1*adcb0a62SAndroid Build Coastguard Worker // SPDX-License-Identifier: Apache-2.0 2*adcb0a62SAndroid Build Coastguard Worker 3*adcb0a62SAndroid Build Coastguard Worker #include <stddef.h> 4*adcb0a62SAndroid Build Coastguard Worker #include <stdint.h> 5*adcb0a62SAndroid Build Coastguard Worker 6*adcb0a62SAndroid Build Coastguard Worker #include "fuzzer/FuzzedDataProvider.h" 7*adcb0a62SAndroid Build Coastguard Worker #include <android-base/file.h> 8*adcb0a62SAndroid Build Coastguard Worker #include <ziparchive/zip_writer.h> 9*adcb0a62SAndroid Build Coastguard Worker 10*adcb0a62SAndroid Build Coastguard Worker // See current fuzz coverage here: 11*adcb0a62SAndroid Build Coastguard Worker // https://android-coverage.googleplex.com/fuzz_targets/libziparchive_writer_fuzzer/index.html 12*adcb0a62SAndroid Build Coastguard Worker LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)13*adcb0a62SAndroid Build Coastguard Workerextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 14*adcb0a62SAndroid Build Coastguard Worker FuzzedDataProvider provider(data, size); 15*adcb0a62SAndroid Build Coastguard Worker std::unique_ptr<std::FILE, decltype(&fclose)> fp(tmpfile(), &fclose); 16*adcb0a62SAndroid Build Coastguard Worker if (!fp) { 17*adcb0a62SAndroid Build Coastguard Worker return 0; 18*adcb0a62SAndroid Build Coastguard Worker } 19*adcb0a62SAndroid Build Coastguard Worker ZipWriter writer(fp.get()); 20*adcb0a62SAndroid Build Coastguard Worker for (int i = 0; i < 2; i++) { 21*adcb0a62SAndroid Build Coastguard Worker if (provider.remaining_bytes() == 0) { 22*adcb0a62SAndroid Build Coastguard Worker break; 23*adcb0a62SAndroid Build Coastguard Worker } 24*adcb0a62SAndroid Build Coastguard Worker auto path = provider.ConsumeRandomLengthString(); 25*adcb0a62SAndroid Build Coastguard Worker if (writer.StartEntry(path, path.size()) == 0) { 26*adcb0a62SAndroid Build Coastguard Worker for (int j = 0; j < 2; j++) { 27*adcb0a62SAndroid Build Coastguard Worker if (provider.remaining_bytes() == 0) { 28*adcb0a62SAndroid Build Coastguard Worker break; 29*adcb0a62SAndroid Build Coastguard Worker } 30*adcb0a62SAndroid Build Coastguard Worker const size_t next_size = provider.ConsumeIntegralInRange<size_t>( 31*adcb0a62SAndroid Build Coastguard Worker 0, provider.remaining_bytes()); 32*adcb0a62SAndroid Build Coastguard Worker auto next_buf = provider.ConsumeBytes<uint8_t>(next_size); 33*adcb0a62SAndroid Build Coastguard Worker writer.WriteBytes(next_buf.data(), next_buf.size()); 34*adcb0a62SAndroid Build Coastguard Worker } 35*adcb0a62SAndroid Build Coastguard Worker writer.FinishEntry(); 36*adcb0a62SAndroid Build Coastguard Worker } 37*adcb0a62SAndroid Build Coastguard Worker } 38*adcb0a62SAndroid Build Coastguard Worker writer.Finish(); 39*adcb0a62SAndroid Build Coastguard Worker return 0; 40*adcb0a62SAndroid Build Coastguard Worker } 41