diff --git a/fuzz/jpegsave_buffer_fuzzer.cc b/fuzz/jpegsave_buffer_fuzzer.cc index 491c2cd5..6b961c33 100644 --- a/fuzz/jpegsave_buffer_fuzzer.cc +++ b/fuzz/jpegsave_buffer_fuzzer.cc @@ -11,13 +11,24 @@ extern "C" int LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) { VipsImage *image; - size_t len; void *buf; + size_t len, width, height, bands; if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { return( 0 ); } + width = image->Xsize; + height = image->Ysize; + bands = image->Bands; + + /* Skip big images. It is likely to timeout. + */ + if ( width * height * bands > 256 * 256 * 16 ) { + g_object_unref( image ); + return( 0 ); + } + if( vips_jpegsave_buffer( image, &buf, &len, NULL ) ) { g_object_unref( image ); return( 0 ); diff --git a/fuzz/pngsave_buffer_fuzzer.cc b/fuzz/pngsave_buffer_fuzzer.cc index 35489d39..1763ce70 100644 --- a/fuzz/pngsave_buffer_fuzzer.cc +++ b/fuzz/pngsave_buffer_fuzzer.cc @@ -12,12 +12,23 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) { VipsImage *image; void *buf; - size_t len; + size_t len, width, height, bands; if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { return( 0 ); } + width = image->Xsize; + height = image->Ysize; + bands = image->Bands; + + /* Skip big images. It is likely to timeout. + */ + if ( width * height * bands > 256 * 256 * 16 ) { + g_object_unref( image ); + return( 0 ); + } + if( vips_pngsave_buffer( image, &buf, &len, NULL ) ) { g_object_unref( image ); return( 0 ); diff --git a/fuzz/sharpen_fuzzer.cc b/fuzz/sharpen_fuzzer.cc index c93d705e..84e85c5c 100644 --- a/fuzz/sharpen_fuzzer.cc +++ b/fuzz/sharpen_fuzzer.cc @@ -11,12 +11,24 @@ extern "C" int LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) { VipsImage *in, *out; + size_t width, height, bands; double d; if( !(in = vips_image_new_from_buffer( data, size, "", NULL )) ) { return( 0 ); } + width = in->Xsize; + height = in->Ysize; + bands = in->Bands; + + /* Skip big images. It is likely to timeout. + */ + if ( width * height * bands > 256 * 256 * 16 ) { + g_object_unref( in ); + return( 0 ); + } + if( vips_sharpen( in, &out, NULL ) ) { g_object_unref( in ); return( 0 ); diff --git a/fuzz/thumbnail_fuzzer.cc b/fuzz/thumbnail_fuzzer.cc index a3a744bf..f2b03ce0 100644 --- a/fuzz/thumbnail_fuzzer.cc +++ b/fuzz/thumbnail_fuzzer.cc @@ -11,7 +11,7 @@ extern "C" int LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) { VipsImage *in, *out; - size_t width, height; + size_t width, height, bands; double d; if( !(in = vips_image_new_from_buffer( data, size, "", NULL )) ) { @@ -20,10 +20,11 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) width = in->Xsize; height = in->Ysize; + bands = in->Bands; /* Skip big images. It is likely to timeout. */ - if ( width * height > 256 * 256 ) { + if ( width * height * bands > 256 * 256 * 16 ) { g_object_unref( in ); return( 0 ); } diff --git a/fuzz/webpsave_buffer_fuzzer.cc b/fuzz/webpsave_buffer_fuzzer.cc index 86157c7f..eba52183 100644 --- a/fuzz/webpsave_buffer_fuzzer.cc +++ b/fuzz/webpsave_buffer_fuzzer.cc @@ -12,12 +12,23 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) { VipsImage *image; void *buf; - size_t len; + size_t len, width, height, bands; if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { return( 0 ); } + width = image->Xsize; + height = image->Ysize; + bands = image->Bands; + + /* Skip big images. It is likely to timeout. + */ + if ( width * height * bands > 256 * 256 * 16 ) { + g_object_unref( image ); + return( 0 ); + } + if( vips_webpsave_buffer( image, &buf, &len, NULL ) ) { g_object_unref( image ); return( 0 ); diff --git a/libvips/iofuncs/generate.c b/libvips/iofuncs/generate.c index 0f1e42ac..65be8d9c 100644 --- a/libvips/iofuncs/generate.c +++ b/libvips/iofuncs/generate.c @@ -382,17 +382,6 @@ int vips_image_pipeline_array( VipsImage *image, VipsDemandStyle hint, VipsImage **in ) { - /* Ban large images while we are fuzzing. They cause unintersting - * timeouts and OOMs. - */ -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - if( (size_t) image->Xsize * image->Ysize * image->Bands > 1000000 ) { - vips_error( "vips_image_pipeline_array", - "%s", _( "no large images during fuzzing" ) ); - return( -1 ); - } -#endif /*FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION*/ - /* This function can be called more than once per output image. For * example, jpeg header load will call this once on ->out to set the * default hint, then later call it again to connect the output image