diff --git a/lib/legacy/zstd_v06.c b/lib/legacy/zstd_v06.c index a695cbb8a6d..f907a3a7122 100644 --- a/lib/legacy/zstd_v06.c +++ b/lib/legacy/zstd_v06.c @@ -3242,14 +3242,12 @@ static size_t ZSTDv06_decodeSeqHeaders(int* nbSeqPtr, } /* FSE table descriptors */ + if (ip + 4 > iend) return ERROR(srcSize_wrong); /* min : header byte + all 3 are "raw", hence no header, but at least xxLog bits per type */ { U32 const LLtype = *ip >> 6; U32 const Offtype = (*ip >> 4) & 3; U32 const MLtype = (*ip >> 2) & 3; ip++; - /* check */ - if (ip > iend-3) return ERROR(srcSize_wrong); /* min : all 3 are "raw", hence no header, but at least xxLog bits per type */ - /* Build DTables */ { size_t const bhSize = ZSTDv06_buildSeqTable(DTableLL, LLtype, MaxLL, LLFSELog, ip, iend-ip, LL_defaultNorm, LL_defaultNormLog, flagRepeatTable); if (ZSTDv06_isError(bhSize)) return ERROR(corruption_detected); @@ -3672,7 +3670,7 @@ void ZSTDv06_findFrameSizeInfoLegacy(const void *src, size_t srcSize, size_t* cS blockProperties_t blockProperties = { bt_compressed, 0 }; /* Frame Header */ - { size_t const frameHeaderSize = ZSTDv06_frameHeaderSize(src, ZSTDv06_frameHeaderSize_min); + { size_t const frameHeaderSize = ZSTDv06_frameHeaderSize(src, srcSize); if (ZSTDv06_isError(frameHeaderSize)) { ZSTD_errorFrameSizeInfoLegacy(cSize, dBound, frameHeaderSize); return; diff --git a/lib/legacy/zstd_v07.c b/lib/legacy/zstd_v07.c index 6b9488931f3..a83ddc9a68b 100644 --- a/lib/legacy/zstd_v07.c +++ b/lib/legacy/zstd_v07.c @@ -3470,14 +3470,12 @@ static size_t ZSTDv07_decodeSeqHeaders(int* nbSeqPtr, } /* FSE table descriptors */ + if (ip + 4 > iend) return ERROR(srcSize_wrong); /* min : header byte + all 3 are "raw", hence no header, but at least xxLog bits per type */ { U32 const LLtype = *ip >> 6; U32 const OFtype = (*ip >> 4) & 3; U32 const MLtype = (*ip >> 2) & 3; ip++; - /* check */ - if (ip > iend-3) return ERROR(srcSize_wrong); /* min : all 3 are "raw", hence no header, but at least xxLog bits per type */ - /* Build DTables */ { size_t const llhSize = ZSTDv07_buildSeqTable(DTableLL, LLtype, MaxLL, LLFSELog, ip, iend-ip, LL_defaultNorm, LL_defaultNormLog, flagRepeatTable); if (ZSTDv07_isError(llhSize)) return ERROR(corruption_detected); @@ -3918,7 +3916,7 @@ void ZSTDv07_findFrameSizeInfoLegacy(const void *src, size_t srcSize, size_t* cS } /* Frame Header */ - { size_t const frameHeaderSize = ZSTDv07_frameHeaderSize(src, ZSTDv07_frameHeaderSize_min); + { size_t const frameHeaderSize = ZSTDv07_frameHeaderSize(src, srcSize); if (ZSTDv07_isError(frameHeaderSize)) { ZSTD_errorFrameSizeInfoLegacy(cSize, dBound, frameHeaderSize); return; diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile index 54e450a42a0..c2d8e48d9c7 100644 --- a/tests/fuzz/Makefile +++ b/tests/fuzz/Makefile @@ -26,8 +26,8 @@ ZSTDDIR = ../../lib