pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2026-05-17 03:08:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Zlib ng

Browse Source
This commit is contained in:
KimLS
2019-06-30 18:13:46 -07:00
parent d7c110041a
commit e086f53b97
116 changed files with 30587 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libs/zlibng/test/.gitignore
+2
View File
@@ -0,0 +1,2 @@
# ignore Makefiles; they're all automatically generated
Makefile
libs/zlibng/test/CVE-2002-0059/test.gz
BIN
View File
Binary file not shown.
libs/zlibng/test/CVE-2003-0107.c
+20
View File
@@ -0,0 +1,20 @@
// http://www.securityfocus.com/archive/1/312869 --- originally by Richard Kettlewell
#include <stdlib.h>
#include <zlib.h>
#include <errno.h>
#include <stdio.h>
int main(void) {
gzFile f;
int ret;
if(!(f = gzopen("/dev/null", "w"))) {
perror("/dev/null");
exit(1);
}
ret = gzprintf(f, "%10240s", "");
printf("gzprintf -> %d\n", ret);
ret = gzclose(f);
printf("gzclose -> %d [%d]\n", ret, errno);
exit(0);
}
libs/zlibng/test/CVE-2004-0797/test.gz
BIN
View File
Binary file not shown.
libs/zlibng/test/CVE-2005-1849/test.gz
BIN
View File
Binary file not shown.
libs/zlibng/test/CVE-2005-2096/test.gz
BIN
View File
Binary file not shown.
libs/zlibng/test/INDEX
+10
View File
@@ -0,0 +1,10 @@
Makefile.in: template for Unix Makefile
CVE-2003-0107.c:
CVE-2002-0059 :
CVE-2004-0797 :
CVE-2005-1849 :
CVE-2005-2096 : test cases for the relevant CVEs
testCVEinputs.sh: script to run tests for CVEs where input data is supplied
libs/zlibng/test/Makefile.in
+105
View File
@@ -0,0 +1,105 @@
# Copyright (C) 1995-2013 Jean-loup Gailly and Mark Adler
# Copyright 2015, Daniel Axtens, IBM Corporation
# zlib license, see zlib.h
CC=
CFLAGS=
EXE=
SRCDIR=
SRCTOP=
TEST_LDFLAGS=-L.. ../libz.a
WITH_FUZZERS=
COMPATTESTS =
QEMU_RUN=
QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)
all: oldtests cvetests $(COMPATTESTS) fuzzer
oldtests: #set by ../configure
check_cross_dep:
ifneq (,$(QEMU_RUN))
ifeq (,$(QEMU_VER))
$(error "You need QEMU to run tests on non-native platform")
endif
endif
ALL_SRC_FILES := $(wildcard ../*)
# Only check the fuzzer when it is a stand-alone executable.
ifneq (,$(LIB_FUZZING_ENGINE))
fuzzer:
else
ifeq (0,$(WITH_FUZZERS))
fuzzer:
else
fuzzer:
@${QEMU_RUN} ../checksum_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../compress_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../example_small_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../example_large_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../example_flush_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../example_dict_fuzzer$(EXE) $(ALL_SRC_FILES) && \
${QEMU_RUN} ../minigzip_fuzzer$(EXE) $(ALL_SRC_FILES)
endif
endif
teststatic: check_cross_dep
@TMPST=tmpst_$$; \
if echo hello world | ${QEMU_RUN} ../minigzip$(EXE) | ${QEMU_RUN} ../minigzip$(EXE) -d && ${QEMU_RUN} ../example$(EXE) $$TMPST ; then \
echo ' *** zlib test OK ***'; \
else \
echo ' *** zlib test FAILED ***'; exit 1; \
fi
@rm -f tmpst_$$
testshared: check_cross_dep
@LD_LIBRARY_PATH=`pwd`/..:$(LD_LIBRARY_PATH) ; export LD_LIBRARY_PATH; \
LD_LIBRARYN32_PATH=`pwd`/..:$(LD_LIBRARYN32_PATH) ; export LD_LIBRARYN32_PATH; \
DYLD_LIBRARY_PATH=`pwd`/..:$(DYLD_LIBRARY_PATH) ; export DYLD_LIBRARY_PATH; \
SHLIB_PATH=`pwd`/..:$(SHLIB_PATH) ; export SHLIB_PATH; \
TMPSH=tmpsh_$$; \
if echo hello world | ${QEMU_RUN} ../minigzipsh$(EXE) | ${QEMU_RUN} ../minigzipsh$(EXE) -d && ${QEMU_RUN} ../examplesh$(EXE) $$TMPSH; then \
echo ' *** zlib shared test OK ***'; \
else \
echo ' *** zlib shared test FAILED ***'; exit 1; \
fi
@rm -f tmpsh_$$
test64: check_cross_dep
@TMP64=tmp64_$$; \
if echo hello world | ${QEMU_RUN} ../minigzip64$(EXE) | ${QEMU_RUN} ../minigzip64$(EXE) -d && ${QEMU_RUN} ../example64$(EXE) $$TMP64; then \
echo ' *** zlib 64-bit test OK ***'; \
else \
echo ' *** zlib 64-bit test FAILED ***'; exit 1; \
fi
@rm -f tmp64_$$
cvetests: testCVEinputs
# Tests requiring zlib-ng to be built with --zlib-compat
compattests: testCVE-2003-0107
testCVEinputs: check_cross_dep
@EXE=$(EXE) QEMU_RUN="${QEMU_RUN}" $(SRCDIR)/testCVEinputs.sh
testCVE-2003-0107: CVE-2003-0107$(EXE) check_cross_dep
@if ${QEMU_RUN} ./CVE-2003-0107$(EXE); then \
echo ' *** zlib not vulnerable to CVE-2003-0107 ***'; \
else \
echo ' *** zlib VULNERABLE to CVE-2003-0107 ***'; exit 1; \
fi
CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
$(CC) $(CFLAGS) -I.. -I$(SRCTOP) -c -o $@ $(SRCDIR)/CVE-2003-0107.c
CVE-2003-0107$(EXE): CVE-2003-0107.o
$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
clean:
rm -f *.o *.gcda *.gcno *.gcov
rm -f CVE-2003-0107$(EXE)
distclean:
rm -f Makefile
libs/zlibng/test/example.c
+552
View File
@@ -0,0 +1,552 @@
/* example.c -- usage example of the zlib compression library
* Copyright (C) 1995-2006, 2011, 2016 Jean-loup Gailly
* For conditions of distribution and use, see copyright notice in zlib.h
*/
/* @(#) $Id$ */
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <inttypes.h>
#define TESTFILE "foo.gz"
#define CHECK_ERR(err, msg) { \
if (err != Z_OK) { \
fprintf(stderr, "%s error: %d\n", msg, err); \
exit(1); \
} \
}
static const char hello[] = "hello, hello!";
/* "hello world" would be more standard, but the repeated "hello"
* stresses the compression code better, sorry...
*/
static const char dictionary[] = "hello";
static unsigned long dictId = 0; /* Adler32 value of the dictionary */
void test_compress (unsigned char *compr, z_size_t comprLen,unsigned char *uncompr, z_size_t uncomprLen);
void test_gzio (const char *fname, unsigned char *uncompr, z_size_t uncomprLen);
void test_deflate (unsigned char *compr, size_t comprLen);
void test_inflate (unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen);
void test_large_deflate (unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen);
void test_large_inflate (unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen);
void test_flush (unsigned char *compr, z_size_t *comprLen);
void test_sync (unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen);
void test_dict_deflate (unsigned char *compr, size_t comprLen);
void test_dict_inflate (unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen);
int main (int argc, char *argv[]);
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
/* ===========================================================================
* Test compress() and uncompress()
*/
void test_compress(unsigned char *compr, z_size_t comprLen, unsigned char *uncompr, z_size_t uncomprLen)
{
int err;
size_t len = strlen(hello)+1;
err = PREFIX(compress)(compr, &comprLen, (const unsigned char*)hello, (z_size_t)len);
CHECK_ERR(err, "compress");
strcpy((char*)uncompr, "garbage");
err = PREFIX(uncompress)(uncompr, &uncomprLen, compr, comprLen);
CHECK_ERR(err, "uncompress");
if (strcmp((char*)uncompr, hello)) {
fprintf(stderr, "bad uncompress\n");
exit(1);
} else {
printf("uncompress(): %s\n", (char *)uncompr);
}
}
/* ===========================================================================
* Test read/write of .gz files
*/
void test_gzio(const char *fname, unsigned char *uncompr, z_size_t uncomprLen)
{
#ifdef NO_GZCOMPRESS
fprintf(stderr, "NO_GZCOMPRESS -- gz* functions cannot compress\n");
#else
int err;
int len = (int)strlen(hello)+1;
gzFile file;
z_off_t pos;
file = PREFIX(gzopen)(fname, "wb");
if (file == NULL) {
fprintf(stderr, "gzopen error\n");
exit(1);
}
PREFIX(gzputc)(file, 'h');
if (PREFIX(gzputs)(file, "ello") != 4) {
fprintf(stderr, "gzputs err: %s\n", PREFIX(gzerror)(file, &err));
exit(1);
}
if (PREFIX(gzprintf)(file, ", %s!", "hello") != 8) {
fprintf(stderr, "gzprintf err: %s\n", PREFIX(gzerror)(file, &err));
exit(1);
}
PREFIX(gzseek)(file, 1L, SEEK_CUR); /* add one zero byte */
PREFIX(gzclose)(file);
file = PREFIX(gzopen)(fname, "rb");
if (file == NULL) {
fprintf(stderr, "gzopen error\n");
exit(1);
}
strcpy((char*)uncompr, "garbage");
if (PREFIX(gzread)(file, uncompr, (unsigned)uncomprLen) != len) {
fprintf(stderr, "gzread err: %s\n", PREFIX(gzerror)(file, &err));
exit(1);
}
if (strcmp((char*)uncompr, hello)) {
fprintf(stderr, "bad gzread: %s\n", (char*)uncompr);
exit(1);
} else {
printf("gzread(): %s\n", (char*)uncompr);
}
pos = PREFIX(gzseek)(file, -8L, SEEK_CUR);
if (pos != 6 || PREFIX(gztell)(file) != pos) {
fprintf(stderr, "gzseek error, pos=%ld, gztell=%ld\n",
(long)pos, (long)PREFIX(gztell)(file));
exit(1);
}
if (PREFIX(gzgetc)(file) != ' ') {
fprintf(stderr, "gzgetc error\n");
exit(1);
}
if (PREFIX(gzungetc)(' ', file) != ' ') {
fprintf(stderr, "gzungetc error\n");
exit(1);
}
PREFIX(gzgets)(file, (char*)uncompr, (int)uncomprLen);
if (strlen((char*)uncompr) != 7) { /* " hello!" */
fprintf(stderr, "gzgets err after gzseek: %s\n", PREFIX(gzerror)(file, &err));
exit(1);
}
if (strcmp((char*)uncompr, hello + 6)) {
