aboutsummaryrefslogtreecommitdiffhomepage
path: root/projects/libjpeg-turbo/libjpeg_turbo_fuzzer.cc
blob: 1b9ffd62f3cae1abdc99ba436cc1230ed795702a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

/*
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
*/

#include <stdint.h>
#include <stdlib.h>

#include <memory>

#include <turbojpeg.h>


extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    tjhandle jpegDecompressor = tjInitDecompress();

    int width, height, subsamp, colorspace;
    int res = tjDecompressHeader3(
        jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);

    // Bail out if decompressing the headers failed, the width or height is 0,
    // or the image is too large (avoids slowing down too much). Cast to size_t to
    // avoid overflows on the multiplication
    if (res != 0 || width == 0 || height == 0 || ((size_t)width * height > (1024 * 1024))) {
        tjDestroy(jpegDecompressor);
        return 0;
    }

    const int buffer_size = width * height * 3;
    std::unique_ptr<unsigned char[]> buf(new unsigned char[buffer_size]);
    tjDecompress2(
        jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);

    // For memory sanitizer, test each output byte
    const unsigned char* raw_buf = buf.get();
    int count = 0;
    for( int i = 0; i < buffer_size; i++ )
    {
        if (raw_buf[i])
        {
            count ++;
        }
    }
    if (count == buffer_size)
    {
        // Do something with side effect, so that all the above tests don't
        // get removed by the optimizer.
        free(malloc(1));
    }

    tjDestroy(jpegDecompressor);

    return 0;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-09 20:54:30 +0000