From 2416f968a69ff71f83eb17e97d1cb6448c916a69 Mon Sep 17 00:00:00 2001
From: Kevin Lubick <kjlubick@google.com>
Date: Mon, 12 Feb 2018 08:26:39 -0500
Subject: Add 2 fuzz targets for image decoding (oss-fuzz)

This also adds in a few small guards to prevent libfuzzer from frequently
running out of memory when an image claims to have billions of pixels.

Bug: skia:
Change-Id: I47a9daac832c4d85a42000698482b61721c38880
Reviewed-on: https://skia-review.googlesource.com/106264
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
---
 src/codec/SkRawCodec.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/codec')

diff --git a/src/codec/SkRawCodec.cpp b/src/codec/SkRawCodec.cpp
index 4fda120bb8..5e6f54a950 100644
--- a/src/codec/SkRawCodec.cpp
+++ b/src/codec/SkRawCodec.cpp
@@ -447,6 +447,12 @@ public:
      */
     static SkDngImage* NewFromStream(SkRawStream* stream) {
         std::unique_ptr<SkDngImage> dngImage(new SkDngImage(stream));
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+        // Libfuzzer easily runs out of memory after here. To avoid that
+        // We just pretend all streams are invalid. Our AFL-fuzzer
+        // should still exercise this code; it's more resistant to OOM.
+        return nullptr;
+#endif
         if (!dngImage->initFromPiex() && !dngImage->readDng()) {
             return nullptr;
         }
-- 
cgit v1.2.3