diff options
author | Yannis Guyon <yguyon@google.com> | 2023-01-27 14:39:14 +0100 |
---|---|---|
committer | Yannis Guyon <yguyon@google.com> | 2023-01-27 14:39:14 +0100 |
commit | 7361842839ebec7e95e30d15172d6b21d9e2403b (patch) | |
tree | b146828799b26ffaaf82000d18fe75201f2c36a1 | |
parent | b54d21a01d975c9a5681e8d3db6e0f55265ea5bb (diff) | |
download | libwebp-7361842839ebec7e95e30d15172d6b21d9e2403b.tar.gz |
Limit scaling in libwebp advanced_api_fuzzer.c
Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
-rw-r--r-- | tests/fuzzer/advanced_api_fuzzer.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c index a5323e4d..ab183b1c 100644 --- a/tests/fuzzer/advanced_api_fuzzer.c +++ b/tests/fuzzer/advanced_api_fuzzer.c @@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) { // files prepended with sizeof(config.options) zeroes to allow the fuzzer // to modify these independently. const int data_offset = 50; - if (size > data_offset + sizeof(config.options)) { - memcpy(&config.options, data + data_offset, sizeof(config.options)); - } else { + if (data_offset + sizeof(config.options) >= size) break; + memcpy(&config.options, data + data_offset, sizeof(config.options)); + + // Skip easily avoidable out-of-memory fuzzing errors. + if (config.options.use_scaling && config.options.scaled_width > 0 && + config.options.scaled_height > 0 && + (size_t)config.options.scaled_width * config.options.scaled_height > + kFuzzPxLimit) { break; } } |