Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lcms: add extended transform fuzzer (#8050)

This commit is contained in:
DavidKorczynski 2022-07-21 11:31:09 +01:00 committed by GitHub
parent 463073282c
commit 8968a41910
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
projects/lcms/Dockerfile
View File

@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder
RUN apt-get update && apt-get install -y make autoconf automake libtool
RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git lcms
WORKDIR lcms
COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* cms_overwrite_transform_fuzzer.* icc.dict $SRC/
COPY build.sh cmsIT8_load_fuzzer.* cms_transform_fuzzer.* cms_overwrite_transform_fuzzer.* cms_transform_all_fuzzer.c icc.dict $SRC/

2
projects/lcms/build.sh
View File

@ -20,7 +20,7 @@
make -j$(nproc) all
# build your fuzzer(s)
FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer cms_overwrite_transform_fuzzer"
FUZZERS="cmsIT8_load_fuzzer cms_transform_fuzzer cms_overwrite_transform_fuzzer cms_transform_all_fuzzer"
for F in $FUZZERS; do
$CC $CFLAGS -c -Iinclude \
$SRC/$F.c -o $SRC/$F.o

59
projects/lcms/cms_transform_all_fuzzer.c Normal file
View File

@ -0,0 +1,59 @@
/* Copyright 2022 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <stdint.h>
#include "lcms2.h"
void
run_test(const uint8_t *data,
size_t size,
uint32_t intent_id,
uint32_t input_format,
uint32_t output_format,
uint32_t flags) {
if (size < 2) {
return;
}
size_t mid = size / 2;
cmsHPROFILE hInProfile, hOutProfile;
cmsHTRANSFORM hTransform;
hInProfile = cmsOpenProfileFromMem(data, mid);
hOutProfile = cmsOpenProfileFromMem(data + mid, size - mid);
hTransform = cmsCreateTransform(hInProfile, input_format, hOutProfile,
output_format, intent_id, flags);
cmsCloseProfile(hInProfile);
cmsCloseProfile(hOutProfile);
if (hTransform) {
cmsDeleteTransform(hTransform);
}
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (size < 16) {
return 0;
}
// Generate a random set of args for cmsCreateTransform
uint32_t input_format = *((const uint32_t *)data);
uint32_t output_format = *((const uint32_t *)data+1);
uint32_t flags = *((const uint32_t *)data+2);
uint32_t intent = *((const uint32_t *)data+3) % 16;
data += 16;
size -= 16;
run_test(data, size, intent, input_format, output_format, flags);
return 0;
}