2016-11-08 20:30:24 +00:00
|
|
|
/*
|
|
|
|
# Copyright 2016 Google Inc.
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
#
|
|
|
|
################################################################################
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
|
|
#include <memory>
|
|
|
|
|
|
|
|
#include <turbojpeg.h>
|
|
|
|
|
|
|
|
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
|
|
tjhandle jpegDecompressor = tjInitDecompress();
|
|
|
|
|
|
|
|
int width, height, subsamp, colorspace;
|
|
|
|
int res = tjDecompressHeader3(
|
|
|
|
jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);
|
|
|
|
|
|
|
|
// Bail out if decompressing the headers failed, the width or height is 0,
|
2016-12-27 23:32:54 +00:00
|
|
|
// or the image is too large (avoids slowing down too much). Cast to size_t to
|
|
|
|
// avoid overflows on the multiplication
|
|
|
|
if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) {
|
2016-11-08 20:30:24 +00:00
|
|
|
tjDestroy(jpegDecompressor);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-08-12 16:34:37 +00:00
|
|
|
const int buffer_size = width * height * 3;
|
|
|
|
std::unique_ptr<unsigned char[]> buf(new unsigned char[buffer_size]);
|
2016-11-08 20:30:24 +00:00
|
|
|
tjDecompress2(
|
|
|
|
jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);
|
|
|
|
|
2019-08-12 16:34:37 +00:00
|
|
|
// For memory sanitizer, test each output byte
|
|
|
|
const unsigned char* raw_buf = buf.get();
|
|
|
|
int count = 0;
|
|
|
|
for( int i = 0; i < buffer_size; i++ )
|
|
|
|
{
|
|
|
|
if (raw_buf[i])
|
|
|
|
{
|
|
|
|
count ++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (count == buffer_size)
|
|
|
|
{
|
|
|
|
// Do something with side effect, so that all the above tests don't
|
|
|
|
// get removed by the optimizer.
|
|
|
|
free(malloc(1));
|
|
|
|
}
|
|
|
|
|
2016-11-08 20:30:24 +00:00
|
|
|
tjDestroy(jpegDecompressor);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|