diff options
author | Yannis Guyon <yguyon@google.com> | 2023-02-07 17:59:00 +0100 |
---|---|---|
committer | Yannis Guyon <yguyon@google.com> | 2023-02-07 18:05:42 +0100 |
commit | 52b6f0670381917161e3d7089f5b0ab5f13acbf1 (patch) | |
tree | 6f49802325a25041b7865fe4deebcac20bb493b2 | |
parent | 7361842839ebec7e95e30d15172d6b21d9e2403b (diff) | |
download | libwebp-52b6f0670381917161e3d7089f5b0ab5f13acbf1.tar.gz |
Fix scaling limit in advanced_api_fuzzer.c
config.options.scaled_width or config.options.scaled_height being 0
means a ratio-conservative scaling so 7361842 was not enough.
Change-Id: Ib75241eb683cf824bc46222c5c07535b6c6d7313
-rw-r--r-- | tests/fuzzer/advanced_api_fuzzer.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c index ab183b1c..291d0c03 100644 --- a/tests/fuzzer/advanced_api_fuzzer.c +++ b/tests/fuzzer/advanced_api_fuzzer.c @@ -14,9 +14,11 @@ // //////////////////////////////////////////////////////////////////////////////// +#include <stdint.h> #include <string.h> #include "./fuzz_utils.h" +#include "src/utils/rescaler_utils.h" #include "src/webp/decode.h" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) { @@ -73,11 +75,15 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) { memcpy(&config.options, data + data_offset, sizeof(config.options)); // Skip easily avoidable out-of-memory fuzzing errors. - if (config.options.use_scaling && config.options.scaled_width > 0 && - config.options.scaled_height > 0 && - (size_t)config.options.scaled_width * config.options.scaled_height > - kFuzzPxLimit) { - break; + if (config.options.use_scaling) { + int scaled_width = config.options.scaled_width; + int scaled_height = config.options.scaled_height; + if (WebPRescalerGetScaledDimensions(config.input.width, + config.input.height, &scaled_width, + &scaled_height) && + (uint64_t)scaled_width * scaled_height > kFuzzPxLimit) { + break; + } } } if (size % 3) { |