fprintf(stderr, "bad gzgets after gzseek\n");
exit(1);
} else {
printf("gzgets() after gzseek: %s\n", (char*)uncompr);
}
PREFIX(gzclose)(file);
#endif
}
/* ===========================================================================
* Test deflate() with small buffers
*/
void test_deflate(unsigned char *compr, size_t comprLen)
{
PREFIX3(stream) c_stream; /* compression stream */
int err;
unsigned long len = (unsigned long)strlen(hello)+1;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
c_stream.total_in = 0;
c_stream.total_out = 0;
err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
CHECK_ERR(err, "deflateInit");
c_stream.next_in = (const unsigned char *)hello;
c_stream.next_out = compr;
while (c_stream.total_in != len && c_stream.total_out < comprLen) {
c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate");
}
/* Finish the stream, still forcing small buffers: */
for (;;) {
c_stream.avail_out = 1;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err == Z_STREAM_END) break;
CHECK_ERR(err, "deflate");
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with small buffers
*/
void test_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen)
{
int err;
PREFIX3(stream) d_stream; /* decompression stream */
strcpy((char*)uncompr, "garbage");
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = 0;
d_stream.next_out = uncompr;
d_stream.total_in = 0;
d_stream.total_out = 0;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END) break;
CHECK_ERR(err, "inflate");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (strcmp((char*)uncompr, hello)) {
fprintf(stderr, "bad inflate\n");
exit(1);
} else {
printf("inflate(): %s\n", (char *)uncompr);
}
}
static unsigned int diff;
/* ===========================================================================
* Test deflate() with large buffers and dynamic change of compression level
*/
void test_large_deflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen)
{
PREFIX3(stream) c_stream; /* compression stream */
int err;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit)(&c_stream, Z_BEST_SPEED);
CHECK_ERR(err, "deflateInit");
c_stream.next_out = compr;
c_stream.avail_out = (unsigned int)comprLen;
/* At this point, uncompr is still mostly zeroes, so it should compress
* very well:
*/
c_stream.next_in = uncompr;
c_stream.avail_in = (unsigned int)uncomprLen;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate");
if (c_stream.avail_in != 0) {
fprintf(stderr, "deflate not greedy\n");
exit(1);
}
/* Feed in already compressed data and switch to no compression: */
PREFIX(deflateParams)(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
c_stream.next_in = compr;
diff = (unsigned int)(c_stream.next_out - compr);
c_stream.avail_in = diff;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate");
/* Switch back to compressing mode: */
PREFIX(deflateParams)(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
c_stream.next_in = uncompr;
c_stream.avail_in = (unsigned int)uncomprLen;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate");
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
fprintf(stderr, "deflate should report Z_STREAM_END\n");
exit(1);
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with large buffers
*/
void test_large_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen)
{
int err;
PREFIX3(stream) d_stream; /* decompression stream */
strcpy((char*)uncompr, "garbage");
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = (unsigned int)comprLen;
d_stream.total_in = 0;
d_stream.total_out = 0;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
for (;;) {
d_stream.next_out = uncompr; /* discard the output */
d_stream.avail_out = (unsigned int)uncomprLen;
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END) break;
CHECK_ERR(err, "large inflate");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (d_stream.total_out != 2*uncomprLen + diff) {
fprintf(stderr, "bad large inflate: %zu\n", d_stream.total_out);
exit(1);
} else {
printf("large_inflate(): OK\n");
}
}
/* ===========================================================================
* Test deflate() with full flush
*/
void test_flush(unsigned char *compr, z_size_t *comprLen)
{
PREFIX3(stream) c_stream; /* compression stream */
int err;
unsigned int len = (unsigned int)strlen(hello)+1;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
CHECK_ERR(err, "deflateInit");
c_stream.next_in = (const unsigned char *)hello;
c_stream.next_out = compr;
c_stream.avail_in = 3;
c_stream.avail_out = (unsigned int)*comprLen;
err = PREFIX(deflate)(&c_stream, Z_FULL_FLUSH);
CHECK_ERR(err, "deflate");
compr[3]++; /* force an error in first compressed block */
c_stream.avail_in = len - 3;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
CHECK_ERR(err, "deflate");
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
*comprLen = (z_size_t)c_stream.total_out;
}
/* ===========================================================================
* Test inflateSync()
*/
void test_sync(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen)
{
int err;
PREFIX3(stream) d_stream; /* decompression stream */
strcpy((char*)uncompr, "garbage");
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = 2; /* just read the zlib header */
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
d_stream.next_out = uncompr;
d_stream.avail_out = (unsigned int)uncomprLen;
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
CHECK_ERR(err, "inflate");
d_stream.avail_in = (unsigned int)comprLen-2; /* read all compressed data */
err = PREFIX(inflateSync)(&d_stream); /* but skip the damaged part */
CHECK_ERR(err, "inflateSync");
err = PREFIX(inflate)(&d_stream, Z_FINISH);
if (err != Z_DATA_ERROR) {
fprintf(stderr, "inflate should report DATA_ERROR\n");
/* Because of incorrect adler32 */
exit(1);
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
printf("after inflateSync(): hel%s\n", (char *)uncompr);
}
/* ===========================================================================
* Test deflate() with preset dictionary
*/
void test_dict_deflate(unsigned char *compr, size_t comprLen)
{
PREFIX3(stream) c_stream; /* compression stream */
int err;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
c_stream.adler = 0;
err = PREFIX(deflateInit)(&c_stream, Z_BEST_COMPRESSION);
CHECK_ERR(err, "deflateInit");
err = PREFIX(deflateSetDictionary)(&c_stream,
(const unsigned char*)dictionary, (int)sizeof(dictionary));
CHECK_ERR(err, "deflateSetDictionary");
dictId = c_stream.adler;
c_stream.next_out = compr;
c_stream.avail_out = (unsigned int)comprLen;
c_stream.next_in = (const unsigned char *)hello;
c_stream.avail_in = (unsigned int)strlen(hello)+1;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
fprintf(stderr, "deflate should report Z_STREAM_END\n");
exit(1);
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with a preset dictionary
*/
void test_dict_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr, size_t uncomprLen)
{
int err;
PREFIX3(stream) d_stream; /* decompression stream */
strcpy((char*)uncompr, "garbage garbage garbage");
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.adler = 0;
d_stream.next_in = compr;
d_stream.avail_in = (unsigned int)comprLen;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
d_stream.next_out = uncompr;
d_stream.avail_out = (unsigned int)uncomprLen;
for (;;) {
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END) break;
if (err == Z_NEED_DICT) {
if (d_stream.adler != dictId) {
fprintf(stderr, "unexpected dictionary");
exit(1);
}
err = PREFIX(inflateSetDictionary)(&d_stream, (const unsigned char*)dictionary,
(int)sizeof(dictionary));
}
CHECK_ERR(err, "inflate with dict");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (strncmp((char*)uncompr, hello, sizeof(hello))) {
fprintf(stderr, "bad inflate with dict\n");
exit(1);
} else {
printf("inflate with dictionary: %s\n", (char *)uncompr);
}
}
/* ===========================================================================
* Usage: example [output.gz [input.gz]]
*/
int main(int argc, char *argv[])
{
unsigned char *compr, *uncompr;
z_size_t comprLen = 10000*sizeof(int); /* don't overflow on MSDOS */
z_size_t uncomprLen = comprLen;
static const char* myVersion = PREFIX2(VERSION);
if (zVersion()[0] != myVersion[0]) {
fprintf(stderr, "incompatible zlib version\n");
exit(1);
} else if (strcmp(zVersion(), PREFIX2(VERSION)) != 0) {
fprintf(stderr, "warning: different zlib version\n");
}
printf("zlib version %s = 0x%04x, compile flags = 0x%lx\n",
PREFIX2(VERSION), PREFIX2(VERNUM), PREFIX(zlibCompileFlags)());
compr = (unsigned char*)calloc((unsigned int)comprLen, 1);
uncompr = (unsigned char*)calloc((unsigned int)uncomprLen, 1);
/* compr and uncompr are cleared to avoid reading uninitialized
* data and to ensure that uncompr compresses well.
