Mirrors/tinyusdz
0
0
Fork 0
mirror of https://github.com/lighttransport/tinyusdz.git synced 2026-01-18 01:11:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reduce max num pixels in fuzz testing.

Browse Source
This commit is contained in:
Syoyo Fujita
2023-05-20 21:19:24 +09:00
parent 09cd1a96ce
commit dc3b238c3c
1 changed files with 82 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
tests/fuzzer/wuffs_jpeg_decoding_fuzzmain.cc
View File

@@ -23,124 +23,129 @@
#include "external/wuffs-unsupported-snapshot.c"
static uint8_t* wuffs_decode_jpeg(const uint8_t* pData, size_t data_len, uint32_t &width, uint32_t &height,
std::string *err)
{
static uint8_t *wuffs_decode_jpeg(const uint8_t *pData, size_t data_len,
uint32_t &width, uint32_t &height,
std::string *err) {
constexpr uint64_t kMaxDataLen = 1024ull * 1024ull * 1024ull * 2;
// Up to 64K x 64K image
constexpr uint64_t kMaxPixels = 65536ull * 65536ull;
wuffs_jpeg__decoder* pDec = wuffs_jpeg__decoder__alloc();
if (!pDec) {
// Up to 64K x 64K image
//constexpr uint64_t kMaxPixels = 65536ull * 65536ull;
// Up to 16K x 16K
constexpr uint64_t kMaxPixels = 16384ull * 16384ull;
wuffs_jpeg__decoder *pDec = wuffs_jpeg__decoder__alloc();
if (!pDec) {
if (err) {
(*err) = "JPEG decoder allocation failed.\n";
}
return nullptr;
return nullptr;
}
//wuffs_jpeg__decoder__set_quirk_enabled(pDec, WUFFS_BASE__QUIRK_IGNORE_CHECKSUM, true);
wuffs_jpeg__decoder__set_quirk(pDec, WUFFS_BASE__QUIRK_IGNORE_CHECKSUM, true);
// wuffs_jpeg__decoder__set_quirk_enabled(pDec,
// WUFFS_BASE__QUIRK_IGNORE_CHECKSUM, true);
wuffs_jpeg__decoder__set_quirk(pDec, WUFFS_BASE__QUIRK_IGNORE_CHECKSUM, true);
wuffs_base__image_config ic;
wuffs_base__io_buffer src = wuffs_base__ptr_u8__reader((uint8_t *)pData, data_len, true);
wuffs_base__status status = wuffs_jpeg__decoder__decode_image_config(pDec, &ic, &src);
if (status.repr)
{
free(pDec);
wuffs_base__image_config ic;
wuffs_base__io_buffer src =
wuffs_base__ptr_u8__reader((uint8_t *)pData, data_len, true);
wuffs_base__status status =
wuffs_jpeg__decoder__decode_image_config(pDec, &ic, &src);
if (status.repr) {
free(pDec);
if (err) {
(*err) = "JPEG header decode failed.\n";
}
return nullptr;
}
return nullptr;
}
width = wuffs_base__pixel_config__width(&ic.pixcfg);
height = wuffs_base__pixel_config__height(&ic.pixcfg);
width = wuffs_base__pixel_config__width(&ic.pixcfg);
height = wuffs_base__pixel_config__height(&ic.pixcfg);
wuffs_base__pixel_config__set(&ic.pixcfg, WUFFS_BASE__PIXEL_FORMAT__RGBA_NONPREMUL, WUFFS_BASE__PIXEL_SUBSAMPLING__NONE, width, height);
wuffs_base__pixel_config__set(
&ic.pixcfg, WUFFS_BASE__PIXEL_FORMAT__RGBA_NONPREMUL,
WUFFS_BASE__PIXEL_SUBSAMPLING__NONE, width, height);
uint64_t workbuf_len = wuffs_jpeg__decoder__workbuf_len(pDec).max_incl;
if (workbuf_len > kMaxDataLen)
{
free(pDec);
uint64_t workbuf_len = wuffs_jpeg__decoder__workbuf_len(pDec).max_incl;
if (workbuf_len > kMaxDataLen) {
free(pDec);
if (err) {
(*err) = "Seems JPEG image is too big(2GB+).\n";
}
