Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not store buffers on stack (#11330) 

Drive-by: reformat and use more clear variable names
This commit is contained in:
Eugene Kliuchnikov 2023-12-07 20:29:02 +01:00 committed by GitHub
parent 9c9e0e6cd8
commit 5a35ec74c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 131 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
projects/lzo/lzo_compress_target.c
View File

@ -16,78 +16,93 @@
################################################################################
*/
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <assert.h>
#include "lzo1x.h"
#include "lzoconf.h"
/* Work-memory needed for compression. Allocate memory in units
* of 'lzo_align_t' (instead of 'char') to make sure it is properly aligned.
*/
#define HEAP_ALLOC(var,size) \
lzo_align_t __LZO_MMODEL var [ ((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t) ]
#define HEAP_ALLOC(var, size) \
lzo_align_t __LZO_MMODEL \
var[((size) + (sizeof(lzo_align_t) - 1)) / sizeof(lzo_align_t)]
static HEAP_ALLOC(wrkmem, LZO1X_1_MEM_COMPRESS);
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
int r;
lzo_uint out_len;
lzo_uint new_len;
extern int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
int r;
lzo_uint compressed_len;
lzo_uint decompressed_len;
/* Since we allocate in/out on the stack,
* we can't handle too large size.
*/
if (size > (1 << 20))
size = 1 << 20;
/* Since we allocate in/out on the stack,
* we can't handle too large size.
*/
if (size > (1 << 20)) {
size = 1 << 20;
}
/* We want to compress the data block at 'in' with length 'IN_LEN' to
* the block at 'out'. Because the input block may be incompressible,
* we must provide a little more output space in case that compression
* is not possible.
*/
unsigned char __LZO_MMODEL in[size > 0 ? size : 1];
unsigned char __LZO_MMODEL out[size + size/16 + 64 + 3];
static bool isInit = false;
if (!isInit)
{
if (lzo_init() != LZO_E_OK)
{
#ifdef __DEBUG__
printf("internal error - lzo_init() failed !!!\n");
#endif
return 0;
}
isInit = true;
}
/* Compress with LZO1X-1. */
r = lzo1x_1_compress(data, size, out, &out_len, wrkmem);
assert(r == LZO_E_OK);
#ifdef __DEBUG__
printf("compressed %lu bytes into %lu bytes\n",
(unsigned long) size, (unsigned long) out_len);
#endif
/* check for an incompressible block */
if (out_len >= size)
{
#ifdef __DEBUG__
printf("This block contains incompressible data.\n");
#endif
return 0;
}
// Decompress
new_len = size;
r = lzo1x_decompress(out, out_len, in, &new_len,/*wrkmem=*/NULL);
assert(r == LZO_E_OK && new_len == size);
#ifdef __DEBUG__
printf("decompressed %lu bytes back into %lu bytes\n",
(unsigned long) out_len, (unsigned long) size);
#endif
/* We want to compress the data block at 'in' with length 'IN_LEN' to
* the block at 'out'. Because the input block may be incompressible,
* we must provide a little more output space in case that compression
* is not possible.
*/
unsigned char* __LZO_MMODEL decompressed = malloc(size + 1);
if (!decompressed) {
return 0;
}
unsigned char* __LZO_MMODEL compressed = malloc(size + size / 16 + 64 + 3);
if (!compressed) {
free(decompressed);
return 0;
}
static bool isInit = false;
if (!isInit) {
if (lzo_init() != LZO_E_OK) {
#ifdef __DEBUG__
printf("internal error - lzo_init() failed !!!\n");
#endif
free(compressed);
free(decompressed);
return 0;
}
isInit = true;
}
/* Compress with LZO1X-1. */
r = lzo1x_1_compress(data, size, compressed, &compressed_len, wrkmem);
assert(r == LZO_E_OK);
#ifdef __DEBUG__
printf("compressed %lu bytes into %lu bytes\n", (unsigned long)size,
(unsigned long)out_len);
#endif
/* check for an incompressible block */
if (compressed_len >= size) {
#ifdef __DEBUG__
printf("This block contains incompressible data.\n");
#endif
free(compressed);
free(decompressed);
return 0;
}
// Decompress; allow 1 extra byte of output to make sure decoder does not
// produce unexpected output.
decompressed_len = size + 1;
r = lzo1x_decompress(compressed, compressed_len, decompressed,
&decompressed_len, /*wrkmem=*/NULL);
assert(r == LZO_E_OK && decompressed_len == size);
#ifdef __DEBUG__
printf("decompressed %lu bytes back into %lu bytes\n", (unsigned long)out_len,
(unsigned long)size);
#endif
free(compressed);
free(decompressed);
return 0;
}