*/
if (compr == NULL || uncompr == NULL) {
printf("out of memory\n");
exit(1);
}
test_compress(compr, comprLen, uncompr, uncomprLen);
test_gzio((argc > 1 ? argv[1] : TESTFILE),
uncompr, uncomprLen);
test_deflate(compr, comprLen);
test_inflate(compr, comprLen, uncompr, uncomprLen);
test_large_deflate(compr, comprLen, uncompr, uncomprLen);
test_large_inflate(compr, comprLen, uncompr, uncomprLen);
test_flush(compr, &comprLen);
test_sync(compr, comprLen, uncompr, uncomprLen);
comprLen = uncomprLen;
test_dict_deflate(compr, comprLen);
test_dict_inflate(compr, comprLen, uncompr, uncomprLen);
free(compr);
free(uncompr);
return 0;
}
libs/zlibng/test/fuzz/checksum_fuzzer.c
+73
View File
@@ -0,0 +1,73 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataLen) {
uint32_t crc0 = PREFIX(crc32)(0L, NULL, 0);
uint32_t crc1 = crc0;
uint32_t crc2 = crc0;
uint32_t adler0 = PREFIX(adler32)(0L, NULL, 0);
uint32_t adler1 = adler0;
uint32_t adler2 = adler0;
/* Checksum with a buffer of size equal to the first byte in the input. */
uint32_t buffSize = data[0];
uint32_t offset = 0;
uint32_t op[32];
/* Discard inputs larger than 1Mb. */
static size_t kMaxSize = 1024 * 1024;
if (dataLen < 1 || dataLen > kMaxSize)
return 0;
/* Make sure the buffer has at least a byte. */
if (buffSize == 0)
++buffSize;
/* CRC32 */
PREFIX(crc32_combine_gen)(op, buffSize);
for (offset = 0; offset + buffSize <= dataLen; offset += buffSize) {
uint32_t crc3 = PREFIX(crc32_z)(crc0, data + offset, buffSize);
uint32_t crc4 = PREFIX(crc32_combine_op)(crc1, crc3, op);
crc1 = PREFIX(crc32_z)(crc1, data + offset, buffSize);
assert(crc1 == crc4);
}
crc1 = PREFIX(crc32_z)(crc1, data + offset, dataLen % buffSize);
crc2 = PREFIX(crc32_z)(crc2, data, dataLen);
assert(crc1 == crc2);
assert(PREFIX(crc32_combine)(crc1, crc2, dataLen) ==
PREFIX(crc32_combine)(crc1, crc1, dataLen));
/* Fast CRC32 combine. */
PREFIX(crc32_combine_gen)(op, dataLen);
assert(PREFIX(crc32_combine_op)(crc1, crc2, op) ==
PREFIX(crc32_combine_op)(crc2, crc1, op));
assert(PREFIX(crc32_combine)(crc1, crc2, dataLen) ==
PREFIX(crc32_combine_op)(crc2, crc1, op));
/* Adler32 */
for (offset = 0; offset + buffSize <= dataLen; offset += buffSize)
adler1 = PREFIX(adler32_z)(adler1, data + offset, buffSize);
adler1 = PREFIX(adler32_z)(adler1, data + offset, dataLen % buffSize);
adler2 = PREFIX(adler32_z)(adler2, data, dataLen);
assert(adler1 == adler2);
assert(PREFIX(adler32_combine)(adler1, adler2, dataLen) ==
PREFIX(adler32_combine)(adler1, adler1, dataLen));
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/compress_fuzzer.c
+87
View File
@@ -0,0 +1,87 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
static const uint8_t *data;
static size_t dataLen;
static void check_compress_level(uint8_t *compr, size_t comprLen,
uint8_t *uncompr, size_t uncomprLen,
int level) {
PREFIX(compress2)(compr, &comprLen, data, dataLen, level);
PREFIX(uncompress)(uncompr, &uncomprLen, compr, comprLen);
/* Make sure compress + uncompress gives back the input data. */
assert(dataLen == uncomprLen);
assert(0 == memcmp(data, uncompr, dataLen));
}
#define put_byte(s, i, c) {s[i] = (unsigned char)(c);}
static void write_zlib_header(uint8_t *s) {
unsigned level_flags = 0; /* compression level (0..3) */
unsigned w_bits = 8; /* window size log2(w_size) (8..16) */
unsigned int header = (Z_DEFLATED + ((w_bits-8)<<4)) << 8;
header |= (level_flags << 6);
header += 31 - (header % 31);
/* s is guaranteed to be longer than 2 bytes. */
put_byte(s, 0, (unsigned char)(header >> 8));
put_byte(s, 1, (unsigned char)(header & 0xff));
}
static void check_decompress(uint8_t *compr, size_t comprLen) {
/* We need to write a valid zlib header of size two bytes. Copy the input data
in a larger buffer. Do not modify the input data to avoid libFuzzer error:
fuzz target overwrites its const input. */
size_t copyLen = dataLen + 2;
uint8_t *copy = (uint8_t *)malloc(copyLen);
memcpy(copy + 2, data, dataLen);
write_zlib_header(copy);
PREFIX(uncompress)(compr, &comprLen, copy, copyLen);
free(copy);
}
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
/* compressBound does not provide enough space for low compression levels. */
size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
size_t uncomprLen = size;
uint8_t *compr, *uncompr;
/* Discard inputs larger than 1Mb. */
static size_t kMaxSize = 1024 * 1024;
if (size < 1 || size > kMaxSize)
return 0;
data = d;
dataLen = size;
compr = (uint8_t *)calloc(1, comprLen);
uncompr = (uint8_t *)calloc(1, uncomprLen);
check_compress_level(compr, comprLen, uncompr, uncomprLen, 1);
check_compress_level(compr, comprLen, uncompr, uncomprLen, 3);
check_compress_level(compr, comprLen, uncompr, uncomprLen, 6);
check_compress_level(compr, comprLen, uncompr, uncomprLen, 7);
check_decompress(compr, comprLen);
free(compr);
free(uncompr);
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/example_dict_fuzzer.c
+170
View File
@@ -0,0 +1,170 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#define CHECK_ERR(err, msg) { \
if (err != Z_OK) { \
fprintf(stderr, "%s error: %d\n", msg, err); \
exit(1); \
} \
}
static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
static size_t dictionaryLen = 0;
static unsigned long dictId; /* Adler32 value of the dictionary */
/* ===========================================================================
* Test deflate() with preset dictionary
*/
void test_dict_deflate(unsigned char **compr, size_t *comprLen)
{
PREFIX3(stream) c_stream; /* compression stream */
int err;
int level = data[0] % 11 - 1; /* [-1..9]
compression levels
#define Z_NO_COMPRESSION 0
#define Z_BEST_SPEED 1
#define Z_BEST_COMPRESSION 9
#define Z_DEFAULT_COMPRESSION (-1) */
int method = Z_DEFLATED; /* The deflate compression method (the only one
supported in this version) */
int windowBits = 8 + data[0] % 8; /* The windowBits parameter is the base
two logarithm of the window size (the size of the history buffer). It
should be in the range 8..15 for this version of the library. */
int memLevel = 1 + data[0] % 9; /* memLevel=1 uses minimum memory but is
slow and reduces compression ratio; memLevel=9 uses maximum memory for
optimal speed. */
int strategy = data[0] % 5; /* [0..4]
#define Z_FILTERED 1
#define Z_HUFFMAN_ONLY 2
#define Z_RLE 3
#define Z_FIXED 4
#define Z_DEFAULT_STRATEGY 0 */
/* deflate would fail for no-compression or for speed levels. */
if (level == 0 || level == 1)
level = -1;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit2)(&c_stream, level, method, windowBits, memLevel,
strategy);
CHECK_ERR(err, "deflateInit");
err = PREFIX(deflateSetDictionary)(
&c_stream, (const unsigned char *)data, dictionaryLen);
CHECK_ERR(err, "deflateSetDictionary");
/* deflateBound does not provide enough space for low compression levels. */
*comprLen = 100 + 2 * PREFIX(deflateBound)(&c_stream, dataLen);
*compr = (uint8_t *)calloc(1, *comprLen);
dictId = c_stream.adler;
c_stream.next_out = *compr;
c_stream.avail_out = (unsigned int)(*comprLen);
c_stream.next_in = data;
c_stream.avail_in = dataLen;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
fprintf(stderr, "deflate dict should report Z_STREAM_END\n");
exit(1);
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with a preset dictionary
*/
void test_dict_inflate(unsigned char *compr, size_t comprLen) {
int err;
PREFIX3(stream) d_stream; /* decompression stream */
unsigned char *uncompr;
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = (unsigned int)comprLen;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
uncompr = (uint8_t *)calloc(1, dataLen);
d_stream.next_out = uncompr;
d_stream.avail_out = (unsigned int)dataLen;
for (;;) {
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END)
break;
if (err == Z_NEED_DICT) {
if (d_stream.adler != dictId) {
fprintf(stderr, "unexpected dictionary");
exit(1);
}
err = PREFIX(inflateSetDictionary)(
&d_stream, (const unsigned char *)data, dictionaryLen);
}
CHECK_ERR(err, "inflate with dict");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (memcmp(uncompr, data, dataLen)) {
fprintf(stderr, "bad inflate with dict\n");
exit(1);
}
free(uncompr);
}
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
size_t comprLen = 0;
uint8_t *compr;
/* Discard inputs larger than 100Kb. */
static size_t kMaxSize = 100 * 1024;
if (size < 1 || size > kMaxSize)
return 0;
data = d;
dataLen = size;
/* Set up the contents of the dictionary. The size of the dictionary is
intentionally selected to be of unusual size. To help cover more corner
cases, the size of the dictionary is read from the input data. */
dictionaryLen = data[0];
if (dictionaryLen > dataLen)
dictionaryLen = dataLen;
test_dict_deflate(&compr, &comprLen);
test_dict_inflate(compr, comprLen);
free(compr);
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/example_flush_fuzzer.c
+126
View File
@@ -0,0 +1,126 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#define CHECK_ERR(err, msg) { \
if (err != Z_OK) { \
fprintf(stderr, "%s error: %d\n", msg, err); \
exit(1); \
} \
}
static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
/* ===========================================================================
* Test deflate() with full flush
*/
void test_flush(unsigned char *compr, z_size_t *comprLen) {
PREFIX3(stream) c_stream; /* compression stream */
int err;
unsigned int len = dataLen;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
CHECK_ERR(err, "deflateInit");
c_stream.next_in = (const unsigned char *)data;
c_stream.next_out = compr;
c_stream.avail_in = 3;
c_stream.avail_out = (unsigned int)*comprLen;
err = PREFIX(deflate)(&c_stream, Z_FULL_FLUSH);
CHECK_ERR(err, "deflate flush 1");
compr[3]++; /* force an error in first compressed block */
c_stream.avail_in = len - 3;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
CHECK_ERR(err, "deflate flush 2");
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
*comprLen = (z_size_t)c_stream.total_out;
}
/* ===========================================================================
* Test inflateSync()
*/
void test_sync(unsigned char *compr, size_t comprLen, unsigned char *uncompr,
size_t uncomprLen) {
int err;
PREFIX3(stream) d_stream; /* decompression stream */
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = 2; /* just read the zlib header */
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
d_stream.next_out = uncompr;
d_stream.avail_out = (unsigned int)uncomprLen;
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
CHECK_ERR(err, "inflate");
d_stream.avail_in = (unsigned int)comprLen - 2; /* read all compressed data */
err = PREFIX(inflateSync)(&d_stream); /* but skip the damaged part */
CHECK_ERR(err, "inflateSync");
err = PREFIX(inflate)(&d_stream, Z_FINISH);
if (err != Z_DATA_ERROR) {
fprintf(stderr, "inflate should report DATA_ERROR\n");
/* Because of incorrect adler32 */
exit(1);
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
}
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
size_t comprLen = 100 + 2 * PREFIX(compressBound)(size);
size_t uncomprLen = size;
uint8_t *compr, *uncompr;
/* Discard inputs larger than 1Mb. */
static size_t kMaxSize = 1024 * 1024;
// This test requires at least 3 bytes of input data.
