From 1e7621d96cb9d0821c61db6f4e3ef36ddc19b0cd Mon Sep 17 00:00:00 2001
From: Nathan Moinvaziri <nathan@nathanm.com>
Date: Sat, 17 Oct 2020 16:10:59 -0700
Subject: [PATCH] Use variable size input buffer in uncompress fuzzer.

---
 tests/uncompress_fuzzer.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/tests/uncompress_fuzzer.c b/tests/uncompress_fuzzer.c
index bf9c580..933ff69 100644
--- a/tests/uncompress_fuzzer.c
+++ b/tests/uncompress_fuzzer.c
@@ -8,13 +8,23 @@
 
 #include "miniz.h"
 
-static unsigned char buffer[256 * 1024] = { 0 };
-
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-    unsigned long int buffer_length = sizeof(buffer);
+    unsigned long int buffer_length = 1;
+    unsigned char *buffer = NULL;
+    int z_status = 0;
 
-    if (Z_OK != uncompress(buffer, &buffer_length, data, size)) return 0;
-    
+    if (size > 0)
+        buffer_length *= data[0];
+    if (size > 1)
+        buffer_length *= data[1];
+
+    buffer = (unsigned char *)malloc(buffer_length);
+
+    z_status = uncompress(buffer, &buffer_length, data, size);
+    free(buffer);
+
+    if (Z_OK != z_status)
+        return 0;
     return 0;
 }