From: Nick Terrell <terrelln@fb.com>
Date: Tue, 28 Apr 2020 01:25:47 +0000 (-0700)
Subject: [fuzz] Fuzz test ZSTD_d_stableOutBuffer
X-Git-Tag: v1.4.5^2~55^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1343b815f8c602612a70e84700ae65e959503a0b;p=thirdparty%2Fzstd.git

[fuzz] Fuzz test ZSTD_d_stableOutBuffer
---

diff --git a/tests/fuzz/stream_decompress.c b/tests/fuzz/stream_decompress.c
index df3b009ae..503d32d66 100644
--- a/tests/fuzz/stream_decompress.c
+++ b/tests/fuzz/stream_decompress.c
@@ -70,6 +70,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
      * buffers in a row. */
     int prevInWasZero = 0;
     int prevOutWasZero = 0;
+    int stableOutBuffer;
+    ZSTD_outBuffer out;
     size = FUZZ_dataProducer_reserveDataPrefix(producer);
 
     /* Allocate all buffers and contexts if not already allocated */
@@ -85,11 +87,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *src, size_t size)
         FUZZ_ZASSERT(ZSTD_DCtx_reset(dstream, ZSTD_reset_session_only));
     }
 
+    stableOutBuffer = FUZZ_dataProducer_uint32Range(producer, 0, 10) == 5;
+    if (stableOutBuffer) {
+      FUZZ_ZASSERT(ZSTD_DCtx_setParameter(dstream, ZSTD_d_stableOutBuffer, 1));
+      out.dst = buf;
+      out.size = kBufSize;
+      out.pos = 0;
+    }
+
     while (size > 0) {
         ZSTD_inBuffer in = makeInBuffer(&src, &size, producer, prevInWasZero ? 1 : 0);
         prevInWasZero = in.size == 0;
         while (in.pos != in.size) {
-            ZSTD_outBuffer out = makeOutBuffer(producer, prevOutWasZero ? 1 : 0);
+            if (!stableOutBuffer || FUZZ_dataProducer_uint32Range(producer, 0, 100) == 55) {
+              out = makeOutBuffer(producer, prevOutWasZero ? 1 : 0);
+            }
             prevOutWasZero = out.size == 0;
             size_t const rc = ZSTD_decompressStream(dstream, &out, &in);
             if (ZSTD_isError(rc)) goto error;