-
-
Notifications
You must be signed in to change notification settings - Fork 419
/
unzip_fuzzer.c
119 lines (88 loc) · 3.25 KB
/
unzip_fuzzer.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
/* unzip_fuzzer.c - Unzip fuzzer for libFuzzer
part of the MiniZip project
Copyright (C) 2018 The Chromium Authors
Copyright (C) 2018 Anand K. Mistry
Copyright (C) 2018-2020 Nathan Moinvaziri
https://github.com/nmoinvaz/minizip
This program is distributed under the terms of the same license as zlib.
See the accompanying LICENSE file for the full text of the license.
*/
#include "mz.h"
#include "mz_strm.h"
#include "mz_strm_mem.h"
#include "mz_zip.h"
#ifdef __cplusplus
extern "C" {
#endif
/***************************************************************************/
#define MZ_FUZZ_TEST_PWD "test123"
#define MZ_FUZZ_TEST_FILENAME "foo"
#define MZ_FUZZ_TEST_FILENAMEUC "FOO"
/***************************************************************************/
int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
mz_zip_file* file_info = NULL;
void *stream = NULL;
void *handle = NULL;
const char* archive_comment = NULL;
char buffer[1024];
uint16_t version_madeby = 0;
uint64_t num_entries = 0;
int64_t entry_pos = 0;
int32_t err = MZ_OK;
uint8_t encrypted = 0;
mz_stream_mem_create(&stream);
mz_stream_mem_set_buffer(stream, (void *)data, (int32_t)size);
mz_zip_create(&handle);
err = mz_zip_open(handle, stream, MZ_OPEN_MODE_READ);
if (err == MZ_OK)
{
/* Some archive properties that are non-fatal for reading the archive. */
mz_zip_get_comment(handle, &archive_comment);
mz_zip_get_version_madeby(handle, &version_madeby);
mz_zip_get_number_entry(handle, &num_entries);
err = mz_zip_goto_first_entry(handle);
while (err == MZ_OK)
{
err = mz_zip_entry_get_info(handle, &file_info);
if (err != MZ_OK)
break;
encrypted = (file_info->flag & MZ_ZIP_FLAG_ENCRYPTED);
err = mz_zip_entry_read_open(handle, 0,
encrypted ? MZ_FUZZ_TEST_PWD : NULL);
if (err != MZ_OK)
break;
err = mz_zip_entry_is_open(handle);
if (err != MZ_OK)
break;
/* Return value isn't checked here because we can't predict
what the value will be. */
mz_zip_entry_is_dir(handle);
entry_pos = mz_zip_get_entry(handle);
if (entry_pos < 0)
break;
err = mz_zip_entry_read(handle, buffer, sizeof(buffer));
if (err < 0)
break;
err = mz_zip_entry_close(handle);
if (err != MZ_OK)
break;
err = mz_zip_goto_next_entry(handle);
}
mz_zip_entry_close(handle);
/* Return value isn't checked here because we can't predict what the value
will be. */
mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 0);
mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 0);
mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAME, 1);
mz_zip_locate_entry(handle, MZ_FUZZ_TEST_FILENAMEUC, 1);
mz_zip_close(handle);
}
mz_zip_delete(&handle);
mz_stream_mem_delete(&stream);
return 0;
}
/***************************************************************************/
#ifdef __cplusplus
}
#endif