if (size <= 3 || size > kMaxSize)
return 0;
data = d;
dataLen = size;
compr = (uint8_t *)calloc(1, comprLen);
uncompr = (uint8_t *)calloc(1, uncomprLen);
test_flush(compr, &comprLen);
test_sync(compr, comprLen, uncompr, uncomprLen);
free(compr);
free(uncompr);
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/example_large_fuzzer.c
+143
View File
@@ -0,0 +1,143 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#define CHECK_ERR(err, msg) { \
if (err != Z_OK) { \
fprintf(stderr, "%s error: %d\n", msg, err); \
exit(1); \
} \
}
static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
static unsigned int diff;
/* ===========================================================================
* Test deflate() with large buffers and dynamic change of compression level
*/
void test_large_deflate(unsigned char *compr, size_t comprLen,
unsigned char *uncompr, size_t uncomprLen) {
PREFIX3(stream) c_stream; /* compression stream */
int err;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit)(&c_stream, Z_BEST_COMPRESSION);
CHECK_ERR(err, "deflateInit");
c_stream.next_out = compr;
c_stream.avail_out = (unsigned int)comprLen;
/* At this point, uncompr is still mostly zeroes, so it should compress
* very well:
*/
c_stream.next_in = uncompr;
c_stream.avail_in = (unsigned int)uncomprLen;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate large 1");
if (c_stream.avail_in != 0) {
fprintf(stderr, "deflate not greedy\n");
exit(1);
}
/* Feed in already compressed data and switch to no compression: */
PREFIX(deflateParams)(&c_stream, Z_NO_COMPRESSION, Z_DEFAULT_STRATEGY);
c_stream.next_in = compr;
diff = (unsigned int)(c_stream.next_out - compr);
c_stream.avail_in = diff;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate large 2");
/* Switch back to compressing mode: */
PREFIX(deflateParams)(&c_stream, Z_BEST_COMPRESSION, Z_FILTERED);
c_stream.next_in = uncompr;
c_stream.avail_in = (unsigned int)uncomprLen;
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate large 3");
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err != Z_STREAM_END) {
fprintf(stderr, "deflate large should report Z_STREAM_END\n");
exit(1);
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with large buffers
*/
void test_large_inflate(unsigned char *compr, size_t comprLen,
unsigned char *uncompr, size_t uncomprLen) {
int err;
PREFIX3(stream) d_stream; /* decompression stream */
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = (unsigned int)comprLen;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
for (;;) {
d_stream.next_out = uncompr; /* discard the output */
d_stream.avail_out = (unsigned int)uncomprLen;
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END)
break;
CHECK_ERR(err, "large inflate");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (d_stream.total_out != 2 * uncomprLen + diff) {
fprintf(stderr, "bad large inflate: %zu\n", d_stream.total_out);
exit(1);
}
}
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
size_t comprLen = 100 + 3 * size;
size_t uncomprLen = comprLen;
uint8_t *compr, *uncompr;
/* Discard inputs larger than 512Kb. */
static size_t kMaxSize = 512 * 1024;
if (size < 1 || size > kMaxSize)
return 0;
data = d;
dataLen = size;
compr = (uint8_t *)calloc(1, comprLen);
uncompr = (uint8_t *)calloc(1, uncomprLen);
test_large_deflate(compr, comprLen, uncompr, uncomprLen);
test_large_inflate(compr, comprLen, uncompr, uncomprLen);
free(compr);
free(uncompr);
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/example_small_fuzzer.c
+124
View File
@@ -0,0 +1,124 @@
#include <stdio.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <inttypes.h>
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#define CHECK_ERR(err, msg) { \
if (err != Z_OK) { \
fprintf(stderr, "%s error: %d\n", msg, err); \
exit(1); \
} \
}
static const uint8_t *data;
static size_t dataLen;
static alloc_func zalloc = NULL;
static free_func zfree = NULL;
/* ===========================================================================
* Test deflate() with small buffers
*/
void test_deflate(unsigned char *compr, size_t comprLen) {
PREFIX3(stream) c_stream; /* compression stream */
int err;
unsigned long len = dataLen;
c_stream.zalloc = zalloc;
c_stream.zfree = zfree;
c_stream.opaque = (void *)0;
err = PREFIX(deflateInit)(&c_stream, Z_DEFAULT_COMPRESSION);
CHECK_ERR(err, "deflateInit");
c_stream.next_in = (const unsigned char *)data;
c_stream.next_out = compr;
while (c_stream.total_in != len && c_stream.total_out < comprLen) {
c_stream.avail_in = c_stream.avail_out = 1; /* force small buffers */
err = PREFIX(deflate)(&c_stream, Z_NO_FLUSH);
CHECK_ERR(err, "deflate small 1");
}
/* Finish the stream, still forcing small buffers: */
for (;;) {
c_stream.avail_out = 1;
err = PREFIX(deflate)(&c_stream, Z_FINISH);
if (err == Z_STREAM_END)
break;
CHECK_ERR(err, "deflate small 2");
}
err = PREFIX(deflateEnd)(&c_stream);
CHECK_ERR(err, "deflateEnd");
}
/* ===========================================================================
* Test inflate() with small buffers
*/
void test_inflate(unsigned char *compr, size_t comprLen, unsigned char *uncompr,
size_t uncomprLen) {
int err;
PREFIX3(stream) d_stream; /* decompression stream */
d_stream.zalloc = zalloc;
d_stream.zfree = zfree;
d_stream.opaque = (void *)0;
d_stream.next_in = compr;
d_stream.avail_in = 0;
d_stream.next_out = uncompr;
err = PREFIX(inflateInit)(&d_stream);
CHECK_ERR(err, "inflateInit");
while (d_stream.total_out < uncomprLen && d_stream.total_in < comprLen) {
d_stream.avail_in = d_stream.avail_out = 1; /* force small buffers */
err = PREFIX(inflate)(&d_stream, Z_NO_FLUSH);
if (err == Z_STREAM_END)
break;
CHECK_ERR(err, "inflate");
}
err = PREFIX(inflateEnd)(&d_stream);
CHECK_ERR(err, "inflateEnd");
if (memcmp(uncompr, data, dataLen)) {
fprintf(stderr, "bad inflate\n");
exit(1);
}
}
int LLVMFuzzerTestOneInput(const uint8_t *d, size_t size) {
size_t comprLen = PREFIX(compressBound)(size);
size_t uncomprLen = size;
uint8_t *compr, *uncompr;
/* Discard inputs larger than 1Mb. */
static size_t kMaxSize = 1024 * 1024;
if (size < 1 || size > kMaxSize)
return 0;
data = d;
dataLen = size;
compr = (uint8_t *)calloc(1, comprLen);
uncompr = (uint8_t *)calloc(1, uncomprLen);
test_deflate(compr, comprLen);
test_inflate(compr, comprLen, uncompr, uncomprLen);
free(compr);
free(uncompr);
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/minigzip_fuzzer.c
+326
View File
@@ -0,0 +1,326 @@
/* minigzip.c -- simulate gzip using the zlib compression library
* Copyright (C) 1995-2006, 2010, 2011, 2016 Jean-loup Gailly
* For conditions of distribution and use, see copyright notice in zlib.h
*/
/*
* minigzip is a minimal implementation of the gzip utility. This is
* only an example of using zlib and isn't meant to replace the
* full-featured gzip. No attempt is made to deal with file systems
* limiting names to 14 or 8+3 characters, etc... Error checking is
* very limited. So use minigzip only for testing; use gzip for the
* real thing.
*/
/* @(#) $Id$ */
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#include <stdio.h>
#include <assert.h>
#include <string.h>
#include <stdlib.h>
#ifdef USE_MMAP
# include <sys/types.h>
# include <sys/mman.h>
# include <sys/stat.h>
#endif
#ifndef UNALIGNED_OK
# include <malloc.h>
#endif
#if defined(WIN32) || defined(__CYGWIN__)
# include <fcntl.h>
# include <io.h>
# define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
#else
# define SET_BINARY_MODE(file)
#endif
#if defined(_MSC_VER) && _MSC_VER < 1900
# define snprintf _snprintf
#endif
#if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE)
#ifndef WIN32 /* unlink already in stdio.h for WIN32 */
extern int unlink (const char *);
#endif
#endif
#ifndef GZ_SUFFIX
# define GZ_SUFFIX ".gz"
#endif
#define SUFFIX_LEN (sizeof(GZ_SUFFIX)-1)
#define BUFLEN 16384 /* read buffer size */
#define BUFLENW (BUFLEN * 3) /* write buffer size */
#define MAX_NAME_LEN 1024
static char *prog;
void error (const char *msg);
void gz_compress (FILE *in, gzFile out);
#ifdef USE_MMAP
int gz_compress_mmap (FILE *in, gzFile out);
#endif
void gz_uncompress (gzFile in, FILE *out);
void file_compress (char *file, char *mode);
void file_uncompress (char *file);
int main (int argc, char *argv[]);
/* ===========================================================================
* Display error message and exit
*/
void error(const char *msg)
{
fprintf(stderr, "%s: %s\n", prog, msg);
exit(1);
}
/* ===========================================================================
* Compress input to output then close both files.
*/
void gz_compress(FILE *in, gzFile out)
{
char buf[BUFLEN];
int len;
int err;
#ifdef USE_MMAP
/* Try first compressing with mmap. If mmap fails (minigzip used in a
* pipe), use the normal fread loop.
*/
if (gz_compress_mmap(in, out) == Z_OK) return;
#endif
/* Clear out the contents of buf before reading from the file to avoid
MemorySanitizer: use-of-uninitialized-value warnings. */
memset(buf, 0, sizeof(buf));
for (;;) {
len = (int)fread(buf, 1, sizeof(buf), in);
if (ferror(in)) {
perror("fread");
exit(1);
}
if (len == 0) break;
if (PREFIX(gzwrite)(out, buf, (unsigned)len) != len) error(PREFIX(gzerror)(out, &err));
}
fclose(in);
if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
}
#ifdef USE_MMAP /* MMAP version, Miguel Albrecht <malbrech@eso.org> */
/* Try compressing the input file at once using mmap. Return Z_OK if
* if success, Z_ERRNO otherwise.
