Add 2 fuzz targets for image decoding (oss-fuzz)

This also adds in a few small guards to prevent libfuzzer from frequently running out of memory when an image claims to have billions of pixels. Bug: skia: Change-Id: I47a9daac832c4d85a42000698482b61721c38880 Reviewed-on: https://skia-review.googlesource.com/106264 Commit-Queue: Kevin Lubick <kjlubick@google.com> Reviewed-by: Leon Scroggins <scroggo@google.com>
author: Kevin Lubick <kjlubick@google.com> 2018-02-12 08:26:39 -0500
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-02-12 15:25:59 +0000
commit: 2416f968a69ff71f83eb17e97d1cb6448c916a69 (patch)
tree: 91e1846328cae9f649f0768b9401faea7ab11885 /src/codec
parent: 77295347c229fa4353e09d97961546ce3c9391e5 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/codec/SkRawCodec.cpp b/src/codec/SkRawCodec.cpp
index 4fda120bb8..5e6f54a950 100644
--- a/src/codec/SkRawCodec.cpp
+++ b/src/codec/SkRawCodec.cpp
@@ -447,6 +447,12 @@ public:
      */
     static SkDngImage* NewFromStream(SkRawStream* stream) {
         std::unique_ptr<SkDngImage> dngImage(new SkDngImage(stream));
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+        // Libfuzzer easily runs out of memory after here. To avoid that
+        // We just pretend all streams are invalid. Our AFL-fuzzer
+        // should still exercise this code; it's more resistant to OOM.
+        return nullptr;
+#endif
         if (!dngImage->initFromPiex() && !dngImage->readDng()) {
             return nullptr;
         }
author	Kevin Lubick <kjlubick@google.com>	2018-02-12 08:26:39 -0500
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-02-12 15:25:59 +0000
commit	2416f968a69ff71f83eb17e97d1cb6448c916a69 (patch)
tree	91e1846328cae9f649f0768b9401faea7ab11885 /src/codec
parent	77295347c229fa4353e09d97961546ce3c9391e5 (diff)