Coverage Report

Created: 2023-06-07 06:03

/src/libjpeg-turbo.main/fuzz/compress_yuv.cc
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C)2021-2023 D. R. Commander.  All Rights Reserved.
3
 *
4
 * Redistribution and use in source and binary forms, with or without
5
 * modification, are permitted provided that the following conditions are met:
6
 *
7
 * - Redistributions of source code must retain the above copyright notice,
8
 *   this list of conditions and the following disclaimer.
9
 * - Redistributions in binary form must reproduce the above copyright notice,
10
 *   this list of conditions and the following disclaimer in the documentation
11
 *   and/or other materials provided with the distribution.
12
 * - Neither the name of the libjpeg-turbo Project nor the names of its
13
 *   contributors may be used to endorse or promote products derived from this
14
 *   software without specific prior written permission.
15
 *
16
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS",
17
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
20
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26
 * POSSIBILITY OF SUCH DAMAGE.
27
 */
28
29
#include <turbojpeg.h>
30
#include <stdio.h>
31
#include <stdlib.h>
32
#include <stdint.h>
33
#include <string.h>
34
#include <unistd.h>
35
36
37
24.7k
#define NUMTESTS  6
38
39
40
struct test {
41
  enum TJPF pf;
42
  enum TJSAMP subsamp;
43
  int quality;
44
};
45
46
47
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
48
3.53k
{
49
3.53k
  tjhandle handle = NULL;
50
3.53k
  unsigned char *srcBuf = NULL, *dstBuf = NULL, *yuvBuf = NULL;
51
3.53k
  int width = 0, height = 0, fd = -1, i, ti;
52
3.53k
  char filename[FILENAME_MAX] = { 0 };
53
3.53k
  struct test tests[NUMTESTS] = {
54
3.53k
    { TJPF_XBGR, TJSAMP_444, 100 },
55
3.53k
    { TJPF_XRGB, TJSAMP_422, 90 },
56
3.53k
    { TJPF_BGR, TJSAMP_420, 80 },
57
3.53k
    { TJPF_RGB, TJSAMP_411, 70 },
58
3.53k
    { TJPF_BGR, TJSAMP_GRAY, 60 },
59
3.53k
    { TJPF_GRAY, TJSAMP_GRAY, 50 }
60
3.53k
  };
61
#if defined(__has_feature) && __has_feature(memory_sanitizer)
62
  char env[18] = "JSIMD_FORCENONE=1";
63
64
  /* The libjpeg-turbo SIMD extensions produce false positives with
65
     MemorySanitizer. */
66
  putenv(env);
67
#endif
68
69
3.53k
  snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress_yuv_fuzz.XXXXXX");
70
3.53k
  if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
71
0
    goto bailout;
72
73
3.53k
  if ((handle = tj3Init(TJINIT_COMPRESS)) == NULL)
74
0
    goto bailout;
75
76
24.7k
  for (ti = 0; ti < NUMTESTS; ti++) {
77
21.2k
    int sum = 0, pf = tests[ti].pf;
78
21.2k
    size_t dstSize = 0, maxBufSize;
79
80
    /* Test non-default compression options on specific iterations. */
81
21.2k
    tj3Set(handle, TJPARAM_BOTTOMUP, ti == 0);
82
21.2k
    tj3Set(handle, TJPARAM_FASTDCT, ti == 1);
83
21.2k
    tj3Set(handle, TJPARAM_OPTIMIZE, ti == 4);
84
21.2k
    tj3Set(handle, TJPARAM_PROGRESSIVE, ti == 1 || ti == 3);
85
21.2k
    tj3Set(handle, TJPARAM_ARITHMETIC, ti == 2 || ti == 3);
86
21.2k
    tj3Set(handle, TJPARAM_NOREALLOC, 1);
87
21.2k
    tj3Set(handle, TJPARAM_RESTARTBLOCKS, ti == 3 || ti == 4 ? 4 : 0);
88
89
21.2k
    tj3Set(handle, TJPARAM_MAXPIXELS, 1048576);
90
    /* tj3LoadImage8() will refuse to load images larger than 1 Megapixel, so
91
       we don't need to check the width and height here. */
92
21.2k
    if ((srcBuf = tj3LoadImage8(handle, filename, &width, 1, &height,
93
21.2k
                                &pf)) == NULL)
94
9.94k
      continue;
95
96
11.2k
    maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp);
97
11.2k
    if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
98
0
      goto bailout;
99
11.2k
    if ((yuvBuf =
100
11.2k
         (unsigned char *)malloc(tj3YUVBufSize(width, 1, height,
101
11.2k
                                               tests[ti].subsamp))) == NULL)
102
0
      goto bailout;
103
104
11.2k
    tj3Set(handle, TJPARAM_SUBSAMP, tests[ti].subsamp);
105
11.2k
    tj3Set(handle, TJPARAM_QUALITY, tests[ti].quality);
106
11.2k
    if (tj3EncodeYUV8(handle, srcBuf, width, 0, height, pf, yuvBuf, 1) == 0 &&
107
11.2k
        tj3CompressFromYUV8(handle, yuvBuf, width, 1, height, &dstBuf,
108
11.2k
                            &dstSize) == 0) {
109
      /* Touch all of the output pixels in order to catch uninitialized reads
110
         when using MemorySanitizer. */
111
108M
      for (i = 0; i < dstSize; i++)
112
108M
        sum += dstBuf[i];
113
11.2k
    }
114
115
11.2k
    free(dstBuf);
116
11.2k
    dstBuf = NULL;
117
11.2k
    free(yuvBuf);
118
11.2k
    yuvBuf = NULL;
119
11.2k
    tj3Free(srcBuf);
120
11.2k
    srcBuf = NULL;
121
122
    /* Prevent the code above from being optimized out.  This test should never
123
       be true, but the compiler doesn't know that. */
124
11.2k
    if (sum > 255 * maxBufSize)
125
0
      goto bailout;
126
11.2k
  }
127
128
3.53k
bailout:
129
3.53k
  free(dstBuf);
130
3.53k
  free(yuvBuf);
131
3.53k
  tj3Free(srcBuf);
132
3.53k
  if (fd >= 0) {
133
3.53k
    close(fd);
134
3.53k
    if (strlen(filename) > 0) unlink(filename);
135
3.53k
  }
136
3.53k
  tj3Destroy(handle);
137
3.53k
  return 0;
138
3.53k
}