*/
int gz_compress_mmap(FILE *in, gzFile out)
{
int len;
int err;
int ifd = fileno(in);
caddr_t buf; /* mmap'ed buffer for the entire input file */
off_t buf_len; /* length of the input file */
struct stat sb;
/* Determine the size of the file, needed for mmap: */
if (fstat(ifd, &sb) < 0) return Z_ERRNO;
buf_len = sb.st_size;
if (buf_len <= 0) return Z_ERRNO;
/* Now do the actual mmap: */
buf = mmap((caddr_t) 0, buf_len, PROT_READ, MAP_SHARED, ifd, (off_t)0);
if (buf == (caddr_t)(-1)) return Z_ERRNO;
/* Compress the whole file at once: */
len = PREFIX(gzwrite)(out, (char *)buf, (unsigned)buf_len);
if (len != (int)buf_len) error(PREFIX(gzerror)(out, &err));
munmap(buf, buf_len);
fclose(in);
if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
return Z_OK;
}
#endif /* USE_MMAP */
/* ===========================================================================
* Uncompress input to output then close both files.
*/
void gz_uncompress(gzFile in, FILE *out)
{
char buf[BUFLENW];
int len;
int err;
for (;;) {
len = PREFIX(gzread)(in, buf, sizeof(buf));
if (len < 0) error (PREFIX(gzerror)(in, &err));
if (len == 0) break;
if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
error("failed fwrite");
}
}
if (fclose(out)) error("failed fclose");
if (PREFIX(gzclose)(in) != Z_OK) error("failed gzclose");
}
/* ===========================================================================
* Compress the given file: create a corresponding .gz file and remove the
* original.
*/
void file_compress(char *file, char *mode)
{
char outfile[MAX_NAME_LEN];
FILE *in;
gzFile out;
if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
fprintf(stderr, "%s: filename too long\n", prog);
exit(1);
}
snprintf(outfile, sizeof(outfile), "%s%s", file, GZ_SUFFIX);
in = fopen(file, "rb");
if (in == NULL) {
perror(file);
exit(1);
}
out = PREFIX(gzopen)(outfile, mode);
if (out == NULL) {
fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
exit(1);
}
gz_compress(in, out);
unlink(file);
}
/* ===========================================================================
* Uncompress the given file and remove the original.
*/
void file_uncompress(char *file)
{
char buf[MAX_NAME_LEN];
char *infile, *outfile;
FILE *out;
gzFile in;
size_t len = strlen(file);
if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
fprintf(stderr, "%s: filename too long\n", prog);
exit(1);
}
snprintf(buf, sizeof(buf), "%s", file);
if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
infile = file;
outfile = buf;
outfile[len-3] = '\0';
} else {
outfile = file;
infile = buf;
snprintf(buf + len, sizeof(buf) - len, "%s", GZ_SUFFIX);
}
in = PREFIX(gzopen)(infile, "rb");
if (in == NULL) {
fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
exit(1);
}
out = fopen(outfile, "wb");
if (out == NULL) {
perror(file);
exit(1);
}
gz_uncompress(in, out);
unlink(infile);
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t dataLen) {
char *inFileName = "/tmp/minigzip_fuzzer.out";
char *outFileName = "/tmp/minigzip_fuzzer.out.gz";
char outmode[20];
FILE *in;
char buf[BUFLEN];
uint32_t offset = 0;
/* Discard inputs larger than 1Mb. */
static size_t kMaxSize = 1024 * 1024;
if (dataLen < 1 || dataLen > kMaxSize)
return 0;
in = fopen(inFileName, "w");
if (fwrite(data, 1, (unsigned)dataLen, in) != dataLen)
error("failed fwrite");
if (fclose(in))
error("failed fclose");
memset(outmode, 0, sizeof(outmode));
snprintf(outmode, sizeof(outmode), "%s", "wb");
/* Compression level: [0..9]. */
outmode[2] = data[0] % 10;
switch (data[0] % 4) {
default:
case 0:
outmode[3] = 0;
break;
case 1:
/* compress with Z_FILTERED */
outmode[3] = 'f';
break;
case 2:
/* compress with Z_HUFFMAN_ONLY */
outmode[3] = 'h';
break;
case 3:
/* compress with Z_RLE */
outmode[3] = 'R';
break;
}
file_compress(inFileName, outmode);
file_uncompress(outFileName);
/* Check that the uncompressed file matches the input data. */
in = fopen(inFileName, "rb");
if (in == NULL) {
perror(inFileName);
exit(1);
}
memset(buf, 0, sizeof(buf));
for (;;) {
int len = (int)fread(buf, 1, sizeof(buf), in);
if (ferror(in)) {
perror("fread");
exit(1);
}
if (len == 0)
break;
assert(0 == memcmp(data + offset, buf, len));
offset += len;
}
if (fclose(in))
error("failed fclose");
/* This function must return 0. */
return 0;
}
libs/zlibng/test/fuzz/standalone_fuzz_target_runner.c
+35
View File
@@ -0,0 +1,35 @@
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
int main(int argc, char **argv) {
int i;
fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
for (i = 1; i < argc; i++) {
size_t len, n_read, err;
unsigned char *buf;
FILE *f = fopen(argv[i], "rb+");
if (!f) {
/* Failed to open this file: it may be a directory. */
fprintf(stderr, "Skipping: %s\n", argv[i]);
continue;
}
fprintf(stderr, "Running: %s %s\n", argv[0], argv[i]);
fseek(f, 0, SEEK_END);
len = ftell(f);
fseek(f, 0, SEEK_SET);
buf = (unsigned char *)malloc(len);
n_read = fread(buf, 1, len, f);
assert(n_read == len);
LLVMFuzzerTestOneInput(buf, len);
free(buf);
err = fclose(f);
assert(err == 0);
fprintf(stderr, "Done: %s: (%d bytes)\n", argv[i], (int)n_read);
}
return 0;
}
libs/zlibng/test/infcover.c
+669
View File
@@ -0,0 +1,669 @@
/* infcover.c -- test zlib's inflate routines with full code coverage
* Copyright (C) 2011, 2016 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
/* to use, do: ./configure --cover && make cover */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include "zlib.h"
/* get definition of internal structure so we can mess with it (see pull()),
and so we can call inflate_trees() (see cover5()) */
#define ZLIB_INTERNAL
#include "zbuild.h"
#include "inftrees.h"
#include "inflate.h"
/* -- memory tracking routines -- */
/*
These memory tracking routines are provided to zlib and track all of zlib's
allocations and deallocations, check for LIFO operations, keep a current
and high water mark of total bytes requested, optionally set a limit on the
total memory that can be allocated, and when done check for memory leaks.
They are used as follows:
z_stream strm;
mem_setup(&strm) initializes the memory tracking and sets the
zalloc, zfree, and opaque members of strm to use
memory tracking for all zlib operations on strm
mem_limit(&strm, limit) sets a limit on the total bytes requested -- a
request that exceeds this limit will result in an
allocation failure (returns NULL) -- setting the
limit to zero means no limit, which is the default
after mem_setup()
mem_used(&strm, "msg") prints to stderr "msg" and the total bytes used
mem_high(&strm, "msg") prints to stderr "msg" and the high water mark
mem_done(&strm, "msg") ends memory tracking, releases all allocations
for the tracking as well as leaked zlib blocks, if
any. If there was anything unusual, such as leaked
blocks, non-FIFO frees, or frees of addresses not
allocated, then "msg" and information about the
problem is printed to stderr. If everything is
normal, nothing is printed. mem_done resets the
strm members to NULL to use the default memory
allocation routines on the next zlib initialization
using strm.
*/
/* these items are strung together in a linked list, one for each allocation */
struct mem_item {
void *ptr; /* pointer to allocated memory */
size_t size; /* requested size of allocation */
struct mem_item *next; /* pointer to next item in list, or NULL */
};
/* this structure is at the root of the linked list, and tracks statistics */
struct mem_zone {
struct mem_item *first; /* pointer to first item in list, or NULL */
size_t total, highwater; /* total allocations, and largest total */
size_t limit; /* memory allocation limit, or 0 if no limit */
int notlifo, rogue; /* counts of non-LIFO frees and rogue frees */
};
/* memory allocation routine to pass to zlib */
static void *mem_alloc(void *mem, unsigned count, unsigned size)
{
void *ptr;
struct mem_item *item;
struct mem_zone *zone = mem;
size_t len = count * (size_t)size;
/* induced allocation failure */
if (zone == NULL || (zone->limit && zone->total + len > zone->limit))
return NULL;
/* perform allocation using the standard library, fill memory with a
non-zero value to make sure that the code isn't depending on zeros */
ptr = malloc(len);
if (ptr == NULL)
return NULL;
memset(ptr, 0xa5, len);
/* create a new item for the list */
item = malloc(sizeof(struct mem_item));
if (item == NULL) {
free(ptr);
return NULL;
}
item->ptr = ptr;
item->size = len;
/* insert item at the beginning of the list */
item->next = zone->first;
zone->first = item;
/* update the statistics */
zone->total += item->size;
if (zone->total > zone->highwater)
zone->highwater = zone->total;
/* return the allocated memory */
return ptr;
}
/* memory free routine to pass to zlib */
static void mem_free(void *mem, void *ptr)
{
struct mem_item *item, *next;
struct mem_zone *zone = mem;
/* if no zone, just do a free */
if (zone == NULL) {
free(ptr);
return;
}
/* point next to the item that matches ptr, or NULL if not found -- remove
the item from the linked list if found */
next = zone->first;
if (next) {
if (next->ptr == ptr)
zone->first = next->next; /* first one is it, remove from list */
else {
do { /* search the linked list */
item = next;
next = item->next;
} while (next != NULL && next->ptr != ptr);
if (next) { /* if found, remove from linked list */
item->next = next->next;
zone->notlifo++; /* not a LIFO free */
}
}
}
/* if found, update the statistics and free the item */
if (next) {
zone->total -= next->size;
free(next);
}
/* if not found, update the rogue count */
else
zone->rogue++;
/* in any case, do the requested free with the standard library function */
free(ptr);
}
/* set up a controlled memory allocation space for monitoring, set the stream
parameters to the controlled routines, with opaque pointing to the space */
static void mem_setup(z_stream *strm)
{
struct mem_zone *zone;
zone = malloc(sizeof(struct mem_zone));
assert(zone != NULL);
zone->first = NULL;
zone->total = 0;
zone->highwater = 0;
zone->limit = 0;
zone->notlifo = 0;
zone->rogue = 0;
strm->opaque = zone;
strm->zalloc = mem_alloc;
strm->zfree = mem_free;
}
/* set a limit on the total memory allocation, or 0 to remove the limit */
static void mem_limit(z_stream *strm, size_t limit)
{
struct mem_zone *zone = strm->opaque;
zone->limit = limit;
}
/* show the current total requested allocations in bytes */
static void mem_used(z_stream *strm, char *prefix)
{
struct mem_zone *zone = strm->opaque;
fprintf(stderr, "%s: %zu allocated\n", prefix, zone->total);
}
/* show the high water allocation in bytes */
static void mem_high(z_stream *strm, char *prefix)
{
struct mem_zone *zone = strm->opaque;
fprintf(stderr, "%s: %zu high water mark\n", prefix, zone->highwater);
}
/* release the memory allocation zone -- if there are any surprises, notify */
static void mem_done(z_stream *strm, char *prefix)
{
int count = 0;
struct mem_item *item, *next;
struct mem_zone *zone = strm->opaque;
/* show high water mark */
mem_high(strm, prefix);
/* free leftover allocations and item structures, if any */
item = zone->first;
while (item != NULL) {
free(item->ptr);
next = item->next;
free(item);
item = next;
count++;
}
/* issue alerts about anything unexpected */
if (count || zone->total)
fprintf(stderr, "** %s: %zu bytes in %d blocks not freed\n",
prefix, zone->total, count);
if (zone->notlifo)
fprintf(stderr, "** %s: %d frees not LIFO\n", prefix, zone->notlifo);
if (zone->rogue)
fprintf(stderr, "** %s: %d frees not recognized\n",
prefix, zone->rogue);
/* free the zone and delete from the stream */
free(zone);
strm->opaque = NULL;
strm->zalloc = NULL;
strm->zfree = NULL;
}
/* -- inflate test routines -- */
/* Decode a hexadecimal string, set *len to length, in[] to the bytes. This
decodes liberally, in that hex digits can be adjacent, in which case two in
a row writes a byte. Or they can be delimited by any non-hex character,
where the delimiters are ignored except when a single hex digit is followed
by a delimiter, where that single digit writes a byte. The returned data is
allocated and must eventually be freed. NULL is returned if out of memory.
