzz/compress_fuzzer.c b/ossfuzz/compress_fuzzer.c
index 9d72e72f..76d227ea 100644
--- a/ossfuzz/compress_fuzzer.c
+++ b/ossfuzz/compress_fuzzer.c
@@ -16,8 +16,9 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacity = FUZZ_dataProducer_uint32(
-      producer, 0, LZ4_compressBound(size));
+    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32_seed(producer, 0, LZ4_compressBound(size));
+    size_t const dstCapacity = FUZZ_dataProducer_uint32(dstCapacitySeed,
+        0, LZ4_compressBound(FUZZ_dataProducer_remainingBytes(producer)));
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
 
diff --git a/ossfuzz/compress_hc_fuzzer.c b/ossfuzz/compress_hc_fuzzer.c
index 5f221045..3e28f424 100644
--- a/ossfuzz/compress_hc_fuzzer.c
+++ b/ossfuzz/compress_hc_fuzzer.c
@@ -17,12 +17,16 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacity = FUZZ_dataProducer_uint32(
-      producer, 0, LZ4_compressBound(size));
+    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32_seed(producer,
+        0, LZ4_compressBound(size));
+    size_t const levelSeed = FUZZ_dataProducer_uint32_seed(producer,
+        LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+    size_t const dstCapacity = FUZZ_dataProducer_uint32(dstCapacitySeed,
+        0, FUZZ_dataProducer_remainingBytes(producer));
+    int const level = FUZZ_dataProducer_uint32(
+        levelSeed, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
-    int const level = FUZZ_dataProducer_uint32(
-      producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
 
     /* Restrict to remaining data from producer */
     size = FUZZ_dataProducer_remainingBytes(producer);
diff --git a/ossfuzz/decompress_frame_fuzzer.c b/ossfuzz/decompress_frame_fuzzer.c
index 60d2ea1d..13081007 100644
--- a/ossfuzz/decompress_frame_fuzzer.c
+++ b/ossfuzz/decompress_frame_fuzzer.c
@@ -31,11 +31,15 @@ static void decompress(LZ4F_dctx* dctx, void* dst, size_t dstCapacity,
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacity = FUZZ_dataProducer_uint32(
-      producer, 0, 4 * size);
+    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32_seed(producer,
+        0, 4 * size);
     size_t const largeDictSize = 64 * 1024;
+    size_t const dictSizeSeed = FUZZ_dataProducer_uint32_seed(producer,
+        0, largeDictSize);
+    size_t const dstCapacity = FUZZ_dataProducer_uint32(
+      dstCapacitySeed, 0, 4 * FUZZ_dataProducer_remainingBytes(producer));
     size_t const dictSize = FUZZ_dataProducer_uint32(
-      producer, 0, largeDictSize);
+      dictSizeSeed, 0, largeDictSize);
     char* const dst = (char*)malloc(dstCapacity);
     char* const dict = (char*)malloc(dictSize);
     LZ4F_decompressOptions_t opts;
diff --git a/ossfuzz/decompress_fuzzer.c b/ossfuzz/decompress_fuzzer.c
index bc4190b3..111f5b5c 100644
--- a/ossfuzz/decompress_fuzzer.c
+++ b/ossfuzz/decompress_fuzzer.c
@@ -15,8 +15,9 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacity = FUZZ_dataProducer_uint32(
-      producer, 0, 4 * size);
+    size_t const dstCapacitySeed = FUZZ_dataProducer_uint32_seed(producer, 0, 4 * size);
+    size_t const dstCapacity = FUZZ_dataProducer_uint32(dstCapacitySeed,
+        0, 4 * FUZZ_dataProducer_remainingBytes(producer));
     size_t const smallDictSize = size + 1;
     size_t const largeDictSize = 64 * 1024 - 1;
     size_t const dictSize = MAX(smallDictSize, largeDictSize);
diff --git a/ossfuzz/fuzz_data_producer.c b/ossfuzz/fuzz_data_producer.c
index f35bd8a6..70e42eaa 100644
--- a/ossfuzz/fuzz_data_producer.c
+++ b/ossfuzz/fuzz_data_producer.c
@@ -17,7 +17,7 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size)
 
 void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer) { free(producer); }
 
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
+uint32_t FUZZ_dataProducer_uint32_seed(FUZZ_dataProducer_t *producer, uint32_t min,
                                   uint32_t max) {
   FUZZ_ASSERT(min <= max);
 
