From 7361842839ebec7e95e30d15172d6b21d9e2403b Mon Sep 17 00:00:00 2001
From: Yannis Guyon <yguyon@google.com>
Date: Fri, 27 Jan 2023 14:39:14 +0100
Subject: Limit scaling in libwebp advanced_api_fuzzer.c

Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
---
 tests/fuzzer/advanced_api_fuzzer.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c
index a5323e4d..ab183b1c 100644
--- a/tests/fuzzer/advanced_api_fuzzer.c
+++ b/tests/fuzzer/advanced_api_fuzzer.c
@@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
       // files prepended with sizeof(config.options) zeroes to allow the fuzzer
       // to modify these independently.
       const int data_offset = 50;
-      if (size > data_offset + sizeof(config.options)) {
-        memcpy(&config.options, data + data_offset, sizeof(config.options));
-      } else {
+      if (data_offset + sizeof(config.options) >= size) break;
+      memcpy(&config.options, data + data_offset, sizeof(config.options));
+
+      // Skip easily avoidable out-of-memory fuzzing errors.
+      if (config.options.use_scaling && config.options.scaled_width > 0 &&
+          config.options.scaled_height > 0 &&
+          (size_t)config.options.scaled_width * config.options.scaled_height >
+              kFuzzPxLimit) {
         break;
       }
     }
-- 
cgit v1.2.1