fuzz: fix lzxpress plain round-trip fuzzer

The 'compressed' string can be about 9/8 the size of the decompressed
string, but we didn't allow enough memory in the fuzz target for that.
Then when it failed, we didn't check.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/fuzzing/fuzz_lzxpress_round_trip.c b/lib/fuzzing/fuzz_lzxpress_round_trip.c
index a6173bb68c9228f4d868c16edced485e610c8343..ac38368527ebfbe29ac4fc4c27c78b1e7e4fd658 100644 (file)
--- a/lib/fuzzing/fuzz_lzxpress_round_trip.c
+++ b/lib/fuzzing/fuzz_lzxpress_round_trip.c
@@ -27,7 +27,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 
 int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 {
-       static uint8_t compressed[1024 * 1024] = {0};
+       static uint8_t compressed[1024 * 1280] = {0};
        static uint8_t decompressed[1024 * 1024] = {0};
        ssize_t compressed_size;
        ssize_t decompressed_size;
@@ -38,6 +38,9 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 
        compressed_size = lzxpress_compress(buf, len,
                                            compressed, sizeof(compressed));
+       if (compressed_size < 0) {
+               abort();
+       }
 
        decompressed_size = lzxpress_decompress(compressed, compressed_size,
                                                decompressed, sizeof(decompressed));