block fuzz data over 100kb

Many codecs can take a huge amount of time attempting to read large random objects. jpeg_read_header(), for example, can take ~10s on a 1mb of random data. Ignore fuzz objects over 100kb. See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24383
2020-07-25 14:46:44 +01:00 · 2020-07-25 14:46:44 +01:00 · cb1634dd31
parent 213533e03c
commit cb1634dd31
8 changed files with 24 additions and 0 deletions
--- a/fuzz/jpegsave_buffer_fuzzer.cc
+++ b/fuzz/jpegsave_buffer_fuzzer.cc
@ -14,6 +14,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	void *buf;
 	size_t len;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) 
 		return( 0 );

--- a/fuzz/jpegsave_file_fuzzer.cc
+++ b/fuzz/jpegsave_file_fuzzer.cc
@ -42,6 +42,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 {
 	char *name;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(name = vips__temp_name( "%s" )) )
 		return( 0 );

--- a/fuzz/mosaic_fuzzer.cc
+++ b/fuzz/mosaic_fuzzer.cc
@ -25,6 +25,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	if( size < sizeof( struct mosaic_opt ) )
 		return( 0 );

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(ref = vips_image_new_from_buffer( data, size, "", NULL )) )
 		return( 0 );

--- a/fuzz/pngsave_buffer_fuzzer.cc
+++ b/fuzz/pngsave_buffer_fuzzer.cc
@ -14,6 +14,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	void *buf;
 	size_t len;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) 
 		return( 0 );

--- a/fuzz/sharpen_fuzzer.cc
+++ b/fuzz/sharpen_fuzzer.cc
@ -13,6 +13,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	VipsImage *image, *out;
 	double d;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) 
 		return( 0 );

--- a/fuzz/smartcrop_fuzzer.cc
+++ b/fuzz/smartcrop_fuzzer.cc
@ -13,6 +13,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	VipsImage *image, *out;
 	double d;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
 		return( 0 );

--- a/fuzz/thumbnail_fuzzer.cc
+++ b/fuzz/thumbnail_fuzzer.cc
@ -13,6 +13,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	VipsImage *image, *out;
 	double d;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) 
 		return( 0 );

--- a/fuzz/webpsave_buffer_fuzzer.cc
+++ b/fuzz/webpsave_buffer_fuzzer.cc
@ -14,6 +14,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
 	void *buf;
 	size_t len;

+	if( size > 100 * 1024 * 1024 )
+		return( 0 );
+
 	if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) 
 		return( 0 );