/src/libvips/fuzz/generic_buffer_with_args_fuzzer.cc
Line | Count | Source |
1 | | #include <vips/vips.h> |
2 | | |
3 | | #define MAX_ARG_LEN 4096 // =VIPS_PATH_MAX |
4 | | |
5 | | extern "C" int |
6 | | LLVMFuzzerInitialize(int *argc, char ***argv) |
7 | 36 | { |
8 | 36 | if (VIPS_INIT(*argv[0])) |
9 | 0 | return -1; |
10 | | |
11 | 36 | vips_concurrency_set(1); |
12 | 36 | return 0; |
13 | 36 | } |
14 | | |
15 | | static char * |
16 | | ExtractLine(const guint8 *data, size_t size, size_t *n) |
17 | 3.98k | { |
18 | 3.98k | const guint8 *end; |
19 | | |
20 | 3.98k | end = static_cast<const guint8 *>( |
21 | 3.98k | memchr(data, '\n', VIPS_MIN(size, MAX_ARG_LEN))); |
22 | 3.98k | if (end == nullptr) |
23 | 0 | return nullptr; |
24 | | |
25 | 3.98k | *n = end - data; |
26 | 3.98k | return g_strndup(reinterpret_cast<const char *>(data), *n); |
27 | 3.98k | } |
28 | | |
29 | | extern "C" int |
30 | | LLVMFuzzerTestOneInput(const guint8 *data, size_t size) |
31 | 1.99k | { |
32 | 1.99k | VipsImage *image; |
33 | 1.99k | void *buf; |
34 | 1.99k | char *option_string, *suffix; |
35 | 1.99k | size_t len, n; |
36 | | |
37 | 1.99k | option_string = ExtractLine(data, size, &n); |
38 | 1.99k | if (option_string == nullptr) |
39 | 0 | return 0; |
40 | | |
41 | 1.99k | data += n + 1; |
42 | 1.99k | size -= n + 1; |
43 | | |
44 | 1.99k | suffix = ExtractLine(data, size, &n); |
45 | 1.99k | if (suffix == nullptr) { |
46 | 0 | g_free(option_string); |
47 | 0 | return 0; |
48 | 0 | } |
49 | | |
50 | 1.99k | data += n + 1; |
51 | 1.99k | size -= n + 1; |
52 | | |
53 | 1.99k | if (!(image = vips_image_new_from_buffer(data, size, option_string, nullptr))) { |
54 | 374 | g_free(option_string); |
55 | 374 | g_free(suffix); |
56 | 374 | return 0; |
57 | 374 | } |
58 | | |
59 | | // We're done with option_string, free early. |
60 | 1.62k | g_free(option_string); |
61 | | |
62 | 1.62k | if (image->Xsize > 100 || |
63 | 1.59k | image->Ysize > 100 || |
64 | 1.59k | image->Bands > 4) { |
65 | 31 | g_object_unref(image); |
66 | 31 | g_free(suffix); |
67 | 31 | return 0; |
68 | 31 | } |
69 | | |
70 | 1.58k | if (vips_image_write_to_buffer(image, suffix, &buf, &len, nullptr)) { |
71 | 262 | g_object_unref(image); |
72 | 262 | g_free(suffix); |
73 | 262 | return 0; |
74 | 262 | } |
75 | | |
76 | 1.32k | g_free(buf); |
77 | 1.32k | g_free(suffix); |
78 | 1.32k | g_object_unref(image); |
79 | | |
80 | 1.32k | return 0; |
81 | 1.58k | } |