[zlib] Restore deflateBound() check in the deflate fuzzer

With deflateBound() now fixed we can put it back in the fuzzer.

Bug: 40270738
Change-Id: I7a0f89faf3d741f3d098439f273c0dafbd711f1c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5335101
Reviewed-by: Adenilson Cavalcanti <cavalcantii@chromium.org>
Commit-Queue: Hans Wennborg <hans@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1267396}
NOKEYCHECK=True
GitOrigin-RevId: 98f49d7e197252c5cba4e9c5bf5abcc3441ffb81

1 files changed, 12 insertions, 6 deletions

diff --git a/contrib/tests/fuzzers/deflate_fuzzer.cc b/contrib/tests/fuzzers/deflate_fuzzer.cc
index 6f3e45e..2468509 100644
--- a/contrib/tests/fuzzers/deflate_fuzzer.cc
+++ b/contrib/tests/fuzzers/deflate_fuzzer.cc
@@ -84,14 +84,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     }
     ASSERT(ret == Z_OK || Z_BUF_ERROR);
   }
-
-  // Check that the bound was correct.
-  // size_t deflate_bound = deflateBound(&stream, src.size());
-  // TODO(crbug.com/40270738): This does not always hold.
-  // ASSERT(compressed.size() <= deflate_bound);
-
   deflateEnd(&stream);
 
+  // Check deflateBound().
+  // Use a newly initialized stream since computing the bound on a "used" stream
+  // may not yield a correct result (https://github.com/madler/zlib/issues/944).
+  z_stream bound_stream;
+  bound_stream.zalloc = Z_NULL;
+  bound_stream.zfree = Z_NULL;
+  ret = deflateInit2(&bound_stream, level, Z_DEFLATED, windowBits, memLevel,
+                     strategy);
+  ASSERT(ret == Z_OK);
+  size_t deflate_bound = deflateBound(&bound_stream, src.size());
+  ASSERT(compressed.size() <= deflate_bound);
+  deflateEnd(&bound_stream);
 
   // Verify that the data decompresses correctly.
   ret = inflateInit2(&stream, windowBits);