/src/libwebp/tests/fuzzer/animation_api_fuzzer.cc
Line | Count | Source |
1 | | // Copyright 2018 Google Inc. |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // http://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | // |
15 | | //////////////////////////////////////////////////////////////////////////////// |
16 | | |
17 | | #include <cstddef> |
18 | | #include <cstdint> |
19 | | #include <string_view> |
20 | | |
21 | | #include "./fuzz_utils.h" |
22 | | #include "src/webp/decode.h" |
23 | | #include "src/webp/demux.h" |
24 | | #include "src/webp/mux_types.h" |
25 | | |
26 | | namespace { |
27 | | |
28 | | void AnimationApiTest(std::string_view blob, bool use_threads, |
29 | 3.83k | WEBP_CSP_MODE color_mode) { |
30 | 3.83k | const size_t size = blob.size(); |
31 | 3.83k | WebPData webp_data; |
32 | 3.83k | WebPDataInit(&webp_data); |
33 | 3.83k | webp_data.size = size; |
34 | 3.83k | webp_data.bytes = reinterpret_cast<const uint8_t*>(blob.data()); |
35 | | |
36 | | // WebPAnimDecoderNew uses WebPDemux internally to calloc canvas size. |
37 | 3.83k | WebPDemuxer* const demux = WebPDemux(&webp_data); |
38 | 3.83k | if (!demux) return; |
39 | 3.62k | const uint32_t cw = WebPDemuxGetI(demux, WEBP_FF_CANVAS_WIDTH); |
40 | 3.62k | const uint32_t ch = WebPDemuxGetI(demux, WEBP_FF_CANVAS_HEIGHT); |
41 | 3.62k | if ((size_t)cw * ch > fuzz_utils::kFuzzPxLimit) { |
42 | 13 | WebPDemuxDelete(demux); |
43 | 13 | return; |
44 | 13 | } |
45 | | |
46 | | // In addition to canvas size, check each frame separately. |
47 | 3.60k | WebPIterator iter; |
48 | 7.21k | for (int i = 0; i < fuzz_utils::kFuzzFrameLimit; i++) { |
49 | 7.21k | if (!WebPDemuxGetFrame(demux, i + 1, &iter)) break; |
50 | 3.60k | int w, h; |
51 | 3.60k | if (WebPGetInfo(iter.fragment.bytes, iter.fragment.size, &w, &h)) { |
52 | 3.60k | if ((size_t)w * h > |
53 | 3.60k | fuzz_utils::kFuzzPxLimit) { // image size of the frame payload |
54 | 0 | WebPDemuxReleaseIterator(&iter); |
55 | 0 | WebPDemuxDelete(demux); |
56 | 0 | return; |
57 | 0 | } |
58 | 3.60k | } |
59 | 3.60k | } |
60 | | |
61 | 3.60k | WebPDemuxReleaseIterator(&iter); |
62 | 3.60k | WebPDemuxDelete(demux); |
63 | | |
64 | 3.60k | WebPAnimDecoderOptions dec_options; |
65 | 3.60k | if (!WebPAnimDecoderOptionsInit(&dec_options)) return; |
66 | | |
67 | 3.60k | dec_options.use_threads = use_threads; |
68 | 3.60k | dec_options.color_mode = color_mode; |
69 | | |
70 | 3.60k | WebPAnimDecoder* dec = WebPAnimDecoderNew(&webp_data, &dec_options); |
71 | 3.60k | if (!dec) return; |
72 | | |
73 | 4.32k | for (int i = 0; i < fuzz_utils::kFuzzFrameLimit; i++) { |
74 | 4.32k | uint8_t* buf; |
75 | 4.32k | int timestamp; |
76 | 4.32k | if (!WebPAnimDecoderGetNext(dec, &buf, ×tamp)) break; |
77 | 4.32k | } |
78 | | |
79 | 3.60k | WebPAnimDecoderDelete(dec); |
80 | 3.60k | } |
81 | | |
82 | | } // namespace |
83 | | |
84 | | FUZZ_TEST(AnimationApi, AnimationApiTest) |
85 | | .WithDomains(fuzztest::String().WithMaxSize(fuzz_utils::kMaxWebPFileSize + |
86 | | 1), |
87 | | /*use_threads=*/fuzztest::Arbitrary<bool>(), |
88 | | // Animations only support 4 (out of 12) modes. |
89 | | fuzztest::ElementOf<WEBP_CSP_MODE>({MODE_RGBA, MODE_BGRA, |
90 | | MODE_rgbA, MODE_bgrA})); |