1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <stdint.h>
6 
7 #include <iostream>
8 #include <memory>
9 
10 #include "base/environment.h"
11 #include "base/logging.h"
12 #include "components/zucchini/buffer_sink.h"
13 #include "components/zucchini/buffer_view.h"
14 #include "components/zucchini/fuzzers/file_pair.pb.h"
15 #include "components/zucchini/patch_writer.h"
16 #include "components/zucchini/zucchini_gen.h"
17 #include "testing/libfuzzer/proto/lpm_interface.h"
18 
19 namespace {
20 
21 constexpr size_t kMinImageSize = 16;
22 constexpr size_t kMaxImageSize = 1024;
23 
24 }  // namespace
25 
26 struct Environment {
EnvironmentEnvironment27   Environment() {
28     logging::SetMinLogLevel(logging::LOG_FATAL);  // Disable console spamming.
29   }
30 };
31 
32 Environment* env = new Environment();
33 
DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair & file_pair)34 DEFINE_BINARY_PROTO_FUZZER(const zucchini::fuzzers::FilePair& file_pair) {
35   // Dump code for debugging.
36   if (base::Environment::Create()->HasVar("LPM_DUMP_NATIVE_INPUT")) {
37     std::cout << "Old File: " << file_pair.old_file() << std::endl
38               << "New File: " << file_pair.new_or_patch_file() << std::endl;
39   }
40 
41   // Prepare data. These are originally Zucchini Text Format (ZTF) files but may
42   // in relatively unlikely circumstances mutate into other formats.
43   zucchini::ConstBufferView old_image(
44       reinterpret_cast<const uint8_t*>(file_pair.old_file().data()),
45       file_pair.old_file().size());
46   zucchini::ConstBufferView new_image(
47       reinterpret_cast<const uint8_t*>(file_pair.new_or_patch_file().data()),
48       file_pair.new_or_patch_file().size());
49 
50   // Restrict image sizes to speed up fuzzing.
51   if (old_image.size() < kMinImageSize || old_image.size() > kMaxImageSize ||
52       new_image.size() < kMinImageSize || new_image.size() > kMaxImageSize) {
53     return;
54   }
55 
56   // Generate a patch writer.
57   zucchini::EnsemblePatchWriter patch_writer(old_image, new_image);
58 
59   // Fuzz Target.
60   zucchini::GenerateBuffer(old_image, new_image, &patch_writer);
61 
62   // Write to buffer to avoid IO.
63   size_t patch_size = patch_writer.SerializedSize();
64   std::unique_ptr<uint8_t[]> patch_data(new uint8_t[patch_size]);
65   zucchini::BufferSink patch(patch_data.get(), patch_size);
66   patch_writer.SerializeInto(patch);
67 }
68