53 Commits

Author SHA1 Message Date
devtools-clrobot@google.com
ad14e811cf tests/fuzzer/*: add missing <string_view> include
Bug: webp:380121350
Change-Id: Ie0910165600317ed8c94305f0a793282e02e1c99
2024-12-19 12:31:52 -08:00
James Zern
74cd026edb fuzz_utils.cc: fix build error w/WEBP_REDUCE_SIZE
Correct (void) variable names.

Bug: webp:380121350
Change-Id: I3ce8a4d34f60f9ec0a467fcb5958b0b7a2edabc9
2024-12-17 09:58:20 -08:00
James Zern
a027aa93de mux_demux_api_fuzzer.cc: fix -Wshadow warning
`bool mux` -> `use_mux_api` to avoid conflicting with WebPMux variable.

Bug: webp:380121350
Change-Id: Ie3f8176efc296fae804c36ee0b27bf8e3034c6e8
2024-12-17 09:57:47 -08:00
Vincent Rabaud
51d9832a36 Fix fuzztest link errors w/-DBUILD_SHARED_LIBS=1
Change-Id: I089a59baa3275f7a62483da0bc1d5269e51af74e
2024-08-28 11:39:11 +02:00
Vincent Rabaud
ac1e410ded Remove leftover tiff dep
Change-Id: I880ee0f8d0b80fb0f0e476baaf91fe545195c029
2024-07-05 13:39:23 +02:00
Vincent Rabaud
b78d39571f Disable TIFF on fuzztest.
oss-fuzz does not support dynamic libraries so we stick to
static. But libtiff.a has undefined symbols on Ubuntu, so we
have to disable TIFF.

Change-Id: Ibd1932f5780a0af51b6b398ae6415eed8685a0be
2024-07-05 11:26:12 +02:00
Vincent Rabaud
cff21a7d87 Do not build statically on oss-fuzz.
This is to get TIFF support for imageio.

Change-Id: I3c9aea4b72661926568dc777644b7a9ddd499726
2024-07-04 15:44:12 +02:00
Vincent Rabaud
6853a8e5ac Merge "Move more internal fuzzers to public." into main 2024-07-02 13:47:01 +00:00
Vincent Rabaud
db0cb9c27e Move more internal fuzzers to public.
Change-Id: Idde75f374264666e4c54a17b1606464ad5d00d9c
2024-06-28 16:59:18 +02:00
James Zern
ff2b5b15ae Merge "advanced_api_fuzzer.cc: use crop dims in OOM check" into main 2024-06-26 18:30:07 +00:00
James Zern
96d79f8481 advanced_api_fuzzer.cc: use crop dims in OOM check
Apply crop dimensions before calculating scaled width/height to ensure
the check against fuzz_utils::kFuzzPxLimit will use the same dimensions
as the decoder.

Bug: oss-fuzz:69873
Change-Id: Icd0862eadf8575135b6d53376acc79d14733a0e5
2024-06-24 16:35:06 -07:00
Vincent Rabaud
c35c7e0240 Fix huffman fuzzer to not leak.
That was obviously intentional to see if the new fuzzer was
working :)

Bug: oss-fuzz=69825
Change-Id: Ie9465bb6225999fd792b712cc585ca3ee1ec528a
2024-06-24 10:13:16 +02:00
Vincent Rabaud
f2fe8decce Bump fuzztest dependency.
Also do not restrict the oss-fuzz script to libfuzzer:
this allows new fuzzer engines to try the script as is.
The libfuzzer restriction is done upstream anyway.

Bug: oss-fuzz:69508
Change-Id: I15685bc7193bef3b9ccb0e0a30a6262e7bfb6fb9
2024-06-21 18:27:37 +02:00
Vincent Rabaud
9ce982fdf2 Fix fuzz tests to work on oss-fuzz
- the tests now build/run/check_build with libfuzzer on oss-fuzz
- centipede is removed as it builds/runs but do not check_build
(timeout due to arguments not parsed correctly)

Bug: oss-fuzz:69508

Change-Id: Id063565fc4cce02fc5e36c7d8499d6de9ff54345
2024-06-20 15:09:57 +02:00
Vincent Rabaud
3ba8af1a33 Do not escape quotes anymore in build.sh
cat is used now, not an echo of a "".

Change-Id: I36036ff2110f94a99bf1581c6c0d30326161314b
2024-06-11 13:35:44 +02:00
Vincent Rabaud
ea0e121b6a Allow centipede to be used as a fuzzing engine.
fuzztest is compatible with libfuzzer in compatibility mode, and
fully compatible with centipede by default.

Change-Id: I0c8e636df642dede16d394d678008c5e064094b3
2024-06-10 18:13:37 +02:00
James Zern
ddd6245eb7 oss-fuzz/build.sh: use heredoc for script creation
Rather than a quoted multi-line echo.

