/src/libwebp/tests/fuzzer/simple_api_fuzzer.cc

Source
// Copyright 2018 Google Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
////////////////////////////////////////////////////////////////////////////////

#include <cstddef>
#include <cstdint>
#include <cstdlib>
#include <string_view>

#include "./fuzz_utils.h"
#include "src/webp/decode.h"
#include "src/webp/types.h"

namespace {

void SimpleApiTest(std::string_view data_in) {
  const uint8_t* const data = reinterpret_cast<const uint8_t*>(data_in.data());
  const size_t size = data_in.size();
  int w, h;
  if (!WebPGetInfo(data, size, &w, &h)) return;
  if ((size_t)w * h > fuzz_utils::kFuzzPxLimit) return;

  const uint8_t value = fuzz_utils::FuzzHash(data, size);
  uint8_t* buf = NULL;

  // For *Into functions, which decode into an external buffer, an
  // intentionally too small buffer can be given with low probability.
  if (value < 0x16) {
    buf = WebPDecodeRGBA(data, size, &w, &h);
  } else if (value < 0x2b) {
    buf = WebPDecodeBGRA(data, size, &w, &h);
#if !defined(WEBP_REDUCE_CSP)
  } else if (value < 0x40) {
    buf = WebPDecodeARGB(data, size, &w, &h);
  } else if (value < 0x55) {
    buf = WebPDecodeRGB(data, size, &w, &h);
  } else if (value < 0x6a) {
    buf = WebPDecodeBGR(data, size, &w, &h);
#endif  // !defined(WEBP_REDUCE_CSP)
  } else if (value < 0x7f) {
    uint8_t *u, *v;
    int stride, uv_stride;
    buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
  } else if (value < 0xe8) {
    const int stride = (value < 0xbe ? 4 : 3) * w;
    size_t buf_size = stride * h;
    if (value % 0x10 == 0) buf_size--;
    uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
    if (value < 0x94) {
      (void)WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
#if !defined(WEBP_REDUCE_CSP)
    } else if (value < 0xa9) {
      (void)WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
    } else if (value < 0xbe) {
      (void)WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
    } else if (value < 0xd3) {
      (void)WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
#endif  // !defined(WEBP_REDUCE_CSP)
    } else {
      (void)WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
    }
    free(ext_buf);
  } else {
    size_t luma_size = w * h;
    const int uv_stride = (w + 1) / 2;
    size_t u_size = uv_stride * (h + 1) / 2;
    size_t v_size = uv_stride * (h + 1) / 2;
    if (value % 0x10 == 0) {
      if (size & 1) luma_size--;
      if (size & 2) u_size--;
      if (size & 4) v_size--;
    }
    uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
    uint8_t* const u_buf = (uint8_t*)malloc(u_size);
    uint8_t* const v_buf = (uint8_t*)malloc(v_size);
    (void)WebPDecodeYUVInto(data, size, luma_buf, luma_size,
                            w /* luma_stride */, u_buf, u_size, uv_stride,
                            v_buf, v_size, uv_stride);
    free(luma_buf);
    free(u_buf);
    free(v_buf);
  }

  if (buf) WebPFree(buf);
}

}  // namespace

FUZZ_TEST(SimpleApi, SimpleApiTest)
    .WithDomains(fuzztest::String().WithMaxSize(fuzz_utils::kMaxWebPFileSize +
                                                1));

Line	Count	Source
1		// Copyright 2018 Google Inc.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// http://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14		//
15		////////////////////////////////////////////////////////////////////////////////
16
17		#include <cstddef>
18		#include <cstdint>
19		#include <cstdlib>
20		#include <string_view>
21
22		#include "./fuzz_utils.h"
23		#include "src/webp/decode.h"
24		#include "src/webp/types.h"
25
26		namespace {
27
28	5.27k	void SimpleApiTest(std::string_view data_in) {
29	5.27k	const uint8_t* const data = reinterpret_cast<const uint8_t*>(data_in.data());
30	5.27k	const size_t size = data_in.size();
31	5.27k	int w, h;
32	5.27k	if (!WebPGetInfo(data, size, &w, &h)) return;
33	4.97k	if ((size_t)w * h > fuzz_utils::kFuzzPxLimit) return;
34
35	4.96k	const uint8_t value = fuzz_utils::FuzzHash(data, size);
36	4.96k	uint8_t* buf = NULL;
37
38		// For *Into functions, which decode into an external buffer, an
39		// intentionally too small buffer can be given with low probability.
40	4.96k	if (value < 0x16) {
41	457	buf = WebPDecodeRGBA(data, size, &w, &h);
42	4.50k	} else if (value < 0x2b) {
43	525	buf = WebPDecodeBGRA(data, size, &w, &h);
44	525	#if !defined(WEBP_REDUCE_CSP)
45	3.98k	} else if (value < 0x40) {
46	492	buf = WebPDecodeARGB(data, size, &w, &h);
47	3.48k	} else if (value < 0x55) {
48	459	buf = WebPDecodeRGB(data, size, &w, &h);
49	3.02k	} else if (value < 0x6a) {
50	420	buf = WebPDecodeBGR(data, size, &w, &h);
51	420	#endif // !defined(WEBP_REDUCE_CSP)
52	2.60k	} else if (value < 0x7f) {
53	363	uint8_t u, v;
54	363	int stride, uv_stride;
55	363	buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
56	2.24k	} else if (value < 0xe8) {
57	1.77k	const int stride = (value < 0xbe ? 4 : 3) * w;
58	1.77k	size_t buf_size = stride * h;
59	1.77k	if (value % 0x10 == 0) buf_size--;
60	1.77k	uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
61	1.77k	if (value < 0x94) {
62	390	(void)WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
63	390	#if !defined(WEBP_REDUCE_CSP)
64	1.38k	} else if (value < 0xa9) {
65	413	(void)WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
66	973	} else if (value < 0xbe) {
67	449	(void)WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
68	524	} else if (value < 0xd3) {
69	407	(void)WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
70	407	#endif // !defined(WEBP_REDUCE_CSP)
71	407	} else {
72	117	(void)WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
73	117	}
74	1.77k	free(ext_buf);
75	1.77k	} else {
76	470	size_t luma_size = w * h;
77	470	const int uv_stride = (w + 1) / 2;
78	470	size_t u_size = uv_stride * (h + 1) / 2;
79	470	size_t v_size = uv_stride * (h + 1) / 2;
80	470	if (value % 0x10 == 0) {
81	14	if (size & 1) luma_size--;
82	14	if (size & 2) u_size--;
83	14	if (size & 4) v_size--;
84	14	}
85	470	uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
86	470	uint8_t* const u_buf = (uint8_t*)malloc(u_size);
87	470	uint8_t* const v_buf = (uint8_t*)malloc(v_size);
88	470	(void)WebPDecodeYUVInto(data, size, luma_buf, luma_size,
89	470	w /* luma_stride */, u_buf, u_size, uv_stride,
90	470	v_buf, v_size, uv_stride);
91	470	free(luma_buf);
92	470	free(u_buf);
93	470	free(v_buf);
94	470	}
95
96	4.96k	if (buf) WebPFree(buf);
97	4.96k	}
98
99		} // namespace
100
101		FUZZ_TEST(SimpleApi, SimpleApiTest)
102		.WithDomains(fuzztest::String().WithMaxSize(fuzz_utils::kMaxWebPFileSize +
103		1));

Coverage Report

Created: 2025-08-26 06:43