/src/libjpeg-turbo.main/fuzz/compress.cc

Source (jump to first uncovered line)
/*
 * Copyright (C)2021, 2023 D. R. Commander.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 * - Redistributions in binary form must reproduce the above copyright notice,
 *   this list of conditions and the following disclaimer in the documentation
 *   and/or other materials provided with the distribution.
 * - Neither the name of the libjpeg-turbo Project nor the names of its
 *   contributors may be used to endorse or promote products derived from this
 *   software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS",
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */

#include <turbojpeg.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>


#define NUMTESTS  7


struct test {
  enum TJPF pf;
  enum TJSAMP subsamp;
  int quality;
};


extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  tjhandle handle = NULL;
  unsigned char *srcBuf = NULL, *dstBuf = NULL;
  int width = 0, height = 0, fd = -1, i, ti;
  char filename[FILENAME_MAX] = { 0 };
  struct test tests[NUMTESTS] = {
    { TJPF_RGB, TJSAMP_444, 100 },
    { TJPF_BGR, TJSAMP_422, 90 },
    { TJPF_RGBX, TJSAMP_420, 80 },
    { TJPF_BGRA, TJSAMP_411, 70 },
    { TJPF_XRGB, TJSAMP_GRAY, 60 },
    { TJPF_GRAY, TJSAMP_GRAY, 50 },
    { TJPF_CMYK, TJSAMP_440, 40 }
  };
#if defined(__has_feature) && __has_feature(memory_sanitizer)
  char env[18] = "JSIMD_FORCENONE=1";

  /* The libjpeg-turbo SIMD extensions produce false positives with
     MemorySanitizer. */
  putenv(env);
#endif

  snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress_fuzz.XXXXXX");
  if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
    goto bailout;

  if ((handle = tj3Init(TJINIT_COMPRESS)) == NULL)
    goto bailout;

  for (ti = 0; ti < NUMTESTS; ti++) {
    int sum = 0, pf = tests[ti].pf;
    size_t dstSize = 0, maxBufSize;

    /* Test non-default compression options on specific iterations. */
    tj3Set(handle, TJPARAM_BOTTOMUP, ti == 0);
    tj3Set(handle, TJPARAM_FASTDCT, ti == 1);
    tj3Set(handle, TJPARAM_OPTIMIZE, ti == 6);
    tj3Set(handle, TJPARAM_PROGRESSIVE, ti == 1 || ti == 3);
    tj3Set(handle, TJPARAM_ARITHMETIC, ti == 2 || ti == 3);
    tj3Set(handle, TJPARAM_NOREALLOC, ti != 2);
    tj3Set(handle, TJPARAM_RESTARTROWS, ti == 1 || ti == 2 ? 2 : 0);

    tj3Set(handle, TJPARAM_MAXPIXELS, 1048576);
    /* tj3LoadImage8() will refuse to load images larger than 1 Megapixel, so
       we don't need to check the width and height here. */
    if ((srcBuf = tj3LoadImage8(handle, filename, &width, 1, &height,
                                &pf)) == NULL)
      continue;

    maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp);
    if (tj3Get(handle, TJPARAM_NOREALLOC)) {
      if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
        goto bailout;
    } else
      dstBuf = NULL;

    tj3Set(handle, TJPARAM_SUBSAMP, tests[ti].subsamp);
    tj3Set(handle, TJPARAM_QUALITY, tests[ti].quality);
    if (tj3Compress8(handle, srcBuf, width, 0, height, pf, &dstBuf,
                     &dstSize) == 0) {
      /* Touch all of the output pixels in order to catch uninitialized reads
         when using MemorySanitizer. */
      for (i = 0; i < dstSize; i++)
        sum += dstBuf[i];
    }

    free(dstBuf);
    dstBuf = NULL;
    tj3Free(srcBuf);
    srcBuf = NULL;

    /* Prevent the code above from being optimized out.  This test should never
       be true, but the compiler doesn't know that. */
    if (sum > 255 * maxBufSize)
      goto bailout;
  }

