26 lines
1.1 KiB
Rust
26 lines
1.1 KiB
Rust
//! Fuzzer for `decode_frame` against arbitrary byte input.
|
|
//!
|
|
//! Drives the frame parser and Rice bitstream decoder with random bytes.
|
|
//! The decoder must never panic, allocate unboundedly, or enter an infinite
|
|
//! loop on any input: success is "returns `Ok` with valid samples" or
|
|
//! "returns `Err(DecodeError)`". Nothing else is acceptable.
|
|
//!
|
|
//! Paths exercised:
|
|
//! - Every header validation branch (sync, order range, partition order
|
|
//! range, truncation at each field boundary, partition count vs. sample
|
|
//! count mismatch).
|
|
//! - The Rice unary-decode loop with pathological run lengths (the
|
|
//! `q > 2^26` guard in `rice::rice_decode` is specifically targeted).
|
|
//! - The Q15 predictor accumulator on adversarial coefficient and residual
|
|
//! values (overflow / wrap-around checks).
|
|
|
|
#![no_main]
|
|
|
|
use libfuzzer_sys::fuzz_target;
|
|
|
|
fuzz_target!(|data: &[u8]| {
|
|
// Only the `Ok` / `Err` result is meaningful; panics are the failure
|
|
// mode. The returned samples themselves are unchecked here — the
|
|
// `roundtrip_arbitrary` target verifies encoder/decoder self-consistency.
|
|
let _ = lac::decode_frame(data);
|
|
});
|