From 83604bf3ac2212a353c53d8c9df35d94fa9ab000 Mon Sep 17 00:00:00 2001
From: James Zern <jzern@google.com>
Date: Tue, 20 Oct 2020 19:27:55 -0700
Subject: [PATCH] {animencoder,enc_dec}_fuzzer: convert some abort()s to
 returns

with functions that can legitimately fail when under memory pressure the
fuzzer should exit gracefully rather than abort().

+ add some more error detail to output

Bug: chromium:1140448
Change-Id: I1a8582a939e0a5b2b8631c95c0464658c99063e2
---
 tests/fuzzer/animencoder_fuzzer.cc | 29 ++++++++++++++++++++---------
 tests/fuzzer/enc_dec_fuzzer.cc     | 13 ++++++++++---
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/tests/fuzzer/animencoder_fuzzer.cc b/tests/fuzzer/animencoder_fuzzer.cc
index 58a266f0..b5b1493c 100644
--- a/tests/fuzzer/animencoder_fuzzer.cc
+++ b/tests/fuzzer/animencoder_fuzzer.cc
@@ -46,24 +46,32 @@ int AddFrame(WebPAnimEncoder** const enc,
 
   // Read the source picture.
   if (!ExtractSourcePicture(&pic, data, size, bit_pos)) {
-    fprintf(stderr, "Can't read input image.\n");
+    const WebPEncodingError error_code = pic.error_code;
     WebPPictureFree(&pic);
+    if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+    fprintf(stderr, "Can't read input image. Error code: %d\n", error_code);
     abort();
   }
 
   // Crop and scale.
   if (*enc == nullptr) {  // First frame will set canvas width and height.
     if (!ExtractAndCropOrScale(&pic, data, size, bit_pos)) {
-      fprintf(stderr, "ExtractAndCropOrScale failed.");
+      const WebPEncodingError error_code = pic.error_code;
       WebPPictureFree(&pic);
+      if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+      fprintf(stderr, "ExtractAndCropOrScale failed. Error code: %d\n",
+              error_code);
       abort();
     }
   } else {  // Other frames will be resized to the first frame's dimensions.
     if (!WebPPictureRescale(&pic, *width, *height)) {
-      fprintf(stderr, "WebPPictureRescale failed. Size: %d,%d\n", *width,
-              *height);
+      const WebPEncodingError error_code = pic.error_code;
       WebPAnimEncoderDelete(*enc);
       WebPPictureFree(&pic);
+      if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+      fprintf(stderr,
+              "WebPPictureRescale failed. Size: %d,%d. Error code: %d\n",
+              *width, *height, error_code);
       abort();
     }
   }
@@ -74,9 +82,8 @@ int AddFrame(WebPAnimEncoder** const enc,
     *height = pic.height;
     *enc = WebPAnimEncoderNew(*width, *height, &anim_config);
     if (*enc == nullptr) {
-      fprintf(stderr, "WebPAnimEncoderNew failed.\n");
       WebPPictureFree(&pic);
-      abort();
+      return 0;
     }
   }
 
@@ -98,9 +105,11 @@ int AddFrame(WebPAnimEncoder** const enc,
 
   // Encode.
   if (!WebPAnimEncoderAdd(*enc, &pic, timestamp_ms, &config)) {
-    fprintf(stderr, "WebPEncode failed. Error code: %d\n", pic.error_code);
+    const WebPEncodingError error_code = pic.error_code;
     WebPAnimEncoderDelete(*enc);
     WebPPictureFree(&pic);
+    if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+    fprintf(stderr, "WebPEncode failed. Error code: %d\n", error_code);
     abort();
   }
 
@@ -147,14 +156,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
 
   // Assemble.
   if (!WebPAnimEncoderAdd(enc, nullptr, timestamp_ms, nullptr)) {
-    fprintf(stderr, "Last WebPAnimEncoderAdd failed.");
+    fprintf(stderr, "Last WebPAnimEncoderAdd failed: %s.\n",
+            WebPAnimEncoderGetError(enc));
     WebPAnimEncoderDelete(enc);
     abort();
   }
   WebPData webp_data;
   WebPDataInit(&webp_data);
   if (!WebPAnimEncoderAssemble(enc, &webp_data)) {
-    fprintf(stderr, "WebPAnimEncoderAssemble failed.");
+    fprintf(stderr, "WebPAnimEncoderAssemble failed: %s.\n",
+            WebPAnimEncoderGetError(enc));
     WebPAnimEncoderDelete(enc);
     WebPDataClear(&webp_data);
     abort();
diff --git a/tests/fuzzer/enc_dec_fuzzer.cc b/tests/fuzzer/enc_dec_fuzzer.cc
index d4e59a8d..9c1530e7 100644
--- a/tests/fuzzer/enc_dec_fuzzer.cc
+++ b/tests/fuzzer/enc_dec_fuzzer.cc
@@ -42,15 +42,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
 
   // Read the source picture.
   if (!ExtractSourcePicture(&pic, data, size, &bit_pos)) {
-    fprintf(stderr, "Can't read input image.\n");
+    const WebPEncodingError error_code = pic.error_code;
     WebPPictureFree(&pic);
+    if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+    fprintf(stderr, "Can't read input image. Error code: %d\n", error_code);
     abort();
   }
 
   // Crop and scale.
   if (!ExtractAndCropOrScale(&pic, data, size, &bit_pos)) {
-    fprintf(stderr, "ExtractAndCropOrScale failed.");
+    const WebPEncodingError error_code = pic.error_code;
     WebPPictureFree(&pic);
+    if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+    fprintf(stderr, "ExtractAndCropOrScale failed. Error code: %d\n",
+            error_code);
     abort();
   }
 
@@ -83,9 +88,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
   pic.writer = WebPMemoryWrite;
   pic.custom_ptr = &memory_writer;
   if (!WebPEncode(&config, &pic)) {
-    fprintf(stderr, "WebPEncode failed. Error code: %d\n", pic.error_code);
+    const WebPEncodingError error_code = pic.error_code;
     WebPMemoryWriterClear(&memory_writer);
     WebPPictureFree(&pic);
+    if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
+    fprintf(stderr, "WebPEncode failed. Error code: %d\n", error_code);
     abort();
   }