diff options
Diffstat (limited to 'projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc')
-rw-r--r-- | projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc new file mode 100644 index 00000000..1cee173d --- /dev/null +++ b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc @@ -0,0 +1,48 @@ +/* +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <stdint.h> +#include <stdlib.h> + +#include <memory> + +#include <turbojpeg.h> + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + tjhandle jpegDecompressor = tjInitDecompress(); + + int width, height, subsamp, colorspace; + int res = tjDecompressHeader3( + jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace); + + // Bail out if decompressing the headers failed, the width or height is 0, + // or the image is too large (avoids slowing down too much) + if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) { + tjDestroy(jpegDecompressor); + return 0; + } + + std::unique_ptr<unsigned char[]> buf(new unsigned char[width * height * 3]); + tjDecompress2( + jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0); + + tjDestroy(jpegDecompressor); + + return 0; +} |