1 // SPDX-License-Identifier: Apache-2.0
2 
3 #include <stddef.h>
4 #include <stdint.h>
5 
6 #include "fuzzer/FuzzedDataProvider.h"
7 #include <android-base/file.h>
8 #include <ziparchive/zip_writer.h>
9 
10 // See current fuzz coverage here:
11 // https://android-coverage.googleplex.com/fuzz_targets/libziparchive_writer_fuzzer/index.html
12 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)13 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
14   FuzzedDataProvider provider(data, size);
15   std::unique_ptr<std::FILE, decltype(&fclose)> fp(tmpfile(), &fclose);
16   if (!fp) {
17     return 0;
18   }
19   ZipWriter writer(fp.get());
20   for (int i = 0; i < 2; i++) {
21     if (provider.remaining_bytes() == 0) {
22       break;
23     }
24     auto path = provider.ConsumeRandomLengthString();
25     if (writer.StartEntry(path, path.size()) == 0) {
26       for (int j = 0; j < 2; j++) {
27         if (provider.remaining_bytes() == 0) {
28           break;
29         }
30         const size_t next_size = provider.ConsumeIntegralInRange<size_t>(
31             0, provider.remaining_bytes());
32         auto next_buf = provider.ConsumeBytes<uint8_t>(next_size);
33         writer.WriteBytes(next_buf.data(), next_buf.size());
34       }
35       writer.FinishEntry();
36     }
37   }
38   writer.Finish();
39   return 0;
40 }
41