sergiotarxz/libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tighten fuzz size limits

Browse Source 
we are still seeing timeouts
This commit is contained in:
John Cupitt 2019-10-30 08:57:46 +00:00
parent acb68c867a
commit 7c5971392c
8 changed files with 27 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fuzz/jpegsave_buffer_fuzzer.cc
View File

@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

8
fuzz/jpegsave_file_fuzzer.cc
View File

@ -19,11 +19,9 @@ test_one_file( const char *name )
NULL )) ) NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

14
fuzz/mosaic_fuzzer.cc
View File

@ -22,17 +22,15 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
struct mosaic_opt *opt; struct mosaic_opt *opt;
double d; double d;
if( size < sizeof(struct mosaic_opt) ) if( size < sizeof( struct mosaic_opt ) )
return( 0 ); return( 0 );
if( !(ref = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(ref = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( ref->Xsize > 100 ||
*/ ref->Ysize > 100 ||
if( ref->Xsize > 1024 || ref->Bands > 4 ) {
ref->Ysize > 1024 ||
ref->Bands > 10 ) {
g_object_unref( ref ); g_object_unref( ref );
return( 0 ); return( 0 );
} }
@ -44,10 +42,10 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
/* Extract some bytes from the tail to fuzz the arguments of the API. /* Extract some bytes from the tail to fuzz the arguments of the API.
*/ */
opt = (struct mosaic_opt *) (data + size - sizeof(struct mosaic_opt)); opt = (struct mosaic_opt *) (data + size - sizeof( struct mosaic_opt ));
if( vips_mosaic( ref, sec, &out, (VipsDirection) opt->dir, if( vips_mosaic( ref, sec, &out, (VipsDirection) opt->dir,
opt->xref, opt->yref, opt->xsec, opt->ysec, NULL ) ) { opt->xref, opt->yref, opt->xsec, opt->ysec, NULL ) ) {
g_object_unref( sec ); g_object_unref( sec );
g_object_unref( ref ); g_object_unref( ref );
return( 0 ); return( 0 );

8
fuzz/pngsave_buffer_fuzzer.cc
View File

@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

8
fuzz/sharpen_fuzzer.cc
View File

@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

8
fuzz/smartcrop_fuzzer.cc
View File

@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

8
fuzz/thumbnail_fuzzer.cc
View File

@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

8
fuzz/webpsave_buffer_fuzzer.cc
View File

@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
/* Skip big images. They are likely to timeout. if( image->Xsize > 100 ||
*/ image->Ysize > 100 ||
if( image->Xsize > 1024 || image->Bands > 4 ) {
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }