/src/image_fuzz.cpp

Source (jump to first uncovered line)
/* Copyright 2023 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

/*
 * The main idea behind this fuzzer is the generate arbitrary stack traces
 * by way of recursive funcitons, and then using various calls to libunwind
 * apis arbitrarily.
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

#include <iostream>
#include <string>

#include "OgreRoot.h"
#include "OgreStaticPluginLoader.h"

#include "OgreConfigFile.h"
#include "OgreException.h"
#include "OgreLogManager.h"
#include "OgreSTBICodec.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  static int initialized = 0;
  if (initialized == 0) {
    Ogre::LogManager *logMgr = new Ogre::LogManager();
    logMgr->createLog("OgreTest.log", true, false);
    logMgr->setMinLogLevel(Ogre::LML_TRIVIAL);
    initialized = 1;

    Ogre::Root root("");
    OgreBites::StaticPluginLoader mStaticPluginLoader;
    mStaticPluginLoader.load();
  }

  char filename[256];
  sprintf(filename, "/tmp/libfuzzer-%d.png", getpid());
  FILE *fp = fopen(filename, "wb");
  if (!fp) {
    return 0;
  }
  fwrite(data, size, 1, fp);
  fclose(fp);

  // Write an empty config file.
  char file_to_load[256];
  char file_to_save[256];
  sprintf(file_to_load, "/tmp/config-%d.cfg", getpid());
  sprintf(file_to_save, "/tmp/ftosave-%d.png", getpid());
  FILE *fp2 = fopen(file_to_load, "wb");
  if (!fp2) {
    return 0;
  }
  fwrite(" ", 1, 1, fp2);
  fclose(fp2);

  Ogre::ResourceGroupManager mgr;
  try {
    Ogre::STBIImageCodec::startup();
    Ogre::ConfigFile cf;
    cf.load(file_to_load);
    std::ifstream file1(filename, std::ios::in | std::ios::binary);
    Ogre::DataStreamPtr data1 =
        Ogre::DataStreamPtr(OGRE_NEW Ogre::FileStreamDataStream(&file1, false));
    Ogre::Image img;
    img.load(data1, "png");
    img.save(file_to_save);
  } catch (Ogre::ItemIdentityException) {
  } catch (Ogre::InternalErrorException) {
  }

  Ogre::STBIImageCodec::shutdown();
  unlink(filename);
  unlink(file_to_load);
  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/* Copyright 2023 Google LLC
2		Licensed under the Apache License, Version 2.0 (the "License");
3		you may not use this file except in compliance with the License.
4		You may obtain a copy of the License at
5		http://www.apache.org/licenses/LICENSE-2.0
6		Unless required by applicable law or agreed to in writing, software
7		distributed under the License is distributed on an "AS IS" BASIS,
8		WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9		See the License for the specific language governing permissions and
10		limitations under the License.
11		*/
12
13		/*
14		* The main idea behind this fuzzer is the generate arbitrary stack traces
15		* by way of recursive funcitons, and then using various calls to libunwind
16		* apis arbitrarily.
17		*/
18		#include <stdio.h>
19		#include <stdlib.h>
20		#include <unistd.h>
21
22		#include <iostream>
23		#include <string>
24
25		#include "OgreRoot.h"
26		#include "OgreStaticPluginLoader.h"
27
28		#include "OgreConfigFile.h"
29		#include "OgreException.h"
30		#include "OgreLogManager.h"
31		#include "OgreSTBICodec.h"
32
33	3.55k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
34	3.55k	static int initialized = 0;
35	3.55k	if (initialized == 0) {
36	1	Ogre::LogManager *logMgr = new Ogre::LogManager();
37	1	logMgr->createLog("OgreTest.log", true, false);
38	1	logMgr->setMinLogLevel(Ogre::LML_TRIVIAL);
39	1	initialized = 1;
40
41	1	Ogre::Root root("");
42	1	OgreBites::StaticPluginLoader mStaticPluginLoader;
43	1	mStaticPluginLoader.load();
44	1	}
45
46	3.55k	char filename[256];
47	3.55k	sprintf(filename, "/tmp/libfuzzer-%d.png", getpid());
48	3.55k	FILE *fp = fopen(filename, "wb");
49	3.55k	if (!fp) {
50	0	return 0;
51	0	}
52	3.55k	fwrite(data, size, 1, fp);
53	3.55k	fclose(fp);
54
55		// Write an empty config file.
56	3.55k	char file_to_load[256];
57	3.55k	char file_to_save[256];
58	3.55k	sprintf(file_to_load, "/tmp/config-%d.cfg", getpid());
59	3.55k	sprintf(file_to_save, "/tmp/ftosave-%d.png", getpid());
60	3.55k	FILE *fp2 = fopen(file_to_load, "wb");
61	3.55k	if (!fp2) {
62	0	return 0;
63	0	}
64	3.55k	fwrite(" ", 1, 1, fp2);
65	3.55k	fclose(fp2);
66
67	3.55k	Ogre::ResourceGroupManager mgr;
68	3.55k	try {
69	3.55k	Ogre::STBIImageCodec::startup();
70	3.55k	Ogre::ConfigFile cf;
71	3.55k	cf.load(file_to_load);
72	3.55k	std::ifstream file1(filename, std::ios::in \| std::ios::binary);
73	3.55k	Ogre::DataStreamPtr data1 =
74	3.55k	Ogre::DataStreamPtr(OGRE_NEW Ogre::FileStreamDataStream(&file1, false));
75	3.55k	Ogre::Image img;
76	3.55k	img.load(data1, "png");
77	3.55k	img.save(file_to_save);
78	3.55k	} catch (Ogre::ItemIdentityException) {
79	2.46k	} catch (Ogre::InternalErrorException) {
80	2.46k	}
81
82	3.55k	Ogre::STBIImageCodec::shutdown();
83	3.55k	unlink(filename);
84	3.55k	unlink(file_to_load);
85	3.55k	return 0;
86	3.55k	}

Coverage Report

Created: 2025-07-11 06:36