Change-Id: Ib51fa5693f2946e2bc991dc66a6b3449e6ee61c0
2024-06-06 10:31:33 -07:00
James Zern
50074930e3 oss-fuzz/build.sh,cosmetics: fix indent
Change-Id: I1b9ddb5a531fc829fc7374ecefe31a38ac27e02c
2024-06-06 10:28:13 -07:00
Vincent Rabaud
20e92f7d40 Limit the possible fuzz engines.
Change-Id: I8f2fd84bc7175e4e74c4fb418fcc4f5549018ac3
2024-06-06 13:21:09 +02:00
Vincent Rabaud
4f200de591 Switch public fuzz tests to fuzztest.
Change-Id: I75afb65058690585bbf2671c27d6a99a87bcaab7
2024-06-05 14:08:27 +02:00
Vincent Rabaud
0905f61c85 Move build script from oss-fuzz repo to here.
This requires a change in the oss-fuzz repo similar to
https://github.com/AOMediaCodec/libavif/blob/main/tests/oss-fuzz/build.sh

Change-Id: I7bcdb52dcec7e6edd926aea93988cd758ef9a854
2024-05-31 22:02:17 +02:00
Yannis Guyon
713982b883 Limit animdecoder_fuzzer to 320MB
Change-Id: Ic139ea870b98c58a2ecf46e81844f647fa0d2aba
2024-02-15 10:16:54 +00:00
Vincent Rabaud
13d9c30b2b Add a WEBP_NODISCARD
Change-Id: Ice66f2aa6358474d728fb19c571edc86ed139a49
2023-11-10 13:57:07 +01:00
Vincent Rabaud
a35ea50de4 Add a fuzzer for ReadHuffmanCodes
Change-Id: If8c30aaa87c34007ae455a03daa7b3c0f22fc8c3
2023-09-12 23:41:29 +02:00
James Zern
a71ce1cf74 animencoder_fuzzer: fix error check w/Nallocfuzz
WebPAnimEncoderAdd() may fail due to muxer errors that are reported as
booleans. When running under the nallocfuzz engine, ignore all failures.

Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).

Change-Id: I36589545d20ac30a67f7e09264146db085dee6ca
2023-07-21 16:30:48 -07:00
James Zern
0081693d61 enc_dec_fuzzer: use WebPDecode()
rather than WebPDecodeRGBA(). This allows finer grained error detection
and avoids an abort() when running under the nallocfuzz engine.

Change-Id: I8ff37f2fe7e1c8b39bd4a8bfe7b26ac41149ba42
2023-07-18 16:24:11 -07:00
James Zern
0fcb311cfc enc_dec_fuzzer: fix WebPEncode/pic.error_code check
pic.error_code may be set to VP8_ENC_ERROR_BAD_WRITE if the writer fails
due to a memory allocation failure.

Found by Nallocfuzz (https://github.com/catenacyber/nallocfuzz).

Change-Id: I912c9e5f9a37b78832c52d9ab6f0710967fbadac
2023-07-18 16:24:09 -07:00
James Zern
b92deba353 animencoder_fuzzer: no WebPAnimEncoderAssemble check w/nallocfuzz
This function may fail due to allocation failures. Use the
NALLOC_FUZZ_VERSION environment variable to detect the engine. This was
added in:
9c9a9883cc

Change-Id: Ia5b6fd9458ffa1f810152a10ab49a48c75d17687
2023-07-10 15:10:00 -07:00
James Zern
6be9bf8bae animencoder_fuzzer: fix leak on alloc failure
Change-Id: Id626145a336fc33c4a4158719957f3c96db156c8
2023-07-10 15:09:17 -07:00
James Zern
8dd80ef814 fuzz_utils.h: lower kFuzzPxLimit w/ASan
prevents some timeouts when decoding large jpeg source images.

Change-Id: I5cb6a10cbf0658a71fa9f49fc7da4c8d3e70fa00
2023-05-24 19:39:38 -07:00
Yannis Guyon
2d547e24dc Compare kFuzzPxLimit to max_num_operations
To avoid timeouts caused by extreme rescaling such as
1x14339 -> 51712x1

Change-Id: I291d8e3b24155c190256411a506b7312abde8c45
2023-05-16 13:20:14 +02:00
James Zern
8151f388eb move VP8GetCPUInfo declaration to cpu.c
This avoids defining a version in each translation unit when using
__declspec(dllexport) which causes failures due to multiply defined
symbols with clang-cl:

lld-link: error: duplicate symbol: VP8GetCPUInfo
>>> defined at CMakeFiles\webpdecode.dir\Debug\src\dec\alpha_dec.c.obj
>>> defined at CMakeFiles\webpdsp.dir\Debug\src\dsp\dec_sse41.c.obj
...