If the length is not needed, then len can be NULL. */
static unsigned char *h2b(const char *hex, unsigned *len)
{
unsigned char *in, *re;
unsigned next, val;
in = malloc((strlen(hex) + 1) >> 1);
if (in == NULL)
return NULL;
next = 0;
val = 1;
do {
if (*hex >= '0' && *hex <= '9')
val = (val << 4) + *hex - '0';
else if (*hex >= 'A' && *hex <= 'F')
val = (val << 4) + *hex - 'A' + 10;
else if (*hex >= 'a' && *hex <= 'f')
val = (val << 4) + *hex - 'a' + 10;
else if (val != 1 && val < 32) /* one digit followed by delimiter */
val += 240; /* make it look like two digits */
if (val > 255) { /* have two digits */
in[next++] = val & 0xff; /* save the decoded byte */
val = 1; /* start over */
}
} while (*hex++); /* go through the loop with the terminating null */
if (len != NULL)
*len = next;
re = realloc(in, next);
return re == NULL ? in : re;
}
/* generic inflate() run, where hex is the hexadecimal input data, what is the
text to include in an error message, step is how much input data to feed
inflate() on each call, or zero to feed it all, win is the window bits
parameter to inflateInit2(), len is the size of the output buffer, and err
is the error code expected from the first inflate() call (the second
inflate() call is expected to return Z_STREAM_END). If win is 47, then
header information is collected with inflateGetHeader(). If a zlib stream
is looking for a dictionary, then an empty dictionary is provided.
inflate() is run until all of the input data is consumed. */
static void inf(char *hex, char *what, unsigned step, int win, unsigned len, int err)
{
int ret;
unsigned have;
unsigned char *in, *out;
z_stream strm, copy;
gz_header head;
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit2(&strm, win);
if (ret != Z_OK) {
mem_done(&strm, what);
return;
}
out = malloc(len); assert(out != NULL);
if (win == 47) {
head.extra = out;
head.extra_max = len;
head.name = out;
head.name_max = len;
head.comment = out;
head.comm_max = len;
ret = inflateGetHeader(&strm, &head); assert(ret == Z_OK);
}
in = h2b(hex, &have); assert(in != NULL);
if (step == 0 || step > have)
step = have;
strm.avail_in = step;
have -= step;
strm.next_in = in;
do {
strm.avail_out = len;
strm.next_out = out;
ret = inflate(&strm, Z_NO_FLUSH); assert(err == 9 || ret == err);
if (ret != Z_OK && ret != Z_BUF_ERROR && ret != Z_NEED_DICT)
break;
if (ret == Z_NEED_DICT) {
ret = inflateSetDictionary(&strm, in, 1);
assert(ret == Z_DATA_ERROR);
mem_limit(&strm, 1);
ret = inflateSetDictionary(&strm, out, 0);
assert(ret == Z_MEM_ERROR);
mem_limit(&strm, 0);
((struct inflate_state *)strm.state)->mode = DICT;
ret = inflateSetDictionary(&strm, out, 0);
assert(ret == Z_OK);
ret = inflate(&strm, Z_NO_FLUSH); assert(ret == Z_BUF_ERROR);
}
ret = inflateCopy(&copy, &strm); assert(ret == Z_OK);
ret = inflateEnd(&copy); assert(ret == Z_OK);
err = 9; /* don't care next time around */
have += strm.avail_in;
strm.avail_in = step > have ? have : step;
have -= strm.avail_in;
} while (strm.avail_in);
free(in);
free(out);
ret = inflateReset2(&strm, -8); assert(ret == Z_OK);
ret = inflateEnd(&strm); assert(ret == Z_OK);
mem_done(&strm, what);
}
/* cover all of the lines in inflate.c up to inflate() */
static void cover_support(void)
{
int ret;
z_stream strm;
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit(&strm); assert(ret == Z_OK);
mem_used(&strm, "inflate init");
ret = inflatePrime(&strm, 5, 31); assert(ret == Z_OK);
ret = inflatePrime(&strm, -1, 0); assert(ret == Z_OK);
ret = inflateSetDictionary(&strm, NULL, 0);
assert(ret == Z_STREAM_ERROR);
ret = inflateEnd(&strm); assert(ret == Z_OK);
mem_done(&strm, "prime");
inf("63 0", "force window allocation", 0, -15, 1, Z_OK);
inf("63 18 5", "force window replacement", 0, -8, 259, Z_OK);
inf("63 18 68 30 d0 0 0", "force split window update", 4, -8, 259, Z_OK);
inf("3 0", "use fixed blocks", 0, -15, 1, Z_STREAM_END);
inf("", "bad window size", 0, 1, 0, Z_STREAM_ERROR);
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit_(&strm, ZLIB_VERSION + 1, (int)sizeof(z_stream));
assert(ret == Z_VERSION_ERROR);
mem_done(&strm, "wrong version");
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit(&strm); assert(ret == Z_OK);
ret = inflateEnd(&strm); assert(ret == Z_OK);
fputs("inflate built-in memory routines\n", stderr);
}
/* cover all inflate() header and trailer cases and code after inflate() */
static void cover_wrap(void)
{
int ret;
z_stream strm, copy;
unsigned char dict[257];
ret = inflate(NULL, 0); assert(ret == Z_STREAM_ERROR);
ret = inflateEnd(NULL); assert(ret == Z_STREAM_ERROR);
ret = inflateCopy(NULL, NULL); assert(ret == Z_STREAM_ERROR);
fputs("inflate bad parameters\n", stderr);
inf("1f 8b 0 0", "bad gzip method", 0, 31, 0, Z_DATA_ERROR);
inf("1f 8b 8 80", "bad gzip flags", 0, 31, 0, Z_DATA_ERROR);
inf("77 85", "bad zlib method", 0, 15, 0, Z_DATA_ERROR);
inf("8 99", "set window size from header", 0, 0, 0, Z_OK);
inf("78 9c", "bad zlib window size", 0, 8, 0, Z_DATA_ERROR);
inf("78 9c 63 0 0 0 1 0 1", "check adler32", 0, 15, 1, Z_STREAM_END);
inf("1f 8b 8 1e 0 0 0 0 0 0 1 0 0 0 0 0 0", "bad header crc", 0, 47, 1,
Z_DATA_ERROR);
inf("1f 8b 8 2 0 0 0 0 0 0 1d 26 3 0 0 0 0 0 0 0 0 0", "check gzip length",
0, 47, 0, Z_STREAM_END);
inf("78 90", "bad zlib header check", 0, 47, 0, Z_DATA_ERROR);
inf("8 b8 0 0 0 1", "need dictionary", 0, 8, 0, Z_NEED_DICT);
inf("78 9c 63 0", "compute adler32", 0, 15, 1, Z_OK);
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit2(&strm, -8);
strm.avail_in = 2;
strm.next_in = (void *)"\x63";
strm.avail_out = 1;
strm.next_out = (void *)&ret;
mem_limit(&strm, 1);
ret = inflate(&strm, Z_NO_FLUSH); assert(ret == Z_MEM_ERROR);
ret = inflate(&strm, Z_NO_FLUSH); assert(ret == Z_MEM_ERROR);
mem_limit(&strm, 0);
memset(dict, 0, 257);
ret = inflateSetDictionary(&strm, dict, 257);
assert(ret == Z_OK);
mem_limit(&strm, (sizeof(struct inflate_state) << 1) + 256);
ret = inflatePrime(&strm, 16, 0); assert(ret == Z_OK);
strm.avail_in = 2;
strm.next_in = (void *)"\x80";
ret = inflateSync(&strm); assert(ret == Z_DATA_ERROR);
ret = inflate(&strm, Z_NO_FLUSH); assert(ret == Z_STREAM_ERROR);
strm.avail_in = 4;
strm.next_in = (void *)"\0\0\xff\xff";
ret = inflateSync(&strm); assert(ret == Z_OK);
(void)inflateSyncPoint(&strm);
ret = inflateCopy(&copy, &strm); assert(ret == Z_MEM_ERROR);
mem_limit(&strm, 0);
ret = inflateUndermine(&strm, 1); assert(ret == Z_DATA_ERROR);
(void)inflateMark(&strm);
ret = inflateEnd(&strm); assert(ret == Z_OK);
mem_done(&strm, "miscellaneous, force memory errors");
}
/* input and output functions for inflateBack() */
static unsigned pull(void *desc, const unsigned char **buf)
{
static unsigned int next = 0;
static unsigned char dat[] = {0x63, 0, 2, 0};
struct inflate_state *state;
if (desc == NULL) {
next = 0;
return 0; /* no input (already provided at next_in) */
}
state = (void *)((z_stream *)desc)->state;
if (state != NULL)
state->mode = SYNC; /* force an otherwise impossible situation */
return next < sizeof(dat) ? (*buf = dat + next++, 1) : 0;
}
