1 // Copyright 2015 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <stddef.h> 6 #include <stdint.h> 7 8 #include <brotli/decode.h> 9 10 // Entry point for LibFuzzer. 11 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 12 size_t addend = 0; 13 if (size > 0) 14 addend = data[size - 1] & 7; 15 const uint8_t* next_in = data; 16 17 const int kBufferSize = 1024; 18 uint8_t* buffer = new uint8_t[kBufferSize]; 19 /* The biggest "magic number" in brotli is 16MiB - 16, so no need to check 20 the cases with much longer output. */ 21 const size_t total_out_limit = (addend == 0) ? (1 << 26) : (1 << 24); 22 size_t total_out = 0; 23 24 BrotliDecoderState* state = BrotliDecoderCreateInstance(0, 0, 0); 25 26 if (addend == 0) 27 addend = size; 28 /* Test both fast (addend == size) and slow (addend <= 7) decoding paths. */ 29 for (size_t i = 0; i < size;) { 30 size_t next_i = i + addend; 31 if (next_i > size) 32 next_i = size; 33 size_t avail_in = next_i - i; 34 i = next_i; 35 BrotliDecoderResult result = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT; 36 while (result == BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT) { 37 size_t avail_out = kBufferSize; 38 uint8_t* next_out = buffer; 39 result = BrotliDecoderDecompressStream( 40 state, &avail_in, &next_in, &avail_out, &next_out, &total_out); 41 if (total_out > total_out_limit) 42 break; 43 } 44 if (total_out > total_out_limit) 45 break; 46 if (result != BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT) 47 break; 48 } 49 50 BrotliDecoderDestroyInstance(state); 51 delete[] buffer; 52 return 0; 53 } 54