/src/libjpeg-turbo.main/fuzz/compress12.cc
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C)2021, 2023 D. R. Commander. All Rights Reserved. |
3 | | * |
4 | | * Redistribution and use in source and binary forms, with or without |
5 | | * modification, are permitted provided that the following conditions are met: |
6 | | * |
7 | | * - Redistributions of source code must retain the above copyright notice, |
8 | | * this list of conditions and the following disclaimer. |
9 | | * - Redistributions in binary form must reproduce the above copyright notice, |
10 | | * this list of conditions and the following disclaimer in the documentation |
11 | | * and/or other materials provided with the distribution. |
12 | | * - Neither the name of the libjpeg-turbo Project nor the names of its |
13 | | * contributors may be used to endorse or promote products derived from this |
14 | | * software without specific prior written permission. |
15 | | * |
16 | | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS", |
17 | | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
18 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
19 | | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE |
20 | | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
21 | | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
22 | | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
23 | | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
24 | | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
25 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
26 | | * POSSIBILITY OF SUCH DAMAGE. |
27 | | */ |
28 | | |
29 | | #include <turbojpeg.h> |
30 | | #include <stdio.h> |
31 | | #include <stdlib.h> |
32 | | #include <stdint.h> |
33 | | #include <string.h> |
34 | | #include <unistd.h> |
35 | | |
36 | | |
37 | 22.9k | #define NUMTESTS 7 |
38 | | |
39 | | |
40 | | struct test { |
41 | | enum TJPF pf; |
42 | | enum TJSAMP subsamp; |
43 | | int quality; |
44 | | }; |
45 | | |
46 | | |
47 | | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
48 | 2.86k | { |
49 | 2.86k | tjhandle handle = NULL; |
50 | 2.86k | short *srcBuf = NULL; |
51 | 2.86k | unsigned char *dstBuf = NULL; |
52 | 2.86k | int width = 0, height = 0, fd = -1, i, ti; |
53 | 2.86k | char filename[FILENAME_MAX] = { 0 }; |
54 | 2.86k | struct test tests[NUMTESTS] = { |
55 | 2.86k | { TJPF_RGB, TJSAMP_444, 100 }, |
56 | 2.86k | { TJPF_BGR, TJSAMP_422, 90 }, |
57 | 2.86k | { TJPF_RGBX, TJSAMP_420, 80 }, |
58 | 2.86k | { TJPF_BGRA, TJSAMP_411, 70 }, |
59 | 2.86k | { TJPF_XRGB, TJSAMP_GRAY, 60 }, |
60 | 2.86k | { TJPF_GRAY, TJSAMP_GRAY, 50 }, |
61 | 2.86k | { TJPF_CMYK, TJSAMP_440, 40 } |
62 | 2.86k | }; |
63 | | #if defined(__has_feature) && __has_feature(memory_sanitizer) |
64 | | char env[18] = "JSIMD_FORCENONE=1"; |
65 | | |
66 | | /* The libjpeg-turbo SIMD extensions produce false positives with |
67 | | MemorySanitizer. */ |
68 | | putenv(env); |
69 | | #endif |
70 | | |
71 | 2.86k | snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress12_fuzz.XXXXXX"); |
72 | 2.86k | if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0) |
73 | 0 | goto bailout; |
74 | | |
75 | 2.86k | if ((handle = tj3Init(TJINIT_COMPRESS)) == NULL) |
76 | 0 | goto bailout; |
77 | | |
78 | 22.9k | for (ti = 0; ti < NUMTESTS; ti++) { |
79 | 20.0k | int sum = 0, pf = tests[ti].pf; |
80 | 20.0k | size_t dstSize = 0, maxBufSize; |
81 | | |
82 | | /* Test non-default compression options on specific iterations. */ |
83 | 20.0k | tj3Set(handle, TJPARAM_BOTTOMUP, ti == 0); |
84 | 20.0k | tj3Set(handle, TJPARAM_FASTDCT, ti == 0); |
85 | 20.0k | tj3Set(handle, TJPARAM_PROGRESSIVE, ti == 1 || ti == 3); |
86 | 20.0k | tj3Set(handle, TJPARAM_ARITHMETIC, ti == 2 || ti == 3); |
87 | 20.0k | tj3Set(handle, TJPARAM_NOREALLOC, ti != 2); |
88 | 20.0k | tj3Set(handle, TJPARAM_RESTARTROWS, ti == 1 || ti == 2 ? 2 : 0); |
89 | | |
90 | 20.0k | tj3Set(handle, TJPARAM_MAXPIXELS, 1048576); |
91 | | /* tj3LoadImage12() will refuse to load images larger than 1 Megapixel, so |
92 | | we don't need to check the width and height here. */ |
93 | 20.0k | if ((srcBuf = tj3LoadImage12(handle, filename, &width, 1, &height, |
94 | 20.0k | &pf)) == NULL) |
95 | 6.94k | continue; |
96 | | |
97 | 13.1k | maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp); |
98 | 13.1k | if (tj3Get(handle, TJPARAM_NOREALLOC)) { |
99 | 11.1k | if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL) |
100 | 0 | goto bailout; |
101 | 11.1k | } else |
102 | 1.92k | dstBuf = NULL; |
103 | | |
104 | 13.1k | tj3Set(handle, TJPARAM_SUBSAMP, tests[ti].subsamp); |
105 | 13.1k | tj3Set(handle, TJPARAM_QUALITY, tests[ti].quality); |
106 | 13.1k | if (tj3Compress12(handle, srcBuf, width, 0, height, pf, &dstBuf, |
107 | 13.1k | &dstSize) == 0) { |
108 | | /* Touch all of the output pixels in order to catch uninitialized reads |
109 | | when using MemorySanitizer. */ |
110 | 85.3M | for (i = 0; i < dstSize; i++) |
111 | 85.3M | sum += dstBuf[i]; |
112 | 13.0k | } |
113 | | |
114 | 13.1k | free(dstBuf); |
115 | 13.1k | dstBuf = NULL; |
116 | 13.1k | tj3Free(srcBuf); |
117 | 13.1k | srcBuf = NULL; |
118 | | |
119 | | /* Prevent the code above from being optimized out. This test should never |
120 | | be true, but the compiler doesn't know that. */ |
121 | 13.1k | if (sum > 255 * maxBufSize) |
122 | 0 | goto bailout; |
123 | 13.1k | } |
124 | | |
125 | 2.86k | bailout: |
126 | 2.86k | free(dstBuf); |
127 | 2.86k | tj3Free(srcBuf); |
128 | 2.86k | if (fd >= 0) { |
129 | 2.86k | close(fd); |
130 | 2.86k | if (strlen(filename) > 0) unlink(filename); |
131 | 2.86k | } |
132 | 2.86k | tj3Destroy(handle); |
133 | 2.86k | return 0; |
134 | 2.86k | } |