static int push(void *desc, unsigned char *buf, unsigned len)
{
buf += len;
return desc != NULL; /* force error if desc not null */
}
/* cover inflateBack() up to common deflate data cases and after those */
static void cover_back(void)
{
int ret;
z_stream strm;
unsigned char win[32768];
ret = inflateBackInit_(NULL, 0, win, 0, 0);
assert(ret == Z_VERSION_ERROR);
ret = inflateBackInit(NULL, 0, win); assert(ret == Z_STREAM_ERROR);
ret = inflateBack(NULL, NULL, NULL, NULL, NULL);
assert(ret == Z_STREAM_ERROR);
ret = inflateBackEnd(NULL); assert(ret == Z_STREAM_ERROR);
fputs("inflateBack bad parameters\n", stderr);
mem_setup(&strm);
ret = inflateBackInit(&strm, 15, win); assert(ret == Z_OK);
strm.avail_in = 2;
strm.next_in = (void *)"\x03";
ret = inflateBack(&strm, pull, NULL, push, NULL);
assert(ret == Z_STREAM_END);
/* force output error */
strm.avail_in = 3;
strm.next_in = (void *)"\x63\x00";
ret = inflateBack(&strm, pull, NULL, push, &strm);
assert(ret == Z_BUF_ERROR);
/* force mode error by mucking with state */
ret = inflateBack(&strm, pull, &strm, push, NULL);
assert(ret == Z_STREAM_ERROR);
ret = inflateBackEnd(&strm); assert(ret == Z_OK);
mem_done(&strm, "inflateBack bad state");
ret = inflateBackInit(&strm, 15, win); assert(ret == Z_OK);
ret = inflateBackEnd(&strm); assert(ret == Z_OK);
fputs("inflateBack built-in memory routines\n", stderr);
}
/* do a raw inflate of data in hexadecimal with both inflate and inflateBack */
static int try(char *hex, char *id, int err)
{
int ret;
unsigned len, size;
unsigned char *in, *out, *win;
char *prefix;
z_stream strm;
/* convert to hex */
in = h2b(hex, &len);
assert(in != NULL);
/* allocate work areas */
size = len << 3;
out = malloc(size);
assert(out != NULL);
win = malloc(32768);
assert(win != NULL);
prefix = malloc(strlen(id) + 6);
assert(prefix != NULL);
/* first with inflate */
strcpy(prefix, id);
strcat(prefix, "-late");
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = NULL;
ret = inflateInit2(&strm, err < 0 ? 47 : -15);
assert(ret == Z_OK);
strm.avail_in = len;
strm.next_in = in;
do {
strm.avail_out = size;
strm.next_out = out;
ret = inflate(&strm, Z_TREES);
assert(ret != Z_STREAM_ERROR && ret != Z_MEM_ERROR);
if (ret == Z_DATA_ERROR || ret == Z_NEED_DICT)
break;
} while (strm.avail_in || strm.avail_out == 0);
if (err) {
assert(ret == Z_DATA_ERROR);
assert(strcmp(id, strm.msg) == 0);
}
inflateEnd(&strm);
mem_done(&strm, prefix);
/* then with inflateBack */
if (err >= 0) {
strcpy(prefix, id);
strcat(prefix, "-back");
mem_setup(&strm);
ret = inflateBackInit(&strm, 15, win);
assert(ret == Z_OK);
strm.avail_in = len;
strm.next_in = in;
ret = inflateBack(&strm, pull, NULL, push, NULL);
assert(ret != Z_STREAM_ERROR);
if (err) {
assert(ret == Z_DATA_ERROR);
assert(strcmp(id, strm.msg) == 0);
}
inflateBackEnd(&strm);
mem_done(&strm, prefix);
}
/* clean up */
free(prefix);
free(win);
free(out);
free(in);
return ret;
}
/* cover deflate data cases in both inflate() and inflateBack() */
static void cover_inflate(void)
{
try("0 0 0 0 0", "invalid stored block lengths", 1);
try("3 0", "fixed", 0);
try("6", "invalid block type", 1);
try("1 1 0 fe ff 0", "stored", 0);
try("fc 0 0", "too many length or distance symbols", 1);
try("4 0 fe ff", "invalid code lengths set", 1);
try("4 0 24 49 0", "invalid bit length repeat", 1);
try("4 0 24 e9 ff ff", "invalid bit length repeat", 1);
try("4 0 24 e9 ff 6d", "invalid code -- missing end-of-block", 1);
try("4 80 49 92 24 49 92 24 71 ff ff 93 11 0",
"invalid literal/lengths set", 1);
try("4 80 49 92 24 49 92 24 f b4 ff ff c3 84", "invalid distances set", 1);
try("4 c0 81 8 0 0 0 0 20 7f eb b 0 0", "invalid literal/length code", 1);
try("2 7e ff ff", "invalid distance code", 1);
try("c c0 81 0 0 0 0 0 90 ff 6b 4 0", "invalid distance too far back", 1);
/* also trailer mismatch just in inflate() */
try("1f 8b 8 0 0 0 0 0 0 0 3 0 0 0 0 1", "incorrect data check", -1);
try("1f 8b 8 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 1",
"incorrect length check", -1);
try("5 c0 21 d 0 0 0 80 b0 fe 6d 2f 91 6c", "pull 17", 0);
try("5 e0 81 91 24 cb b2 2c 49 e2 f 2e 8b 9a 47 56 9f fb fe ec d2 ff 1f",
"long code", 0);
try("ed c0 1 1 0 0 0 40 20 ff 57 1b 42 2c 4f", "length extra", 0);
try("ed cf c1 b1 2c 47 10 c4 30 fa 6f 35 1d 1 82 59 3d fb be 2e 2a fc f c",
"long distance and extra", 0);
try("ed c0 81 0 0 0 0 80 a0 fd a9 17 a9 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 "
"0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 6", "window end", 0);
inf("2 8 20 80 0 3 0", "inflate_fast TYPE return", 0, -15, 258,
Z_STREAM_END);
inf("63 18 5 40 c 0", "window wrap", 3, -8, 300, Z_OK);
}
/* cover remaining lines in inftrees.c */
static void cover_trees(void)
{
int ret;
unsigned bits;
uint16_t lens[16], work[16];
code *next, table[ENOUGH_DISTS];
/* we need to call inflate_table() directly in order to manifest not-
enough errors, since zlib insures that enough is always enough */
for (bits = 0; bits < 15; bits++)
lens[bits] = (uint16_t)(bits + 1);
lens[15] = 15;
next = table;
bits = 15;
ret = inflate_table(DISTS, lens, 16, &next, &bits, work);
assert(ret == 1);
next = table;
bits = 1;
ret = inflate_table(DISTS, lens, 16, &next, &bits, work);
assert(ret == 1);
fputs("inflate_table not enough errors\n", stderr);
}
/* cover remaining inffast.c decoding and window copying */
static void cover_fast(void)
{
inf("e5 e0 81 ad 6d cb b2 2c c9 01 1e 59 63 ae 7d ee fb 4d fd b5 35 41 68"
" ff 7f 0f 0 0 0", "fast length extra bits", 0, -8, 258, Z_DATA_ERROR);
inf("25 fd 81 b5 6d 59 b6 6a 49 ea af 35 6 34 eb 8c b9 f6 b9 1e ef 67 49"
" 50 fe ff ff 3f 0 0", "fast distance extra bits", 0, -8, 258,
Z_DATA_ERROR);
inf("3 7e 0 0 0 0 0", "fast invalid distance code", 0, -8, 258,
Z_DATA_ERROR);
inf("1b 7 0 0 0 0 0", "fast invalid literal/length code", 0, -8, 258,
Z_DATA_ERROR);
inf("d c7 1 ae eb 38 c 4 41 a0 87 72 de df fb 1f b8 36 b1 38 5d ff ff 0",
"fast 2nd level codes and too far back", 0, -8, 258, Z_DATA_ERROR);
inf("63 18 5 8c 10 8 0 0 0 0", "very common case", 0, -8, 259, Z_OK);
inf("63 60 60 18 c9 0 8 18 18 18 26 c0 28 0 29 0 0 0",
"contiguous and wrap around window", 6, -8, 259, Z_OK);
inf("63 0 3 0 0 0 0 0", "copy direct from output", 0, -8, 259,
Z_STREAM_END);
}
int main(void)
{
fprintf(stderr, "%s\n", zlibVersion());
cover_support();
cover_wrap();
cover_back();
cover_inflate();
cover_trees();
cover_fast();
return 0;
}
libs/zlibng/test/minigzip.c
+361
View File
@@ -0,0 +1,361 @@
/* minigzip.c -- simulate gzip using the zlib compression library
* Copyright (C) 1995-2006, 2010, 2011, 2016 Jean-loup Gailly
* For conditions of distribution and use, see copyright notice in zlib.h
*/
/*
* minigzip is a minimal implementation of the gzip utility. This is
* only an example of using zlib and isn't meant to replace the
* full-featured gzip. No attempt is made to deal with file systems
* limiting names to 14 or 8+3 characters, etc... Error checking is
* very limited. So use minigzip only for testing; use gzip for the
* real thing.