PRGDIR = ../../programs FUZZ_CPPFLAGS := -I$(ZSTDDIR) -I$(ZSTDDIR)/common -I$(ZSTDDIR)/compress \ - -I$(ZSTDDIR)/dictBuilder -I$(ZSTDDIR)/deprecated -I$(PRGDIR) \ - -DZSTD_MULTITHREAD $(CPPFLAGS) + -I$(ZSTDDIR)/dictBuilder -I$(ZSTDDIR)/deprecated -I$(ZSTDDIR)/legacy \ + -I$(PRGDIR) -DZSTD_MULTITHREAD -DZSTD_LEGACY_SUPPORT=1 $(CPPFLAGS) FUZZ_EXTRA_FLAGS := -Wall -Wextra -Wcast-qual -Wcast-align -Wshadow \ -Wstrict-aliasing=1 -Wswitch-enum -Wdeclaration-after-statement \ -Wstrict-prototypes -Wundef \ @@ -47,12 +47,14 @@ ZSTDCOMMON_SRC := $(ZSTDDIR)/common/*.c ZSTDCOMP_SRC := $(ZSTDDIR)/compress/*.c ZSTDDECOMP_SRC := $(ZSTDDIR)/decompress/*.c ZSTDDICT_SRC := $(ZSTDDIR)/dictBuilder/*.c +ZSTDLEGACY_SRC := $(ZSTDDIR)/legacy/*.c FUZZ_SRC := \ $(FUZZ_SRC) \ $(ZSTDDECOMP_SRC) \ $(ZSTDCOMMON_SRC) \ $(ZSTDCOMP_SRC) \ - $(ZSTDDICT_SRC) + $(ZSTDDICT_SRC) \ + $(ZSTDLEGACY_SRC) FUZZ_OBJ := $(patsubst %.c,%.o, $(wildcard $(FUZZ_SRC))) diff --git a/tests/fuzz/dictionary_decompress.c b/tests/fuzz/dictionary_decompress.c index 7d3a7678adc..e900054f5a6 100644 --- a/tests/fuzz/dictionary_decompress.c +++ b/tests/fuzz/dictionary_decompress.c @@ -20,43 +20,42 @@ #include "zstd_helpers.h" static ZSTD_DCtx *dctx = NULL; -static void* rBuf = NULL; -static size_t bufSize = 0; int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) { - FUZZ_dict_t dict; - size_t neededBufSize; - uint32_t seed = FUZZ_seed(&src, &size); - neededBufSize = MAX(20 * size, (size_t)256 << 10); + FUZZ_dict_t dict; + ZSTD_DDict* ddict = NULL; + int i; - /* Allocate all buffers and contexts if not already allocated */ - if (neededBufSize > bufSize) { - free(rBuf); - rBuf = malloc(neededBufSize); - bufSize = neededBufSize; - FUZZ_ASSERT(rBuf); - } if (!dctx) { dctx = ZSTD_createDCtx(); FUZZ_ASSERT(dctx); } dict = FUZZ_train(src, size, &seed); if (FUZZ_rand32(&seed, 0, 1) == 0) { - ZSTD_decompress_usingDict(dctx, - rBuf, neededBufSize, - src, size, - dict.buff, dict.size); + ddict = ZSTD_createDDict(dict.buff, dict.size); + FUZZ_ASSERT(ddict); } else { FUZZ_ZASSERT(ZSTD_DCtx_loadDictionary_advanced( dctx, dict.buff, dict.size, (ZSTD_dictLoadMethod_e)FUZZ_rand32(&seed, 0, 1), (ZSTD_dictContentType_e)FUZZ_rand32(&seed, 0, 2))); - ZSTD_decompressDCtx(dctx, rBuf, neededBufSize, src, size); } - + /* Run it 10 times over 10 output sizes. Reuse the context and dict. */ + for (i = 0; i < 10; ++i) { + size_t const bufSize = FUZZ_rand32(&seed, 0, 2 * size); + void* rBuf = malloc(bufSize); + FUZZ_ASSERT(rBuf); + if (ddict) { + ZSTD_decompress_usingDDict(dctx, rBuf, bufSize, src, size, ddict); + } else { + ZSTD_decompressDCtx(dctx, rBuf, bufSize, src, size); + } + free(rBuf); + } free(dict.buff); + ZSTD_freeDDict(ddict); #ifndef STATEFUL_FUZZING ZSTD_freeDCtx(dctx); dctx = NULL; #endif diff --git a/tests/fuzz/simple_decompress.c