113
projects/lzo/lzo_decompress_target.c
View File

@ -16,11 +16,12 @@
################################################################################
*/
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <assert.h>
#include "lzo1b.h"
#include "lzo1c.h"
#include "lzo1f.h"
@ -28,68 +29,64 @@
#include "lzo1y.h"
#include "lzo1z.h"
#include "lzo2a.h"
#include "lzoconf.h"
typedef int (*decompress_function)( const lzo_bytep, lzo_uint ,
lzo_bytep, lzo_uintp,
lzo_voidp );
typedef int (*decompress_function)(const lzo_bytep, lzo_uint, lzo_bytep,
lzo_uintp, lzo_voidp);
#define NUM_DECOMP 7
#define NUM_DECOMP 7
static decompress_function funcArr[NUM_DECOMP] =
{
&lzo1b_decompress_safe,
&lzo1c_decompress_safe,
&lzo1f_decompress_safe,
&lzo1x_decompress_safe,
&lzo1y_decompress_safe,
&lzo1z_decompress_safe,
&lzo2a_decompress_safe
};
static decompress_function funcArr[NUM_DECOMP] = {
&lzo1b_decompress_safe, &lzo1c_decompress_safe, &lzo1f_decompress_safe,
&lzo1x_decompress_safe, &lzo1y_decompress_safe, &lzo1z_decompress_safe,
&lzo2a_decompress_safe};
/* lzo (de)compresses data in blocks. Block size is the
* size of one such block. This size has a default value of 256KB.
*/
static const size_t bufSize = 256 * 1024L;
static const size_t kBufSize = 256 * 1024L;
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
int r;
lzo_uint new_len;
if (size < 1){
return 0;
}
/* Buffer into which compressed data provided by the fuzzer
* is going to be decompressed. The buffer size is chosen
* to be equal to the default block size (256KB) for
* (de)compression.
*/
unsigned char __LZO_MMODEL out[bufSize];
static bool isInit = false;
if (!isInit)
{
if (lzo_init() != LZO_E_OK)
{
#ifdef __DEBUG__
printf("internal error - lzo_init() failed !!!\n");
#endif
return 0;
}
isInit = true;
}
// Decompress.
int idx = size % NUM_DECOMP;
new_len = bufSize;
// Work memory not necessary for decompression
r = (*funcArr[idx])(data, size, out, &new_len, /*wrkmem=*/NULL);
#ifdef __DEBUG__
if (r != LZO_E_OK)
{
printf("error thrown by lzo1x_decompress_safe: %d\n", r);
}
printf("decompressed %lu bytes back into %lu bytes\n",
(unsigned long) size, (unsigned long) new_len);
#endif
extern int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
int r;
lzo_uint new_len;
if (size < 1) {
return 0;
}
/* Buffer into which compressed data provided by the fuzzer
* is going to be decompressed. The buffer size is chosen
* to be equal to the default block size (256KB) for
* (de)compression.
*/
unsigned char* __LZO_MMODEL buf = malloc(kBufSize);
if (!buf) {
// OOM here is out of scope.
return 0;
}
static bool isInit = false;
if (!isInit) {
if (lzo_init() != LZO_E_OK) {
#ifdef __DEBUG__
printf("internal error - lzo_init() failed !!!\n");
#endif
free(buf);
return 0;
}
isInit = true;
}
// Decompress.
int idx = size % NUM_DECOMP;
new_len = kBufSize;
// Work memory not necessary for decompression
r = (*funcArr[idx])(data, size, buf, &new_len, /*wrkmem=*/NULL);
#ifdef __DEBUG__
if (r != LZO_E_OK) {
printf("error thrown by lzo1x_decompress_safe: %d\n", r);
}
printf("decompressed %lu bytes back into %lu bytes\n", (unsigned long)size,
(unsigned long)new_len);
#endif
free(buf);
return 0;
}