diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 00000000000..94c03ed553c
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,27 @@
+name: CIFuzz
+on: [pull_request]
+permissions: {}
+jobs:
+ Fuzzing:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Build Fuzzers
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'apache-commons-compress'
+ dry-run: false
+ - name: Run Fuzzers
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'apache-commons-compress'
+ fuzz-seconds: 600
+ dry-run: false
+ - name: Upload Crash
+ uses: actions/upload-artifact@v4
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: artifacts
+ path: ./out/artifacts
diff --git a/pom.xml b/pom.xml
index 8ed7db1da49..0392868a596 100644
--- a/pom.xml
+++ b/pom.xml
@@ -406,6 +406,15 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
org.apache.maven.plugins
maven-checkstyle-plugin
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+
+ org/apache/commons/compress/fuzz/**
+
+
+
@@ -603,6 +612,30 @@ Brotli, Zstandard and ar, cpio, jar, tar, zip, dump, 7z, arj.
+
+ fuzz
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+
+ none
+
+
+
+
+ maven-surefire-plugin
+
+
+ **/*Fuzzer.java
+
+
+
+
+
+
diff --git a/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java
new file mode 100644
index 00000000000..ff802fccb08
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/AbstractTests.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.commons.compress.fuzz;
+
+import java.io.IOException;
+import java.util.logging.LogManager;
+
+import org.apache.commons.compress.archivers.ArchiveEntry;
+import org.apache.commons.compress.archivers.ArchiveInputStream;
+import org.apache.commons.compress.compressors.CompressorInputStream;
+
+/**
+ * Class with common functionality shared among fuzzing harnesses.
+ */
+public abstract class AbstractTests {
+ public static void fuzzerInitialize() {
+ LogManager.getLogManager().reset();
+ }
+
+ /**
+ * Fuzz archiver streams by reading every entry.
+ */
+ public static void fuzzArchiveInputStream(ArchiveInputStream is) throws IOException {
+ ArchiveEntry entry;
+ while ((entry = is.getNextEntry()) != null) {
+ is.read(new byte[1024]);
+ }
+ is.close();
+ }
+
+ /**
+ * Fuzz compressor streams by reading them.
+ */
+ public static void fuzzCompressorInputStream(CompressorInputStream is) throws IOException {
+ is.read(new byte[1024]);
+ is.close();
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java
new file mode 100644
index 00000000000..b01696e521c
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.ar.ArArchiveInputStream;
+
+public class ArchiverArFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new ArArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java
new file mode 100644
index 00000000000..96f5346ddec
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverArjFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.arj.ArjArchiveInputStream;
+
+public class ArchiverArjFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new ArjArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java
new file mode 100644
index 00000000000..8ae85442f90
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverCpioFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream;
+
+public class ArchiverCpioFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new CpioArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IllegalArgumentException | IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java
new file mode 100644
index 00000000000..992b67654ac
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverDumpFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.dump.DumpArchiveInputStream;
+
+public class ArchiverDumpFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new DumpArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java
new file mode 100644
index 00000000000..d0595197ec0
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverTarStreamFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
+
+public class ArchiverTarStreamFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new TarArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java
new file mode 100644
index 00000000000..0d53231f125
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/ArchiverZipStreamFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
+
+public class ArchiverZipStreamFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzArchiveInputStream(new ZipArchiveInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java
new file mode 100644
index 00000000000..3bd3604f028
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/BaseTests.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+/**
+ * Temporary shim to maintain compatibility with legacy OSS-Fuzz build scripts
+ * which hardcode the class name "BaseTests".
+ *
+ * TODO: Remove this class once the oss-fuzz project configuration is updated
+ * to use AbstractTests.