b/tests/fuzz/simple_decompress.c index bba272c6225..af3f302bb09 100644 --- a/tests/fuzz/simple_decompress.c +++ b/tests/fuzz/simple_decompress.c @@ -19,28 +19,24 @@ #include "zstd.h" static ZSTD_DCtx *dctx = NULL; -static void* rBuf = NULL; -static size_t bufSize = 0; int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size) { - size_t neededBufSize; - FUZZ_seed(&src, &size); - neededBufSize = MAX(20 * size, (size_t)256 << 10); - - /* Allocate all buffers and contexts if not already allocated */ - if (neededBufSize > bufSize) { - free(rBuf); - rBuf = malloc(neededBufSize); - bufSize = neededBufSize; - FUZZ_ASSERT(rBuf); - } + uint32_t seed = FUZZ_seed(&src, &size); + int i; if (!dctx) { dctx = ZSTD_createDCtx(); FUZZ_ASSERT(dctx); } - ZSTD_decompressDCtx(dctx, rBuf, neededBufSize, src, size); + /* Run it 10 times over 10 output sizes. Reuse the context. */ + for (i = 0; i < 10; ++i) { + size_t const bufSize = FUZZ_rand32(&seed, 0, 2 * size); + void* rBuf = malloc(bufSize); + FUZZ_ASSERT(rBuf); + ZSTD_decompressDCtx(dctx, rBuf, bufSize, src, size); + free(rBuf); + } #ifndef STATEFUL_FUZZING ZSTD_freeDCtx(dctx); dctx = NULL; diff --git a/tests/paramgrill.c b/tests/paramgrill.c index 75c179a0ba0..98fb313783a 100644 --- a/tests/paramgrill.c +++ b/tests/paramgrill.c @@ -609,8 +609,8 @@ compareResultLT(const BMK_benchResult_t result1, const BMK_benchResult_t result2 static constraint_t relaxTarget(constraint_t target) { target.cMem = (U32)-1; - target.cSpeed *= ((double)g_strictness) / 100; - target.dSpeed *= ((double)g_strictness) / 100; + target.cSpeed = (target.cSpeed * g_strictness) / 100; + target.dSpeed = (target.dSpeed * g_strictness) / 100; return target; } @@ -1737,8 +1737,8 @@ static int allBench(BMK_benchResult_t* resultPtr, /* optimistic assumption of benchres */ { BMK_benchResult_t resultMax = benchres; - resultMax.cSpeed *= uncertaintyConstantC * VARIANCE; - resultMax.dSpeed *= uncertaintyConstantD * VARIANCE; + resultMax.cSpeed = (unsigned long long)(resultMax.cSpeed * uncertaintyConstantC * VARIANCE); + resultMax.dSpeed = (unsigned long long)(resultMax.dSpeed * uncertaintyConstantD * VARIANCE); /* disregard infeasible results in feas mode */ /* disregard if resultMax < winner in infeas mode */ @@ -2429,9 +2429,9 @@ optimizeForSize(const char* const * const fileNamesTable, const size_t nbFiles, } g_lvltarget = winner.result; - g_lvltarget.cSpeed *= ((double)g_strictness) / 100; - g_lvltarget.dSpeed *= ((double)g_strictness) / 100; - g_lvltarget.cSize /= ((double)g_strictness) / 100; + g_lvltarget.cSpeed = (g_lvltarget.cSpeed * g_strictness) / 100; + g_lvltarget.dSpeed = (g_lvltarget.dSpeed * g_strictness) / 100; + g_lvltarget.cSize = (g_lvltarget.cSize * 100) / g_strictness; target.cSpeed = (U32)g_lvltarget.cSpeed; target.dSpeed = (U32)g_lvltarget.dSpeed;