return nullptr;
}
wuffs_base__slice_u8 workbuf_slice = wuffs_base__make_slice_u8( (uint8_t *)malloc((size_t)workbuf_len), (size_t)workbuf_len);
if (!workbuf_slice.ptr)
{
free(pDec);
return nullptr;
}
wuffs_base__slice_u8 workbuf_slice = wuffs_base__make_slice_u8(
(uint8_t *)malloc((size_t)workbuf_len), (size_t)workbuf_len);
if (!workbuf_slice.ptr) {
free(pDec);
if (err) {
(*err) = "Failed to allocate slice buffer to decode JPEG.\n";
}
return nullptr;
}
return nullptr;
}
const uint64_t total_pixels = (uint64_t)width * (uint64_t)height;
if (total_pixels > kMaxPixels)
{
free(workbuf_slice.ptr);
free(pDec);
const uint64_t total_pixels = (uint64_t)width * (uint64_t)height;
if (total_pixels > kMaxPixels) {
free(workbuf_slice.ptr);
free(pDec);
if (err) {
(*err) = "Image extent is too large.\n";
}
return nullptr;
}
return nullptr;
}
void* pDecode_buf = malloc((size_t)(total_pixels * sizeof(uint32_t)));
if (!pDecode_buf)
{
free(workbuf_slice.ptr);
free(pDec);
void *pDecode_buf = malloc((size_t)(total_pixels * sizeof(uint32_t)));
if (!pDecode_buf) {
free(workbuf_slice.ptr);
free(pDec);
if (err) {
(*err) = "Failed to allocate decode buffer.\n";
}
return nullptr;
}
return nullptr;
}
wuffs_base__slice_u8 pixbuf_slice = wuffs_base__make_slice_u8((uint8_t*)pDecode_buf, (size_t)(total_pixels * sizeof(uint32_t)));
wuffs_base__slice_u8 pixbuf_slice = wuffs_base__make_slice_u8(
(uint8_t *)pDecode_buf, (size_t)(total_pixels * sizeof(uint32_t)));
wuffs_base__pixel_buffer pb;
status = wuffs_base__pixel_buffer__set_from_slice(&pb, &ic.pixcfg, pixbuf_slice);
if (status.repr)
{
free(workbuf_slice.ptr);
free(pDecode_buf);
free(pDec);
wuffs_base__pixel_buffer pb;
status =
wuffs_base__pixel_buffer__set_from_slice(&pb, &ic.pixcfg, pixbuf_slice);
if (status.repr) {
free(workbuf_slice.ptr);
free(pDecode_buf);
free(pDec);
if (err) {
(*err) = "Failed to setup Pixbuf.\n";
}
return nullptr;
}
return nullptr;
}
status = wuffs_jpeg__decoder__decode_frame(pDec, &pb, &src, WUFFS_BASE__PIXEL_BLEND__SRC, workbuf_slice, NULL);
if (status.repr)
{
free(workbuf_slice.ptr);
free(pDecode_buf);
free(pDec);
status = wuffs_jpeg__decoder__decode_frame(
pDec, &pb, &src, WUFFS_BASE__PIXEL_BLEND__SRC, workbuf_slice, NULL);
if (status.repr) {
free(workbuf_slice.ptr);
free(pDecode_buf);
free(pDec);
if (err) {
(*err) = "Failed to decode JPEG frame.\n";
}
return nullptr;
}
free(workbuf_slice.ptr);
free(pDec);
return nullptr;
}
return reinterpret_cast<uint8_t *>(pDecode_buf);
free(workbuf_slice.ptr);
free(pDec);
return reinterpret_cast<uint8_t *>(pDecode_buf);
}
static int decode_jpeg(const uint8_t* data, size_t size) {
static int decode_jpeg(const uint8_t *data, size_t size) {
// Up to 2GB
if (uint64_t(size) > 1024ull * 1024ull * 1024ull * 2) {
return -1;
@@ -156,7 +161,7 @@ static int decode_jpeg(const uint8_t* data, size_t size) {
return 0;
}
extern "C" int LLVMFuzzerTestOneInput(std::uint8_t const* data,
extern "C" int LLVMFuzzerTestOneInput(std::uint8_t const *data,
std::size_t size) {
return decode_jpeg(data, size);
}