Coverage Report

Created: 2023-06-07 06:03

/src/libjpeg-turbo.main/fuzz/cjpeg.cc
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C)2021 D. R. Commander.  All Rights Reserved.
3
 *
4
 * Redistribution and use in source and binary forms, with or without
5
 * modification, are permitted provided that the following conditions are met:
6
 *
7
 * - Redistributions of source code must retain the above copyright notice,
8
 *   this list of conditions and the following disclaimer.
9
 * - Redistributions in binary form must reproduce the above copyright notice,
10
 *   this list of conditions and the following disclaimer in the documentation
11
 *   and/or other materials provided with the distribution.
12
 * - Neither the name of the libjpeg-turbo Project nor the names of its
13
 *   contributors may be used to endorse or promote products derived from this
14
 *   software without specific prior written permission.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS",
17
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
20
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26
 * POSSIBILITY OF SUCH DAMAGE.
27
 */
28
29
/* This fuzz target wraps cjpeg in order to test esoteric compression options
30
   as well as the GIF and Targa readers. */
31
32
#define main  cjpeg_main
33
#define CJPEG_FUZZER
34
extern "C" {
35
#include "../cjpeg.c"
36
}
37
#undef main
38
#undef CJPEG_FUZZER
39
40
#include <stdint.h>
41
#include <unistd.h>
42
43
44
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
45
31
{
46
31
  char filename[FILENAME_MAX] = { 0 };
47
31
  char *argv1[] = {
48
31
    (char *)"cjpeg", (char *)"-dct", (char *)"float", (char *)"-memdst",
49
31
    (char *)"-optimize", (char *)"-quality", (char *)"100,99,98",
50
31
    (char *)"-restart", (char *)"2", (char *)"-sample", (char *)"4x1,2x2,1x2",
51
31
    (char *)"-targa", NULL
52
31
  };
53
31
  char *argv2[] = {
54
31
    (char *)"cjpeg", (char *)"-arithmetic", (char *)"-dct", (char *)"float",
55
31
    (char *)"-memdst", (char *)"-quality", (char *)"90,80,70", (char *)"-rgb",
56
31
    (char *)"-sample", (char *)"2x2", (char *)"-smooth", (char *)"50",
57
31
    (char *)"-targa", NULL
58
31
  };
59
31
  int fd = -1;
60
#if defined(__has_feature) && __has_feature(memory_sanitizer)
61
  char env[18] = "JSIMD_FORCENONE=1";
62
63
  /* The libjpeg-turbo SIMD extensions produce false positives with
64
     MemorySanitizer. */
65
  putenv(env);
66
#endif
67
68
31
  snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_cjpeg_fuzz.XXXXXX");
69
31
  if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
70
0
    goto bailout;
71
72
31
  argv1[12] = argv2[13] = filename;
73
74
31
  cjpeg_main(13, argv1);
75
31
  cjpeg_main(14, argv2);
76
77
31
  argv1[12] = argv2[13] = NULL;
78
31
  argv1[11] = argv2[12] = filename;
79
80
31
  cjpeg_main(12, argv1);
81
31
  cjpeg_main(13, argv2);
82
83
31
bailout:
84
31
  if (fd >= 0) {
85
31
    close(fd);
86
31
    if (strlen(filename) > 0) unlink(filename);
87
31
  }
88
31
  return 0;
89
31
}