[zlib][fuzz] Cover deflateCopy() with the deflate_fuzzer

This expands the API coverage of the fuzzer a little bit.

Bug: 40263542
Change-Id: Ib0ff0509072aa7aa2977d6bd20ac90035eac2244
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5343954
Auto-Submit: Hans Wennborg <hans@chromium.org>
Commit-Queue: Adenilson Cavalcanti <cavalcantii@chromium.org>
Reviewed-by: Adenilson Cavalcanti <cavalcantii@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1270290}
NOKEYCHECK=True
GitOrigin-RevId: 63d102e99de9f1d43b574cd720665307ceb4d1f2

1 files changed, 15 insertions, 0 deletions

diff --git a/contrib/tests/fuzzers/deflate_fuzzer.cc b/contrib/tests/fuzzers/deflate_fuzzer.cc
index 2468509..f986d78 100644
--- a/contrib/tests/fuzzers/deflate_fuzzer.cc
+++ b/contrib/tests/fuzzers/deflate_fuzzer.cc
@@ -53,6 +53,21 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   // Stream with random-sized input and output buffers.
   while (fdp.ConsumeBool()) {
+    if (fdp.ConsumeBool()) {
+      // Check that copying the stream's state works. Gating this behind
+      // ConsumeBool() allows to interleave deflateCopy() with deflate() calls
+      // to better stress the code.
+      z_stream stream2;
+      ASSERT(deflateCopy(&stream2, &stream) == Z_OK);
+      ret = deflateEnd(&stream);
+      ASSERT(ret == Z_OK || Z_DATA_ERROR);
+      memset(&stream, 0xff, sizeof(stream));
+
+      ASSERT(deflateCopy(&stream, &stream2) == Z_OK);
+      ret = deflateEnd(&stream2);
+      ASSERT(ret == Z_OK || Z_DATA_ERROR);
+    }
+
     std::vector<uint8_t> src_chunk = fdp.ConsumeBytes<uint8_t>(
         fdp.ConsumeIntegralInRange(kMinChunk, kMaxChunk));
     std::vector<uint8_t> out_chunk(