mirror of
https://github.com/webmproject/libwebp.git
synced 2024-12-25 13:18:22 +01:00
Limit scaling in libwebp advanced_api_fuzzer.c
Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
This commit is contained in:
parent
b54d21a01d
commit
7361842839
@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
|
||||
// files prepended with sizeof(config.options) zeroes to allow the fuzzer
|
||||
// to modify these independently.
|
||||
const int data_offset = 50;
|
||||
if (size > data_offset + sizeof(config.options)) {
|
||||
memcpy(&config.options, data + data_offset, sizeof(config.options));
|
||||
} else {
|
||||
if (data_offset + sizeof(config.options) >= size) break;
|
||||
memcpy(&config.options, data + data_offset, sizeof(config.options));
|
||||
|
||||
// Skip easily avoidable out-of-memory fuzzing errors.
|
||||
if (config.options.use_scaling && config.options.scaled_width > 0 &&
|
||||
config.options.scaled_height > 0 &&
|
||||
(size_t)config.options.scaled_width * config.options.scaled_height >
|
||||
kFuzzPxLimit) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user