Add 2 fuzz targets for image decoding (oss-fuzz)

This also adds in a few small guards to prevent libfuzzer from frequently
running out of memory when an image claims to have billions of pixels.

Bug: skia:
Change-Id: I47a9daac832c4d85a42000698482b61721c38880
Reviewed-on: https://skia-review.googlesource.com/106264
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>

1 files changed, 14 insertions, 0 deletions

diff --git a/include/private/SkMalloc.h b/include/private/SkMalloc.h
index 178e1b83a7..0e41073b0b 100644
--- a/include/private/SkMalloc.h
+++ b/include/private/SkMalloc.h
@@ -64,6 +64,13 @@ static inline void* sk_calloc_throw(size_t size) {
 }
 
 static inline void* sk_calloc_canfail(size_t size) {
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+    // The Libfuzzer environment is very susceptible to OOM, so to avoid those
+    // just pretend we can't allocate more than 200kb.
+    if (size > 200000) {
+        return nullptr;
+    }
+#endif
     return sk_malloc_flags(size, SK_MALLOC_ZERO_INITIALIZE);
 }
 
@@ -76,6 +83,13 @@ SK_API extern void* sk_realloc_throw(void* buffer, size_t count, size_t elemSize
  *  These variants return nullptr on failure
  */
 static inline void* sk_malloc_canfail(size_t size) {
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+    // The Libfuzzer environment is very susceptible to OOM, so to avoid those
+    // just pretend we can't allocate more than 200kb.
+    if (size > 200000) {
+        return nullptr;
+    }
+#endif
     return sk_malloc_flags(size, 0);
 }
 SK_API extern void* sk_malloc_canfail(size_t count, size_t elemSize);