aboutsummaryrefslogtreecommitdiffhomepage
path: root/include/private/SkMalloc.h
diff options
context:
space:
mode:
authorGravatar Kevin Lubick <kjlubick@google.com>2018-02-12 08:26:39 -0500
committerGravatar Skia Commit-Bot <skia-commit-bot@chromium.org>2018-02-12 15:25:59 +0000
commit2416f968a69ff71f83eb17e97d1cb6448c916a69 (patch)
tree91e1846328cae9f649f0768b9401faea7ab11885 /include/private/SkMalloc.h
parent77295347c229fa4353e09d97961546ce3c9391e5 (diff)
Add 2 fuzz targets for image decoding (oss-fuzz)
This also adds in a few small guards to prevent libfuzzer from frequently running out of memory when an image claims to have billions of pixels. Bug: skia: Change-Id: I47a9daac832c4d85a42000698482b61721c38880 Reviewed-on: https://skia-review.googlesource.com/106264 Commit-Queue: Kevin Lubick <kjlubick@google.com> Reviewed-by: Leon Scroggins <scroggo@google.com>
Diffstat (limited to 'include/private/SkMalloc.h')
-rw-r--r--include/private/SkMalloc.h14
1 files changed, 14 insertions, 0 deletions
diff --git a/include/private/SkMalloc.h b/include/private/SkMalloc.h
index 178e1b83a7..0e41073b0b 100644
--- a/include/private/SkMalloc.h
+++ b/include/private/SkMalloc.h
@@ -64,6 +64,13 @@ static inline void* sk_calloc_throw(size_t size) {
}
static inline void* sk_calloc_canfail(size_t size) {
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+ // The Libfuzzer environment is very susceptible to OOM, so to avoid those
+ // just pretend we can't allocate more than 200kb.
+ if (size > 200000) {
+ return nullptr;
+ }
+#endif
return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
}
@@ -76,6 +83,13 @@ SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize
* These variants return nullptr on failure
*/
static inline void* sk_malloc_canfail(size_t size) {
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+ // The Libfuzzer environment is very susceptible to OOM, so to avoid those
+ // just pretend we can't allocate more than 200kb.
+ if (size > 200000) {
+ return nullptr;
+ }
+#endif
return sk_malloc_flags(size, 0);
}
SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);