/src/load_from_memory_fuzzer.cc
Line | Count | Source |
1 | | #include <cstddef> |
2 | | #include <cstdint> |
3 | | #include <cstdlib> |
4 | | #include <vector> |
5 | | #include <FreeImage.h> |
6 | | |
7 | | namespace { |
8 | | |
9 | | // Returns true if the format should be attempted to loaded from memory. |
10 | 15.3k | bool SafeToLoadFromMemory(FREE_IMAGE_FORMAT fif) { |
11 | | // For now, just load if it is a BMP. Future heuristics may need to be based |
12 | | // on the expected size in different formats for memory regions to avoid OOMs. |
13 | 15.3k | return fif == FIF_BMP; |
14 | 15.3k | } |
15 | | |
16 | | } // namespace |
17 | | |
18 | 15.3k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
19 | 15.3k | static bool initialized = false; |
20 | 15.3k | if (!initialized) { |
21 | 15.3k | FreeImage_Initialise(); |
22 | 15.3k | } |
23 | | |
24 | 15.3k | if (size > 100 * 1000) { |
25 | 1 | return 0; |
26 | 1 | } |
27 | | |
28 | 15.3k | std::vector<uint8_t> fuzzer_data_vector(data, data + size); |
29 | 15.3k | FIMEMORY* fiMem = FreeImage_OpenMemory( |
30 | 15.3k | reinterpret_cast<unsigned char*>(fuzzer_data_vector.data()), |
31 | 15.3k | fuzzer_data_vector.size()); |
32 | | |
33 | 15.3k | FREE_IMAGE_FORMAT fif = FreeImage_GetFileTypeFromMemory(fiMem, 0); |
34 | 15.3k | if (SafeToLoadFromMemory(fif)) { |
35 | 34 | FIBITMAP* fiBitmap = FreeImage_LoadFromMemory(fif, fiMem); |
36 | 34 | FreeImage_Unload(fiBitmap); |
37 | 34 | } |
38 | 15.3k | FreeImage_CloseMemory(fiMem); |
39 | | |
40 | 15.3k | return 0; |
41 | 15.3k | } |