+ */
+public abstract class BaseTests extends AbstractTests {
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java
new file mode 100644
index 00000000000..805df52aedc
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressSevenZFuzzer.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry;
+import org.apache.commons.compress.archivers.sevenz.SevenZFile;
+import org.apache.commons.compress.archivers.sevenz.SevenZFileOptions;
+import org.apache.commons.compress.utils.SeekableInMemoryByteChannel;
+
+public class CompressSevenZFuzzer extends AbstractTests {
+ private static final SevenZFileOptions options = new SevenZFileOptions.Builder()
+ .withMaxMemoryLimitInKb(1_000_000)
+ .build();
+
+ public static void fuzzerTestOneInput(byte[] data) {
+ try (final SevenZFile sf = new SevenZFile(new SeekableInMemoryByteChannel(data), options)) {
+ SevenZArchiveEntry entry;
+ while ((entry = sf.getNextEntry()) != null) {
+ final InputStream is = sf.getInputStream(entry);
+ is.read(new byte[1024]);
+ }
+ } catch (final IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java
new file mode 100644
index 00000000000..2025b0c0c47
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressTarFuzzer.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
+import org.apache.commons.compress.archivers.tar.TarFile;
+
+public class CompressTarFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try (final TarFile tf = new TarFile(data)) {
+ for (final TarArchiveEntry entry : tf.getEntries()) {
+ final InputStream is = tf.getInputStream(entry);
+ is.read(new byte[1024]);
+ }
+ } catch (final IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java
new file mode 100644
index 00000000000..aa2e8f227a1
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressZipFuzzer.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+
+import org.apache.commons.compress.archivers.zip.ZipArchiveEntry;
+import org.apache.commons.compress.archivers.zip.ZipFile;
+import org.apache.commons.compress.utils.SeekableInMemoryByteChannel;
+
+public class CompressZipFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try (final ZipFile zf = new ZipFile(new SeekableInMemoryByteChannel(data))) {
+ final Enumeration entries = zf.getEntries();
+ while (entries.hasMoreElements()) {
+ final ZipArchiveEntry entry = entries.nextElement();
+ final InputStream is = zf.getInputStream(entry);
+ is.read(new byte[1024]);
+ }
+ } catch (final IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java
new file mode 100644
index 00000000000..55e6677f38f
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorBZip2Fuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
+
+public class CompressorBZip2Fuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new BZip2CompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java
new file mode 100644
index 00000000000..1d5a7b4afe2
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorDeflate64Fuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.deflate64.Deflate64CompressorInputStream;
+
+public class CompressorDeflate64Fuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new Deflate64CompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java
new file mode 100644
index 00000000000..a56f4197b07
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorGzipFuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
+
+public class CompressorGzipFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new GzipCompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java
new file mode 100644
index 00000000000..14419fc4d7e
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorLZ4Fuzzer.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorInputStream;
+import org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream;
+
+public class CompressorLZ4Fuzzer extends AbstractTests {
+ // Test both LZ4 classes
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new BlockLZ4CompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+
+ try {
+ fuzzCompressorInputStream(new FramedLZ4CompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java
new file mode 100644
index 00000000000..402b6c9647b
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorPack200Fuzzer.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream;
+
+public class CompressorPack200Fuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new Pack200CompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java
new file mode 100644
index 00000000000..ae7529698a9
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorSnappyFuzzer.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream;
+import org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream;
+
+public class CompressorSnappyFuzzer extends AbstractTests {
+ // Test both Snappy classes
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ fuzzCompressorInputStream(new FramedSnappyCompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+
+ try {
+ fuzzCompressorInputStream(new SnappyCompressorInputStream(new ByteArrayInputStream(data)));
+ } catch (IOException ignored) {
+ }
+ }
+}
diff --git a/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java
new file mode 100644
index 00000000000..e71c090fc72
--- /dev/null
+++ b/src/test/java/org/apache/commons/compress/fuzz/CompressorZFuzzer.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.commons.compress.fuzz;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+
+import org.apache.commons.compress.compressors.z.ZCompressorInputStream;
+
+public class CompressorZFuzzer extends AbstractTests {
+ public static void fuzzerTestOneInput(byte[] data) {
+ try {
+ // Setting limit to avoid out of memory errors
+ fuzzCompressorInputStream(new ZCompressorInputStream(new ByteArrayInputStream(data), 1024 * 1024));
+ } catch (IllegalArgumentException | IOException ignored) {
+ }
+ }
+}