diff options
| author | Tim Schumacher <timschumi@gmx.de> | 2023-03-07 18:36:36 +0100 |
|---|---|---|
| committer | Idan Horowitz <idan.horowitz@gmail.com> | 2023-03-20 12:15:38 +0200 |
| commit | 123e9fa5d08f6d2507cbdb1ff17715a12e1cbb2e (patch) | |
| tree | 4f0bd00e9411aa9b0f2ab1c10728adef49468029 /Meta | |
| parent | 858c44ae1ba7b1144487a0321354ad064d11e582 (diff) | |
| download | serenity-123e9fa5d08f6d2507cbdb1ff17715a12e1cbb2e.zip | |
Lagom: Add a fuzzer for LZMA decompression
Diffstat (limited to 'Meta')
| -rw-r--r-- | Meta/Lagom/Fuzzers/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | Meta/Lagom/Fuzzers/FuzzLzmaDecompression.cpp | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/Meta/Lagom/Fuzzers/CMakeLists.txt b/Meta/Lagom/Fuzzers/CMakeLists.txt index 8901747dfd..247d9f6442 100644 --- a/Meta/Lagom/Fuzzers/CMakeLists.txt +++ b/Meta/Lagom/Fuzzers/CMakeLists.txt @@ -35,6 +35,7 @@ add_simple_fuzzer(FuzzGzipDecompression LibCompress) add_simple_fuzzer(FuzzICCProfile LibGfx) add_simple_fuzzer(FuzzICOLoader LibGfx) add_simple_fuzzer(FuzzJPEGLoader LibGfx) +add_simple_fuzzer(FuzzLzmaDecompression LibArchive LibCompress) add_simple_fuzzer(FuzzMatroskaReader LibVideo) add_simple_fuzzer(FuzzMD5 LibCrypto) add_simple_fuzzer(FuzzMP3Loader LibAudio) diff --git a/Meta/Lagom/Fuzzers/FuzzLzmaDecompression.cpp b/Meta/Lagom/Fuzzers/FuzzLzmaDecompression.cpp new file mode 100644 index 0000000000..fac0903162 --- /dev/null +++ b/Meta/Lagom/Fuzzers/FuzzLzmaDecompression.cpp @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2023, Tim Schumacher <timschumi@gmx.de>. + * + * SPDX-License-Identifier: BSD-2-Clause + */ + +#include <AK/MemoryStream.h> +#include <LibCompress/Lzma.h> + +extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size) +{ + // LibFuzzer has a default memory limit of 2048 MB, so limit the dictionary size to a + // reasonable number to make sure that we don't actually run into it by allocating a + // huge dictionary. The chosen value is double of what the largest dictionary in the + // specifications test files is, so it should be more than enough for fuzzing everything + // that we would want to fuzz. + constexpr size_t largest_reasonable_dictionary_size = 16 * MiB; + + if (size >= sizeof(Compress::LzmaHeader)) { + auto const* header = reinterpret_cast<Compress::LzmaHeader const*>(data); + if (header->dictionary_size() > largest_reasonable_dictionary_size) + return -1; + } + + auto stream = make<FixedMemoryStream>(ReadonlyBytes { data, size }); + auto decompressor_or_error = Compress::LzmaDecompressor::create_from_container(move(stream)); + if (decompressor_or_error.is_error()) + return 0; + auto decompressor = decompressor_or_error.release_value(); + while (!decompressor->is_eof()) { + auto maybe_error = decompressor->discard(4096); + if (maybe_error.is_error()) + break; + } + return 0; +} |