*/
/* @(#) $Id$ */
#define _POSIX_SOURCE 1 /* This file needs POSIX for fdopen(). */
#define _POSIX_C_SOURCE 200112 /* For snprintf(). */
#include "zbuild.h"
#ifdef ZLIB_COMPAT
# include "zlib.h"
#else
# include "zlib-ng.h"
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#ifdef USE_MMAP
# include <sys/types.h>
# include <sys/mman.h>
# include <sys/stat.h>
#endif
#ifndef UNALIGNED_OK
# include <malloc.h>
#endif
#if defined(WIN32) || defined(__CYGWIN__)
# include <fcntl.h>
# include <io.h>
# define SET_BINARY_MODE(file) setmode(fileno(file), O_BINARY)
#else
# define SET_BINARY_MODE(file)
#endif
#if defined(_MSC_VER) && _MSC_VER < 1900
# define snprintf _snprintf
#endif
#if !defined(Z_HAVE_UNISTD_H) && !defined(_LARGEFILE64_SOURCE)
#ifndef WIN32 /* unlink already in stdio.h for WIN32 */
extern int unlink (const char *);
#endif
#endif
#ifndef GZ_SUFFIX
# define GZ_SUFFIX ".gz"
#endif
#define SUFFIX_LEN (sizeof(GZ_SUFFIX)-1)
#if defined(S390_DFLTCC_DEFLATE) || defined(S390_DFLTCC_INFLATE)
#define BUFLEN 262144 /* DFLTCC works faster with larger buffers */
#else
#define BUFLEN 16384 /* read buffer size */
#endif
#define BUFLENW (BUFLEN * 3) /* write buffer size */
#define MAX_NAME_LEN 1024
static char *prog;
void error (const char *msg);
void gz_compress (FILE *in, gzFile out);
#ifdef USE_MMAP
int gz_compress_mmap (FILE *in, gzFile out);
#endif
void gz_uncompress (gzFile in, FILE *out);
void file_compress (char *file, char *mode);
void file_uncompress (char *file);
int main (int argc, char *argv[]);
/* ===========================================================================
* Display error message and exit
*/
void error(const char *msg)
{
fprintf(stderr, "%s: %s\n", prog, msg);
exit(1);
}
/* ===========================================================================
* Compress input to output then close both files.
*/
void gz_compress(FILE *in, gzFile out)
{
char buf[BUFLEN];
int len;
int err;
#ifdef USE_MMAP
/* Try first compressing with mmap. If mmap fails (minigzip used in a
* pipe), use the normal fread loop.
*/
if (gz_compress_mmap(in, out) == Z_OK) return;
#endif
/* Clear out the contents of buf before reading from the file to avoid
MemorySanitizer: use-of-uninitialized-value warnings. */
memset(buf, 0, sizeof(buf));
for (;;) {
len = (int)fread(buf, 1, sizeof(buf), in);
if (ferror(in)) {
perror("fread");
exit(1);
}
if (len == 0) break;
if (PREFIX(gzwrite)(out, buf, (unsigned)len) != len) error(PREFIX(gzerror)(out, &err));
}
fclose(in);
if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
}
#ifdef USE_MMAP /* MMAP version, Miguel Albrecht <malbrech@eso.org> */
/* Try compressing the input file at once using mmap. Return Z_OK if
* if success, Z_ERRNO otherwise.
*/
int gz_compress_mmap(FILE *in, gzFile out)
{
int len;
int err;
int ifd = fileno(in);
caddr_t buf; /* mmap'ed buffer for the entire input file */
off_t buf_len; /* length of the input file */
struct stat sb;
/* Determine the size of the file, needed for mmap: */
if (fstat(ifd, &sb) < 0) return Z_ERRNO;
buf_len = sb.st_size;
if (buf_len <= 0) return Z_ERRNO;
/* Now do the actual mmap: */
buf = mmap((caddr_t) 0, buf_len, PROT_READ, MAP_SHARED, ifd, (off_t)0);
if (buf == (caddr_t)(-1)) return Z_ERRNO;
/* Compress the whole file at once: */
len = PREFIX(gzwrite)(out, (char *)buf, (unsigned)buf_len);
if (len != (int)buf_len) error(PREFIX(gzerror)(out, &err));
munmap(buf, buf_len);
fclose(in);
if (PREFIX(gzclose)(out) != Z_OK) error("failed gzclose");
return Z_OK;
}
#endif /* USE_MMAP */
/* ===========================================================================
* Uncompress input to output then close both files.
*/
void gz_uncompress(gzFile in, FILE *out)
{
char buf[BUFLENW];
int len;
int err;
for (;;) {
len = PREFIX(gzread)(in, buf, sizeof(buf));
if (len < 0) error (PREFIX(gzerror)(in, &err));
if (len == 0) break;
if ((int)fwrite(buf, 1, (unsigned)len, out) != len) {
error("failed fwrite");
}
}
if (fclose(out)) error("failed fclose");
if (PREFIX(gzclose)(in) != Z_OK) error("failed gzclose");
}
/* ===========================================================================
* Compress the given file: create a corresponding .gz file and remove the
* original.
*/
void file_compress(char *file, char *mode)
{
char outfile[MAX_NAME_LEN];
FILE *in;
gzFile out;
if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
fprintf(stderr, "%s: filename too long\n", prog);
exit(1);
}
snprintf(outfile, sizeof(outfile), "%s%s", file, GZ_SUFFIX);
in = fopen(file, "rb");
if (in == NULL) {
perror(file);
exit(1);
}
out = PREFIX(gzopen)(outfile, mode);
if (out == NULL) {
fprintf(stderr, "%s: can't gzopen %s\n", prog, outfile);
exit(1);
}
gz_compress(in, out);
unlink(file);
}
/* ===========================================================================
* Uncompress the given file and remove the original.
*/
void file_uncompress(char *file)
{
char buf[MAX_NAME_LEN];
char *infile, *outfile;
FILE *out;
gzFile in;
size_t len = strlen(file);
if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
fprintf(stderr, "%s: filename too long\n", prog);
exit(1);
}
snprintf(buf, sizeof(buf), "%s", file);
if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) {
infile = file;
outfile = buf;
outfile[len-3] = '\0';
} else {
outfile = file;
infile = buf;
snprintf(buf + len, sizeof(buf) - len, "%s", GZ_SUFFIX);
}
in = PREFIX(gzopen)(infile, "rb");
if (in == NULL) {
fprintf(stderr, "%s: can't gzopen %s\n", prog, infile);
exit(1);
}
out = fopen(outfile, "wb");
if (out == NULL) {
perror(file);
exit(1);
}
gz_uncompress(in, out);
unlink(infile);
}
/* ===========================================================================
* Usage: minigzip [-c] [-d] [-f] [-h] [-r] [-1 to -9] [files...]
* -c : write to standard output
* -d : decompress
* -f : compress with Z_FILTERED
* -h : compress with Z_HUFFMAN_ONLY
* -r : compress with Z_RLE
* -0 to -9 : compression level
*/
int main(int argc, char *argv[])
{
int copyout = 0;
int uncompr = 0;
gzFile file;
char *bname, outmode[20];
snprintf(outmode, sizeof(outmode), "%s", "wb6 ");
prog = argv[0];
bname = strrchr(argv[0], '/');
if (bname)
bname++;
else
bname = argv[0];
argc--, argv++;
if (!strcmp(bname, "gunzip"))
uncompr = 1;
else if (!strcmp(bname, "zcat"))
copyout = uncompr = 1;
while (argc > 0) {
if (strcmp(*argv, "-c") == 0)
copyout = 1;
else if (strcmp(*argv, "-d") == 0)
uncompr = 1;
else if (strcmp(*argv, "-f") == 0)
outmode[3] = 'f';
else if (strcmp(*argv, "-h") == 0)
outmode[3] = 'h';
else if (strcmp(*argv, "-r") == 0)
outmode[3] = 'R';
else if ((*argv)[0] == '-' && (*argv)[1] >= '0' && (*argv)[1] <= '9' &&
(*argv)[2] == 0)
outmode[2] = (*argv)[1];
else
break;
argc--, argv++;
}
if (outmode[3] == ' ')
outmode[3] = 0;
if (argc == 0) {
SET_BINARY_MODE(stdin);
SET_BINARY_MODE(stdout);
if (uncompr) {
file = PREFIX(gzdopen)(fileno(stdin), "rb");
if (file == NULL) error("can't gzdopen stdin");
gz_uncompress(file, stdout);
} else {
file = PREFIX(gzdopen)(fileno(stdout), outmode);
if (file == NULL) error("can't gzdopen stdout");
gz_compress(stdin, file);
}
} else {
if (copyout) {
SET_BINARY_MODE(stdout);
}
do {
if (uncompr) {
if (copyout) {
file = PREFIX(gzopen)(*argv, "rb");
if (file == NULL)
fprintf(stderr, "%s: can't gzopen %s\n", prog, *argv);
else
gz_uncompress(file, stdout);
} else {
file_uncompress(*argv);
}
} else {
if (copyout) {
FILE * in = fopen(*argv, "rb");
if (in == NULL) {
perror(*argv);
} else {
file = PREFIX(gzdopen)(fileno(stdout), outmode);
if (file == NULL) error("can't gzdopen stdout");
gz_compress(in, file);
}
} else {
file_compress(*argv, outmode);
}
}
} while (argv++, --argc);
}
return 0;
}
libs/zlibng/test/testCVEinputs.sh
+31
View File
@@ -0,0 +1,31 @@
#!/bin/bash
TESTDIR="$(dirname "$0")"
# check for QEMU if QEMU_RUN is set
if [ ! -z "${QEMU_RUN}" ]; then
QEMU_VERSION=$(${QEMU_RUN} --version 2> /dev/null)
if [ -z "${QEMU_VERSION}" ]; then
echo "**** You need QEMU to run tests on non-native platform"
exit 1
fi
fi
CVEs="CVE-2002-0059 CVE-2004-0797 CVE-2005-1849 CVE-2005-2096"
for CVE in $CVEs; do
fail=0
for testcase in ${TESTDIR}/${CVE}/*.gz; do
${QEMU_RUN} ../minigzip${EXE} -d < "$testcase"
# we expect that a 1 error code is OK
# for a vulnerable failure we'd expect 134 or similar
if [ $? -ne 1 ] && [ $? -ne 0 ]; then
fail=1
fi
done
if [ $fail -eq 0 ]; then
echo " --- zlib not vulnerable to $CVE ---";
else
echo " --- zlib VULNERABLE to $CVE ---"; exit 1;
fi
done