Limit scaling in libwebp advanced_api_fuzzer.c

Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
author: Yannis Guyon <yguyon@google.com> 2023-01-27 14:39:14 +0100
committer: Yannis Guyon <yguyon@google.com> 2023-01-27 14:39:14 +0100
commit: 7361842839ebec7e95e30d15172d6b21d9e2403b (patch)
tree: b146828799b26ffaaf82000d18fe75201f2c36a1
parent: b54d21a01d975c9a5681e8d3db6e0f55265ea5bb (diff)
download: libwebp-7361842839ebec7e95e30d15172d6b21d9e2403b.tar.gz
1 files changed, 8 insertions, 3 deletions
diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c
index a5323e4d..ab183b1c 100644
--- a/tests/fuzzer/advanced_api_fuzzer.c
+++ b/tests/fuzzer/advanced_api_fuzzer.c
@@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
       // files prepended with sizeof(config.options) zeroes to allow the fuzzer
       // to modify these independently.
       const int data_offset = 50;
-      if (size > data_offset + sizeof(config.options)) {
-        memcpy(&config.options, data + data_offset, sizeof(config.options));
-      } else {
+      if (data_offset + sizeof(config.options) >= size) break;
+      memcpy(&config.options, data + data_offset, sizeof(config.options));
+
+      // Skip easily avoidable out-of-memory fuzzing errors.
+      if (config.options.use_scaling && config.options.scaled_width > 0 &&
+          config.options.scaled_height > 0 &&
+          (size_t)config.options.scaled_width * config.options.scaled_height >
+              kFuzzPxLimit) {
         break;
       }
     }
author	Yannis Guyon <yguyon@google.com>	2023-01-27 14:39:14 +0100
committer	Yannis Guyon <yguyon@google.com>	2023-01-27 14:39:14 +0100
commit	7361842839ebec7e95e30d15172d6b21d9e2403b (patch)
tree	b146828799b26ffaaf82000d18fe75201f2c36a1
parent	b54d21a01d975c9a5681e8d3db6e0f55265ea5bb (diff)
download	libwebp-7361842839ebec7e95e30d15172d6b21d9e2403b.tar.gz