From 4c7aaa92e4ff8a5d3c926263c72a717075f13156 Mon Sep 17 00:00:00 2001 From: Vincent Rabaud Date: Tue, 2 Dec 2025 13:54:25 +0100 Subject: [PATCH] More fuzzer fixes - allow for malloc to return 0. - do not go through big resizing BUG: oss-fuzz:4667732529577984, oss-fuzz:6595689259008000 Change-Id: I56892bbba2fbcf5d1ceede2b56ea34612f8d13ac --- tests/fuzzer/enc_dec_fuzzer.cc | 7 +++++++ tests/fuzzer/oss-fuzz/build.sh | 11 ++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/fuzzer/enc_dec_fuzzer.cc b/tests/fuzzer/enc_dec_fuzzer.cc index 62c3c702..8b0f0ebf 100644 --- a/tests/fuzzer/enc_dec_fuzzer.cc +++ b/tests/fuzzer/enc_dec_fuzzer.cc @@ -191,6 +191,13 @@ void EncDecTest(bool use_argb, fuzz_utils::WebPPictureCpp pic_cpp, fprintf(stderr, "WebPInitDecoderConfig failed.\n"); abort(); } + if (decoder_options.use_scaling && + static_cast(decoder_options.scaled_width) * + decoder_options.scaled_height > + 1000u * 1000u) { + // Skip huge scaling. + return; + } dec_config.output.colorspace = static_cast(colorspace); std::memcpy(&dec_config.options, &decoder_options, sizeof(decoder_options)); diff --git a/tests/fuzzer/oss-fuzz/build.sh b/tests/fuzzer/oss-fuzz/build.sh index b70b6b11..6efc8b89 100644 --- a/tests/fuzzer/oss-fuzz/build.sh +++ b/tests/fuzzer/oss-fuzz/build.sh @@ -74,16 +74,9 @@ for fuzz_main_file in $FUZZ_TEST_BINARIES_OUT_PATHS; do # LLVMFuzzerTestOneInput for fuzzer detection. this_dir=\$(dirname "\$0") export TEST_DATA_DIRS=\$this_dir/corpus -filtered_args=() -for arg in "\$@"; do - if [[ "\$arg" == -rss_limit_mb=* ]]; then - continue - else - filtered_args+=("\$arg") - fi -done +export ASAN_OPTIONS="\${ASAN_OPTIONS}:allocator_may_return_null=1" chmod +x \$this_dir/$fuzz_basename -\$this_dir/$fuzz_basename --fuzz=$fuzz_entrypoint -- "\${filtered_args[@]}" -rss_limit_mb=0 +\$this_dir/$fuzz_basename --fuzz=$fuzz_entrypoint -- \$@ chmod -x \$this_dir/$fuzz_basename EOF chmod +x $OUT/$TARGET_FUZZER