bailout:
  free(dstBuf);
  tj3Free(srcBuf);
  if (fd >= 0) {
    close(fd);
    if (strlen(filename) > 0) unlink(filename);
  }
  tj3Destroy(handle);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C)2021, 2023 D. R. Commander. All Rights Reserved.
3		*
4		* Redistribution and use in source and binary forms, with or without
5		* modification, are permitted provided that the following conditions are met:
6		*
7		* - Redistributions of source code must retain the above copyright notice,
8		* this list of conditions and the following disclaimer.
9		* - Redistributions in binary form must reproduce the above copyright notice,
10		* this list of conditions and the following disclaimer in the documentation
11		* and/or other materials provided with the distribution.
12		* - Neither the name of the libjpeg-turbo Project nor the names of its
13		* contributors may be used to endorse or promote products derived from this
14		* software without specific prior written permission.
15		*
16		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS",
17		* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19		* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
20		* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21		* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22		* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23		* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24		* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26		* POSSIBILITY OF SUCH DAMAGE.
27		*/
28
29		#include <turbojpeg.h>
30		#include <stdio.h>
31		#include <stdlib.h>
32		#include <stdint.h>
33		#include <string.h>
34		#include <unistd.h>
35
36
37	31.0k	#define NUMTESTS 7
38
39
40		struct test {
41		enum TJPF pf;
42		enum TJSAMP subsamp;
43		int quality;
44		};
45
46
47		extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
48	3.87k	{
49	3.87k	tjhandle handle = NULL;
50	3.87k	unsigned char srcBuf = NULL, dstBuf = NULL;
51	3.87k	int width = 0, height = 0, fd = -1, i, ti;
52	3.87k	char filename[FILENAME_MAX] = { 0 };
53	3.87k	struct test tests[NUMTESTS] = {
54	3.87k	{ TJPF_RGB, TJSAMP_444, 100 },
55	3.87k	{ TJPF_BGR, TJSAMP_422, 90 },
56	3.87k	{ TJPF_RGBX, TJSAMP_420, 80 },
57	3.87k	{ TJPF_BGRA, TJSAMP_411, 70 },
58	3.87k	{ TJPF_XRGB, TJSAMP_GRAY, 60 },
59	3.87k	{ TJPF_GRAY, TJSAMP_GRAY, 50 },
60	3.87k	{ TJPF_CMYK, TJSAMP_440, 40 }
61	3.87k	};
62		#if defined(__has_feature) && __has_feature(memory_sanitizer)
63		char env[18] = "JSIMD_FORCENONE=1";
64
65		/* The libjpeg-turbo SIMD extensions produce false positives with
66		MemorySanitizer. */
67		putenv(env);
68		#endif
69
70	3.87k	snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress_fuzz.XXXXXX");
71	3.87k	if ((fd = mkstemp(filename)) < 0 \|\| write(fd, data, size) < 0)
72	0	goto bailout;
73
74	3.87k	if ((handle = tj3Init(TJINIT_COMPRESS)) == NULL)
75	0	goto bailout;
76
77	31.0k	for (ti = 0; ti < NUMTESTS; ti++) {
78	27.1k	int sum = 0, pf = tests[ti].pf;
79	27.1k	size_t dstSize = 0, maxBufSize;
80
81		/* Test non-default compression options on specific iterations. */
82	27.1k	tj3Set(handle, TJPARAM_BOTTOMUP, ti == 0);
83	27.1k	tj3Set(handle, TJPARAM_FASTDCT, ti == 1);
84	27.1k	tj3Set(handle, TJPARAM_OPTIMIZE, ti == 6);
85	27.1k	tj3Set(handle, TJPARAM_PROGRESSIVE, ti == 1 \|\| ti == 3);
86	27.1k	tj3Set(handle, TJPARAM_ARITHMETIC, ti == 2 \|\| ti == 3);
87	27.1k	tj3Set(handle, TJPARAM_NOREALLOC, ti != 2);
88	27.1k	tj3Set(handle, TJPARAM_RESTARTROWS, ti == 1 \|\| ti == 2 ? 2 : 0);
89
90	27.1k	tj3Set(handle, TJPARAM_MAXPIXELS, 1048576);
91		/* tj3LoadImage8() will refuse to load images larger than 1 Megapixel, so
92		we don't need to check the width and height here. */
93	27.1k	if ((srcBuf = tj3LoadImage8(handle, filename, &width, 1, &height,
94	27.1k	&pf)) == NULL)
95	13.3k	continue;
96
97	13.8k	maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp);
98	13.8k	if (tj3Get(handle, TJPARAM_NOREALLOC)) {
99	11.7k	if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
100	0	goto bailout;
101	11.7k	} else
102	2.03k	dstBuf = NULL;
103
104	13.8k	tj3Set(handle, TJPARAM_SUBSAMP, tests[ti].subsamp);
105	13.8k	tj3Set(handle, TJPARAM_QUALITY, tests[ti].quality);
106	13.8k	if (tj3Compress8(handle, srcBuf, width, 0, height, pf, &dstBuf,
107	13.8k	&dstSize) == 0) {
108		/* Touch all of the output pixels in order to catch uninitialized reads
109		when using MemorySanitizer. */
110	193M	for (i = 0; i < dstSize; i++)
111	193M	sum += dstBuf[i];
112	13.7k	}
113
114	13.8k	free(dstBuf);
115	13.8k	dstBuf = NULL;
116	13.8k	tj3Free(srcBuf);
117	13.8k	srcBuf = NULL;
118
119		/* Prevent the code above from being optimized out. This test should never
120		be true, but the compiler doesn't know that. */
121	13.8k	if (sum > 255 * maxBufSize)
122	0	goto bailout;
123	13.8k	}
124
125	3.87k	bailout:
126	3.87k	free(dstBuf);
127	3.87k	tj3Free(srcBuf);
128	3.87k	if (fd >= 0) {
129	3.87k	close(fd);
130	3.87k	if (strlen(filename) > 0) unlink(filename);
131	3.87k	}
132	3.87k	tj3Destroy(handle);
133	3.87k	return 0;
134	3.87k	}

Coverage Report

Created: 2023-06-07 06:03