@@ -32,24 +32,36 @@ uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
     rolling >>= 8;
   }
 
-  if (range == 0xffffffff) {
-    return result;
-  }
+  return result;
+}
 
-  return min + result % (range + 1);
+uint32_t FUZZ_dataProducer_uint32(uint32_t seed, uint32_t min, uint32_t max)
+{
+    uint32_t range = max - min;
+    if (range == 0xffffffff) {
+      return seed;
+    }
+    return min + seed % (range + 1);
+}
+
+uint32_t FUZZ_dataProducer_uint32NonAdaptive(FUZZ_dataProducer_t* producer,
+    uint32_t min, uint32_t max)
+{
+    size_t const seed = FUZZ_dataProducer_uint32_seed(producer, min, max);
+    return FUZZ_dataProducer_uint32(seed, min, max);
 }
 
 LZ4F_frameInfo_t FUZZ_dataProducer_frameInfo(FUZZ_dataProducer_t* producer)
 {
     LZ4F_frameInfo_t info = LZ4F_INIT_FRAMEINFO;
-    info.blockSizeID = FUZZ_dataProducer_uint32(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
+    info.blockSizeID = FUZZ_dataProducer_uint32NonAdaptive(producer, LZ4F_max64KB - 1, LZ4F_max4MB);
     if (info.blockSizeID < LZ4F_max64KB) {
         info.blockSizeID = LZ4F_default;
     }
-    info.blockMode = FUZZ_dataProducer_uint32(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
-    info.contentChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noContentChecksum,
+    info.blockMode = FUZZ_dataProducer_uint32NonAdaptive(producer, LZ4F_blockLinked, LZ4F_blockIndependent);
+    info.contentChecksumFlag = FUZZ_dataProducer_uint32NonAdaptive(producer, LZ4F_noContentChecksum,
                                            LZ4F_contentChecksumEnabled);
-    info.blockChecksumFlag = FUZZ_dataProducer_uint32(producer, LZ4F_noBlockChecksum,
+    info.blockChecksumFlag = FUZZ_dataProducer_uint32NonAdaptive(producer, LZ4F_noBlockChecksum,
                                          LZ4F_blockChecksumEnabled);
     return info;
 }
@@ -58,9 +70,9 @@ LZ4F_preferences_t FUZZ_dataProducer_preferences(FUZZ_dataProducer_t* producer)
 {
     LZ4F_preferences_t prefs = LZ4F_INIT_PREFERENCES;
     prefs.frameInfo = FUZZ_dataProducer_frameInfo(producer);
-    prefs.compressionLevel = FUZZ_dataProducer_uint32(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
-    prefs.autoFlush = FUZZ_dataProducer_uint32(producer, 0, 1);
-    prefs.favorDecSpeed = FUZZ_dataProducer_uint32(producer, 0, 1);
+    prefs.compressionLevel = FUZZ_dataProducer_uint32NonAdaptive(producer, 0, LZ4HC_CLEVEL_MAX + 3) - 3;
+    prefs.autoFlush = FUZZ_dataProducer_uint32NonAdaptive(producer, 0, 1);
+    prefs.favorDecSpeed = FUZZ_dataProducer_uint32NonAdaptive(producer, 0, 1);
     return prefs;
 }
 
diff --git a/ossfuzz/fuzz_data_producer.h b/ossfuzz/fuzz_data_producer.h
index 4c097a72..e12f899e 100644
--- a/ossfuzz/fuzz_data_producer.h
+++ b/ossfuzz/fuzz_data_producer.h
@@ -16,8 +16,15 @@ FUZZ_dataProducer_t *FUZZ_dataProducer_create(const uint8_t *data, size_t size);
 /* Frees the data producer */
 void FUZZ_dataProducer_free(FUZZ_dataProducer_t *producer);
 
