1 files changed, 48 insertions, 0 deletions

diff --git a/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc
new file mode 100644
index 00000000..1cee173d
--- /dev/null
+++ b/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc
@@ -0,0 +1,48 @@
+/*
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <memory>
+
+#include <turbojpeg.h>
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    tjhandle jpegDecompressor = tjInitDecompress();
+
+    int width, height, subsamp, colorspace;
+    int res = tjDecompressHeader3(
+        jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);
+
+    // Bail out if decompressing the headers failed, the width or height is 0,
+    // or the image is too large (avoids slowing down too much)
+    if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) {
+        tjDestroy(jpegDecompressor);
+        return 0;
+    }
+
+    std::unique_ptr<unsigned char[]> buf(new unsigned char[width * height * 3]);
+    tjDecompress2(
+        jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);
+
+    tjDestroy(jpegDecompressor);
+
+    return 0;
+}