projects/libdeflate: add OSS-Fuzz integration with 5 fuzz targets

[XananasX7]

Summary

libdeflate is a high-performance DEFLATE, zlib, and gzip compression/decompression library used widely in production tools and pipelines (pigz, many image processing pipelines, libpng, container compression tools).

The library ships its own libFuzzer harnesses under scripts/libFuzzer/ but has no OSS-Fuzz integration, so it is not continuously fuzzed with new sanitizer updates or shared corpus improvements.

Fuzz targets added (5)

Target	Description
deflate_decompress_fuzzer	Raw DEFLATE format decompression
gzip_decompress_fuzzer	gzip format decompression
zlib_decompress_fuzzer	zlib-format (zlib header + DEFLATE + Adler-32) decompression
deflate_compress_fuzzer	Compression at levels 1–12 + round-trip decompression verify
checksum_fuzzer	adler32 and crc32 incremental multi-chunk update APIs

The deflate_compress_fuzzer is notable: it compresses the input, then decompresses the output and verifies correctness — catching compressor logic bugs that would produce invalid compressed data.

Upstream acknowledgement

libdeflate ships its own harness stubs (MIT-licensed); these OSS-Fuzz harnesses are adapted from those stubs with improved buffer sizing to avoid false OOM exits on large inputs.

I have read the CLA Document and I hereby sign the CLA

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[github-actions]

XananasX7 is integrating a new project, but the main_repo is missing. The criticality score cannot be computed.

[XananasX7]

Missing main_repo — adding main_repo: https://github.com/ebiggers/libdeflate to project.yaml now.

[DavidKorczynski]

#15598 (review)

[XananasX7]

Thanks for the review and the reference to #15598! I've added the missing main_repo: "https://github.com/ebiggers/libdeflate" to project.yaml in the latest commit. I'm also working on signing the CLA — apologies for missing that.

[XananasX7]

Thanks for the detailed feedback @DavidKorczynski — addressing all 5 points:

1. License headers — added Apache 2.0 license headers to all Dockerfiles that were missing them. This is now fixed across all open PRs.

2. Maintainer communication — acknowledged. I have reached out (or am reaching out) to the upstream maintainers for each project to let them know about the OSS-Fuzz integration and ideally get their involvement.

3. CLA — signed via the Google CLA portal. The bot check should reflect this.

4. Duplicate projects — closed PRs projects/cups: add OSS-Fuzz integration for IPP, PPD, and HTTP parsers #15591 (cups), projects/openvpn: add OSS-Fuzz integration for config parser and TLS handshake #15592 (openvpn), projects/libsndfile: add sndfile_write_fuzzer for encode/transcode path #15600 (libsndfile), hiredis: add RESP response reader fuzzer; nettle: add ECDSA/EC-point DER fuzzer #15584 (hiredis/nettle), and openssh: add sshconfig_fuzz support and authkeys_fuzz seed corpus #15585 (openssh) as those projects already exist. Apologies for the duplicates.

5. Fuzzers in upstream repos — working on getting the fuzz harnesses upstreamed. For the projects where I have open PRs on the upstream repos (libsndfile, tcpdump, openssh) those are in progress or being closed in favour of coordinating with maintainers directly.

The remaining open PRs here cover genuinely new projects not yet in OSS-Fuzz. Happy to address any other issues on those.

[XananasX7]

Reauthored all commits with the correct email (mehdiananas007@gmail.com) matching the signed Google Individual CLA. The CLA bot should now verify successfully.