dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-11-19 20:08:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Limit scaling in libwebp advanced_api_fuzzer.c

Browse Source 
Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
This commit is contained in:
Yannis Guyon 2023-01-27 14:39:14 +01:00
parent b54d21a01d
commit 7361842839
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tests/fuzzer/advanced_api_fuzzer.c
View File

@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
// files prepended with sizeof(config.options) zeroes to allow the fuzzer // files prepended with sizeof(config.options) zeroes to allow the fuzzer
// to modify these independently. // to modify these independently.
const int data_offset = 50; const int data_offset = 50;
if (size > data_offset + sizeof(config.options)) { if (data_offset + sizeof(config.options) >= size) break;
memcpy(&config.options, data + data_offset, sizeof(config.options)); memcpy(&config.options, data + data_offset, sizeof(config.options));
} else {
// Skip easily avoidable out-of-memory fuzzing errors.
if (config.options.use_scaling && config.options.scaled_width > 0 &&
config.options.scaled_height > 0 &&
(size_t)config.options.scaled_width * config.options.scaled_height >
kFuzzPxLimit) {
break; break;
} }
} }