/src/libjpeg_turbo_fuzzer.cc
Line | Count | Source |
1 | | /* |
2 | | # Copyright 2016 Google Inc. |
3 | | # |
4 | | # Licensed under the Apache License, Version 2.0 (the "License"); |
5 | | # you may not use this file except in compliance with the License. |
6 | | # You may obtain a copy of the License at |
7 | | # |
8 | | # http://www.apache.org/licenses/LICENSE-2.0 |
9 | | # |
10 | | # Unless required by applicable law or agreed to in writing, software |
11 | | # distributed under the License is distributed on an "AS IS" BASIS, |
12 | | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | # See the License for the specific language governing permissions and |
14 | | # limitations under the License. |
15 | | # |
16 | | ################################################################################ |
17 | | */ |
18 | | |
19 | | #include <stdint.h> |
20 | | #include <stdlib.h> |
21 | | |
22 | | #include <memory> |
23 | | |
24 | | #include <turbojpeg.h> |
25 | | |
26 | | |
27 | 5.94k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
28 | 5.94k | tjhandle jpegDecompressor = tjInitDecompress(); |
29 | | |
30 | 5.94k | int width, height, subsamp, colorspace; |
31 | 5.94k | int res = tjDecompressHeader3( |
32 | 5.94k | jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace); |
33 | | |
34 | | // Bail out if decompressing the headers failed, the width or height is 0, |
35 | | // or the image is too large (avoids slowing down too much). Cast to size_t to |
36 | | // avoid overflows on the multiplication |
37 | 5.94k | if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) { |
38 | 1.82k | tjDestroy(jpegDecompressor); |
39 | 1.82k | return 0; |
40 | 1.82k | } |
41 | | |
42 | 4.11k | const int buffer_size = width * height * 3; |
43 | 4.11k | std::unique_ptr<unsigned char[]> buf(new unsigned char[buffer_size]); |
44 | 4.11k | tjDecompress2( |
45 | 4.11k | jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0); |
46 | | |
47 | | // For memory sanitizer, test each output byte |
48 | 4.11k | const unsigned char* raw_buf = buf.get(); |
49 | 4.11k | int count = 0; |
50 | 4.23G | for( int i = 0; i < buffer_size; i++ ) |
51 | 4.23G | { |
52 | 4.23G | if (raw_buf[i]) |
53 | 3.26G | { |
54 | 3.26G | count ++; |
55 | 3.26G | } |
56 | 4.23G | } |
57 | 4.11k | if (count == buffer_size) |
58 | 870 | { |
59 | | // Do something with side effect, so that all the above tests don't |
60 | | // get removed by the optimizer. |
61 | 870 | free(malloc(1)); |
62 | 870 | } |
63 | | |
64 | 4.11k | tjDestroy(jpegDecompressor); |
65 | | |
66 | 4.11k | return 0; |
67 | 4.11k | } |