Bug: webp:607
Change-Id: I6cd1ee75b3db984aa513263a05516e867a64925d
2023-04-27 12:39:13 -07:00
Yannis Guyon
916548c28c Make kFuzzPxLimit sanitizer dependent
Change-Id: Ib70f3c05fc845494c45cb357e70e9602a7e876a3
2023-04-25 08:14:22 +02:00
James Zern
4070b271ab advanced_api_fuzzer: reduce scaling limit
avoids another timeout while fuzzing with ASan

Change-Id: Ic5dfed15347bdd36f42274b8b2a25aec79fd568c
2023-04-18 16:56:23 -07:00
James Zern
0696e1a7fb advanced_api_fuzzer: reduce scaling limit
avoids another timeout while fuzzing with ASan

Change-Id: Icf7209f3f93b894684ac7364864e4568b6b2c057
2023-04-11 12:16:39 -07:00
James Zern
cbf624b561 advanced_api_fuzzer: reduce scaling limit
avoids another timeout while fuzzing with ASan

Change-Id: Ibd89e56bf936aeea040cd4c47ccae20960417ac0
2023-03-24 10:52:46 -07:00
yguyon@google.com
89edfdd1e9 Skip slow scaling in libwebp advanced_api_fuzzer
Change-Id: Ic57e7f8418afec42f042197a401aaf4cc047b23f
2023-03-24 10:52:43 -07:00
yguyon@google.com
859f19f74f Reduce libwebp advanced_api_fuzzer threshold
To avoid timeouts.

Change-Id: I8909661479cdbcb940bb44c6f9130906cab3f271
2023-03-24 10:52:40 -07:00
Yannis Guyon
1347a32d82 Skip big scaled advanced_api_fuzzer
To avoid timeouts.

Change-Id: I8f04fd45313bef47004a616d2460be992692030d
2023-02-08 10:53:40 +01:00
Yannis Guyon
52b6f06703 Fix scaling limit in advanced_api_fuzzer.c
config.options.scaled_width or config.options.scaled_height being 0
means a ratio-conservative scaling so 7361842 was not enough.

Change-Id: Ib75241eb683cf824bc46222c5c07535b6c6d7313
2023-02-07 18:05:42 +01:00
Yannis Guyon
7361842839 Limit scaling in libwebp advanced_api_fuzzer.c
Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
2023-01-27 14:39:14 +01:00
Maryla
9d7ff74a55 Create libsharpyuv.a in makefile.unix.
Add libsharpyuv dependency to fuzzer makefile.

Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49778

Change-Id: Ib03219de33a97c3d7b13d0daffbee2035f2a3bde
2022-08-08 09:40:34 +02:00
James Zern
c5bc36243a fuzzer/*: normalize src/ includes
this uses the format introduced to some files in:
cc3577e9 fuzzer/*: use src/ based include paths

Change-Id: I9b5cbeadbb9d54d1e89f474a6e479a5eb3175ed7
2021-07-28 13:32:19 -07:00
James Zern
b60d460318 advanced_api_fuzzer: add extreme config value coverage
this enables cases that might trigger overflows, but increases the risk
of OOM and timeouts

Bug: chromium:1196850
Change-Id: I317b5109525646731e762faa3c34ed28a27595dc
2021-06-23 18:53:05 -07:00
James Zern
cc3577e9b9 fuzzer/*: use src/ based include paths
this synchronizes the code with chrome, where this format allows the
code to pass buildtools/checkdeps/checkdeps.py

Bug: 1141126
Change-Id: I25361b1a43cd95730814302f02aa16af8fdb5fd2
2021-01-29 20:04:08 -08:00
Pascal Massimino
8df77fb1b1 animdecoder_fuzzer: fix memory leak
BUG=oss-fuzz:28978

Change-Id: I7b3a495c02b4b03f367d732af5acb02856f8bead
2020-12-26 12:26:41 +01:00
James Zern
6325882327 animdecoder_fuzzer: validate canvas size
avoids some OOMs due to extreme resolutions

BUG=oss-fuzz:28658

Change-Id: I60b5fb3d7a7d17694a89237d521b851b0897e9fb
2020-12-18 11:18:11 -08:00
James Zern
83604bf3ac {animencoder,enc_dec}_fuzzer: convert some abort()s to returns
with functions that can legitimately fail when under memory pressure the
fuzzer should exit gracefully rather than abort().

+ add some more error detail to output

Bug: chromium:1140448
Change-Id: I1a8582a939e0a5b2b8631c95c0464658c99063e2
2020-10-21 10:48:05 -07:00
James Zern
9f6055fcb2 fuzz_utils.h: rename max() to Max()
avoids conflict with windows.h define

Bug: webp:409
Change-Id: I8ae0947365e7071d8ebe1d682c9211882cc2fd89
2020-10-17 16:40:58 -07:00
James Zern
695788e7f5 fuzz_utils.h: make functions WEBP_INLINE
+ add some warnings and avoid overriding implicit %.c, %.cc patterns in
makefile.unix

Bug: webp:409
Change-Id: I678c8b1ed630ebb9114208c20b794d2eefdca5a1
2020-10-17 10:49:26 -07:00