dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-11-19 20:08:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix scaling limit in advanced_api_fuzzer.c

Browse Source 
config.options.scaled_width or config.options.scaled_height being 0
means a ratio-conservative scaling so 7361842 was not enough.

Change-Id: Ib75241eb683cf824bc46222c5c07535b6c6d7313
This commit is contained in:
Yannis Guyon 2023-02-07 17:59:00 +01:00
parent 7361842839
commit 52b6f06703
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/fuzzer/advanced_api_fuzzer.c
View File

@ -14,9 +14,11 @@
//
////////////////////////////////////////////////////////////////////////////////
#include <stdint.h>
#include <string.h>
#include "./fuzz_utils.h"
#include "src/utils/rescaler_utils.h"
#include "src/webp/decode.h"
int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
@ -73,11 +75,15 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
memcpy(&config.options, data + data_offset, sizeof(config.options));
// Skip easily avoidable out-of-memory fuzzing errors.
if (config.options.use_scaling && config.options.scaled_width > 0 &&
config.options.scaled_height > 0 &&
(size_t)config.options.scaled_width * config.options.scaled_height >
kFuzzPxLimit) {
break;
if (config.options.use_scaling) {
int scaled_width = config.options.scaled_width;
int scaled_height = config.options.scaled_height;
if (WebPRescalerGetScaledDimensions(config.input.width,
config.input.height, &scaled_width,
&scaled_height) &&
(uint64_t)scaled_width * scaled_height > kFuzzPxLimit) {
break;
}
}
}
if (size % 3) {