/src/libheif/fuzzing/box_fuzzer.cc

Source
/*
 * HEIF codec.
 * Copyright (c) 2017 struktur AG, Joachim Bauch <bauch@struktur.de>
 *
 * This file is part of libheif.
 *
 * libheif is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation, either version 3 of
 * the License, or (at your option) any later version.
 *
 * libheif is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with libheif.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <sstream>

#include "box.h"
#include "bitstream.h"
#include "context.h"
#include "logging.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
  auto reader = std::make_shared<StreamReader_memory>(data, size, false);

  // --- OSS-Fuzz assumes a bug if the allocated memory exceeds 2560 MB.
  //     Set a lower allocation limit to prevent this.

  // Use a context for tracking the memory usage and set the reduced limit.
  HeifContext ctx;
  ctx.get_security_limits()->max_total_memory = UINT64_C(2) * 1024 * 1024 * 1024;

  BitstreamRange range(reader, size);
  for (;;) {
    std::shared_ptr<Box> box;
    Error error = Box::read(range, &box, ctx.get_security_limits());
    if (error != Error::Ok || range.error()) {
      break;
    }

    box->get_type();
    box->get_type_string();
    Indent indent;
    box->dump(indent);
  }

  return 0;
}

Line	Count	Source
1		/*
2		* HEIF codec.
3		* Copyright (c) 2017 struktur AG, Joachim Bauch <bauch@struktur.de>
4		*
5		* This file is part of libheif.
6		*
7		* libheif is free software: you can redistribute it and/or modify
8		* it under the terms of the GNU Lesser General Public License as
9		* published by the Free Software Foundation, either version 3 of
10		* the License, or (at your option) any later version.
11		*
12		* libheif is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU Lesser General Public License for more details.
16		*
17		* You should have received a copy of the GNU Lesser General Public License
18		* along with libheif. If not, see <http://www.gnu.org/licenses/>.
19		*/
20
21		#include <sstream>
22
23		#include "box.h"
24		#include "bitstream.h"
25		#include "context.h"
26		#include "logging.h"
27
28		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
29	3.38k	{
30	3.38k	auto reader = std::make_shared<StreamReader_memory>(data, size, false);
31
32		// --- OSS-Fuzz assumes a bug if the allocated memory exceeds 2560 MB.
33		// Set a lower allocation limit to prevent this.
34
35		// Use a context for tracking the memory usage and set the reduced limit.
36	3.38k	HeifContext ctx;
37	3.38k	ctx.get_security_limits()->max_total_memory = UINT64_C(2) * 1024 * 1024 * 1024;
38
39	3.38k	BitstreamRange range(reader, size);
40	62.1k	for (;;) {
41	62.1k	std::shared_ptr<Box> box;
42	62.1k	Error error = Box::read(range, &box, ctx.get_security_limits());
43	62.1k	if (error != Error::Ok \|\| range.error()) {
44	3.38k	break;
45	3.38k	}
46
47	58.7k	box->get_type();
48	58.7k	box->get_type_string();
49	58.7k	Indent indent;
50	58.7k	box->dump(indent);
51	58.7k	}
52
53	3.38k	return 0;
54	3.38k	}

Coverage Report

Created: 2025-10-12 06:18