+/* Returns a seed value for the function after this one to consume */
+uint32_t FUZZ_dataProducer_uint32_seed(FUZZ_dataProducer_t *producer, uint32_t min,
+                                  uint32_t max);
+
 /* Returns value between [min, max] */
-uint32_t FUZZ_dataProducer_uint32(FUZZ_dataProducer_t *producer, uint32_t min,
+uint32_t FUZZ_dataProducer_uint32(uint32_t seed, uint32_t min, uint32_t max);
+
+/* Combination of above two functions for non adaptive use cases. ie where size is not involved */
+uint32_t FUZZ_dataProducer_uint32NonAdaptive(FUZZ_dataProducer_t *producer, uint32_t min,
                                   uint32_t max);
 
 /* Returns lz4 preferences */
diff --git a/ossfuzz/round_trip_frame_fuzzer.c b/ossfuzz/round_trip_frame_fuzzer.c
index fe6fc776..c34553dd 100644
--- a/ossfuzz/round_trip_frame_fuzzer.c
+++ b/ossfuzz/round_trip_frame_fuzzer.c
@@ -16,11 +16,12 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-    FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+    FUZZ_dataProducer_t* producer = FUZZ_dataProducer_create(data, size);
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
-    size_t const dstCapacity = LZ4F_compressFrameBound(size, &prefs);
+    size_t const dstCapacity = LZ4F_compressFrameBound(
+        LZ4_compressBound(FUZZ_dataProducer_remainingBytes(producer)), &prefs);
     char* const dst = (char*)malloc(dstCapacity);
-    char* const rt = (char*)malloc(size);
+    char* const rt = (char*)malloc(FUZZ_dataProducer_remainingBytes(producer));
 
     FUZZ_ASSERT(dst);
     FUZZ_ASSERT(rt);
diff --git a/ossfuzz/round_trip_fuzzer.c b/ossfuzz/round_trip_fuzzer.c
index e37a0a6f..85774fe6 100644
--- a/ossfuzz/round_trip_fuzzer.c
+++ b/ossfuzz/round_trip_fuzzer.c
@@ -15,7 +15,9 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const partialCapacity = FUZZ_dataProducer_uint32(producer, 0, size);
+    size_t const partialCapacitySeed = FUZZ_dataProducer_uint32_seed(producer, 0, size);
+    size_t const partialCapacity = FUZZ_dataProducer_uint32(partialCapacitySeed,
+        0, FUZZ_dataProducer_remainingBytes(producer));
     size_t const dstCapacity = LZ4_compressBound(size);
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
diff --git a/ossfuzz/round_trip_hc_fuzzer.c b/ossfuzz/round_trip_hc_fuzzer.c
index 8406809d..cc9c3026 100644
--- a/ossfuzz/round_trip_hc_fuzzer.c
+++ b/ossfuzz/round_trip_hc_fuzzer.c
@@ -16,11 +16,12 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
-    size_t const dstCapacity = LZ4_compressBound(size);
+    int const level = FUZZ_dataProducer_uint32NonAdaptive(producer,
+        LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
+    size_t const dstCapacity = LZ4_compressBound(
+        FUZZ_dataProducer_remainingBytes(producer));
     char* const dst = (char*)malloc(dstCapacity);
     char* const rt = (char*)malloc(size);
-    int const level = FUZZ_dataProducer_uint32(
-      producer, LZ4HC_CLEVEL_MIN, LZ4HC_CLEVEL_MAX);
 
     /* Restrict to remaining data from producer */
     size = FUZZ_dataProducer_remainingBytes(producer);
author	Bimba Shrestha <bshrestha.msae@gmail.com>	2019-09-13 14:07:52 -0700
committer	Bimba Shrestha <bshrestha.msae@gmail.com>	2019-09-13 14:07:52 -0700
commit	208694297a308da8dae2b3bb104bdab486d1b683 (patch)
tree	95930ec739b3e8d45be17732f5ef7d82bb584b23
parent	7d153a704d00a266c9601c947e07fd33e1cd6f4d (diff)
download	lz4-208694297a308da8dae2b3bb104bdab486d1b683.tar.gz