/src/libwebp/tests/fuzzer/imageio_fuzzer.cc

Source (jump to first uncovered line)
// Copyright 2024 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

// Fuzzing of libwebp's image readers

#include <cstddef>
#include <cstdint>
#include <cstdlib>
#include <iostream>
#include <string_view>

#include "imageio/image_dec.h"
#include "imageio/metadata.h"
#include "src/webp/encode.h"
#include "tests/fuzzer/fuzz_utils.h"

namespace {

void TestReader(const uint8_t *data, size_t size, WebPImageReader reader,
                bool keep_alpha, bool use_argb) {
  WebPPicture pic;
  if (!WebPPictureInit(&pic)) {
    std::cerr << "WebPPictureInit failed" << std::endl;
    std::abort();
  }
  Metadata metadata;
  MetadataInit(&metadata);
  pic.use_argb = use_argb ? 1 : 0;

  if (!fuzz_utils::IsImageTooBig(data, size)) {
    (void)(*reader)(data, size, &pic, keep_alpha ? 1 : 0, &metadata);
  }
  WebPPictureFree(&pic);
  MetadataFree(&metadata);
}

constexpr WebPInputFileFormat kUnknown = WEBP_UNSUPPORTED_FORMAT;

void Decode(std::string_view arbitrary_bytes, WebPInputFileFormat format,
            bool keep_alpha, bool use_argb) {
  const uint8_t *data =
      reinterpret_cast<const uint8_t *>(arbitrary_bytes.data());
  const size_t size = arbitrary_bytes.size();
  if (format == kUnknown) {
    (void)WebPGuessImageType(data, size);  // shouldn't fail
    TestReader(data, size, WebPGuessImageReader(data, size), keep_alpha,
               use_argb);
  } else {
    TestReader(data, size, WebPGetImageReader(format), keep_alpha, use_argb);
  }
}

FUZZ_TEST(ImageIOSuite, Decode)
    .WithDomains(
        fuzztest::String()
            .WithMaxSize(fuzz_utils::kMaxWebPFileSize + 1),
        fuzztest::ElementOf<WebPInputFileFormat>(
            {WEBP_PNG_FORMAT, WEBP_JPEG_FORMAT, WEBP_TIFF_FORMAT,
             WEBP_WEBP_FORMAT, WEBP_PNM_FORMAT, kUnknown}),
        /*keep_alpha=*/fuzztest::Arbitrary<bool>(),
        /*use_argb=*/fuzztest::Arbitrary<bool>());

}  // namespace

Line	Count	Source (jump to first uncovered line)
1		// Copyright 2024 Google Inc.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14		//
15		////////////////////////////////////////////////////////////////////////////////
16
17		// Fuzzing of libwebp's image readers
18
19		#include <cstddef>
20		#include <cstdint>
21		#include <cstdlib>
22		#include <iostream>
23		#include <string_view>
24
25		#include "imageio/image_dec.h"
26		#include "imageio/metadata.h"
27		#include "src/webp/encode.h"
28		#include "tests/fuzzer/fuzz_utils.h"
29
30		namespace {
31
32		void TestReader(const uint8_t *data, size_t size, WebPImageReader reader,
33	5.77k	bool keep_alpha, bool use_argb) {
34	5.77k	WebPPicture pic;
35	5.77k	if (!WebPPictureInit(&pic)) {
36	0	std::cerr << "WebPPictureInit failed" << std::endl;
37	0	std::abort();
38	0	}
39	5.77k	Metadata metadata;
40	5.77k	MetadataInit(&metadata);
41	5.77k	pic.use_argb = use_argb ? 1 : 0;
42
43	5.77k	if (!fuzz_utils::IsImageTooBig(data, size)) {
44	5.74k	(void)(*reader)(data, size, &pic, keep_alpha ? 1 : 0, &metadata);
45	5.74k	}
46	5.77k	WebPPictureFree(&pic);
47	5.77k	MetadataFree(&metadata);
48	5.77k	}
49
50		constexpr WebPInputFileFormat kUnknown = WEBP_UNSUPPORTED_FORMAT;
51
52		void Decode(std::string_view arbitrary_bytes, WebPInputFileFormat format,
53	5.77k	bool keep_alpha, bool use_argb) {
54	5.77k	const uint8_t *data =
55	5.77k	reinterpret_cast<const uint8_t *>(arbitrary_bytes.data());
56	5.77k	const size_t size = arbitrary_bytes.size();
57	5.77k	if (format == kUnknown) {
58	657	(void)WebPGuessImageType(data, size); // shouldn't fail
59	657	TestReader(data, size, WebPGuessImageReader(data, size), keep_alpha,
60	657	use_argb);
61	5.11k	} else {
62	5.11k	TestReader(data, size, WebPGetImageReader(format), keep_alpha, use_argb);
63	5.11k	}
64	5.77k	}
65
66		FUZZ_TEST(ImageIOSuite, Decode)
67		.WithDomains(
68		fuzztest::String()
69		.WithMaxSize(fuzz_utils::kMaxWebPFileSize + 1),
70		fuzztest::ElementOf<WebPInputFileFormat>(
71		{WEBP_PNG_FORMAT, WEBP_JPEG_FORMAT, WEBP_TIFF_FORMAT,
72		WEBP_WEBP_FORMAT, WEBP_PNM_FORMAT, kUnknown}),
73		/keep_alpha=/fuzztest::Arbitrary<bool>(),
74		/use_argb=/fuzztest::Arbitrary<bool>());
75
76		} // namespace

Coverage Report

Created: 2025-07-11 06:36