sergiotarxz/libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

better blocking of large input images in the fuzzer

Browse Source 
things like 65494x5 pixel PNGs were being allowed through and caused
timeouts
This commit is contained in:
John Cupitt 2019-08-09 16:45:08 +01:00
parent 765a416ca7
commit d81efda782
5 changed files with 38 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
fuzz/jpegsave_buffer_fuzzer.cc
View File

@ -12,19 +12,16 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
{ {
VipsImage *image; VipsImage *image;
void *buf; void *buf;
size_t len, width, height, bands; size_t len;
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
}
width = image->Xsize; /* Skip big images. They are likely to timeout.
height = image->Ysize;
bands = image->Bands;
/* Skip big images. It is likely to timeout.
*/ */
if ( width * height * bands > 256 * 256 * 16 ) { if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

15
fuzz/pngsave_buffer_fuzzer.cc
View File

@ -12,19 +12,16 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
{ {
VipsImage *image; VipsImage *image;
void *buf; void *buf;
size_t len, width, height, bands; size_t len;
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
}
width = image->Xsize; /* Skip big images. They are likely to timeout.
height = image->Ysize;
bands = image->Bands;
/* Skip big images. It is likely to timeout.
*/ */
if ( width * height * bands > 256 * 256 * 16 ) { if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }

24
fuzz/sharpen_fuzzer.cc
View File

@ -10,34 +10,30 @@ LLVMFuzzerInitialize( int *argc, char ***argv )
extern "C" int extern "C" int
LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
{ {
VipsImage *in, *out; VipsImage *image, *out;
size_t width, height, bands;
double d; double d;
if( !(in = vips_image_new_from_buffer( data, size, "", NULL )) ) { if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
}
width = in->Xsize; /* Skip big images. They are likely to timeout.
height = in->Ysize;
bands = in->Bands;
/* Skip big images. It is likely to timeout.
*/ */
if ( width * height * bands > 256 * 256 * 16 ) { if( image->Xsize > 1024 ||
g_object_unref( in ); image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image );
return( 0 ); return( 0 );
} }
if( vips_sharpen( in, &out, NULL ) ) { if( vips_sharpen( image, &out, NULL ) ) {
g_object_unref( in ); g_object_unref( image );
return( 0 ); return( 0 );
} }
vips_avg( out, &d, NULL ); vips_avg( out, &d, NULL );
g_object_unref( out ); g_object_unref( out );
g_object_unref( in ); g_object_unref( image );
return( 0 ); return( 0 );
} }

24
fuzz/thumbnail_fuzzer.cc
View File

@ -10,34 +10,30 @@ LLVMFuzzerInitialize( int *argc, char ***argv )
extern "C" int extern "C" int
LLVMFuzzerTestOneInput( const guint8 *data, size_t size ) LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
{ {
VipsImage *in, *out; VipsImage *image, *out;
size_t width, height, bands;
double d; double d;
if( !(in = vips_image_new_from_buffer( data, size, "", NULL )) ) { if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
}
width = in->Xsize; /* Skip big images. They are likely to timeout.
height = in->Ysize;
bands = in->Bands;
/* Skip big images. It is likely to timeout.
*/ */
if ( width * height * bands > 256 * 256 * 16 ) { if( image->Xsize > 1024 ||
g_object_unref( in ); image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image );
return( 0 ); return( 0 );
} }
if( vips_thumbnail_image( in, &out, 42, NULL ) ) { if( vips_thumbnail_image( image, &out, 42, NULL ) ) {
g_object_unref( in ); g_object_unref( image );
return( 0 ); return( 0 );
} }
vips_avg( out, &d, NULL ); vips_avg( out, &d, NULL );
g_object_unref( out ); g_object_unref( out );
g_object_unref( in ); g_object_unref( image );
return( 0 ); return( 0 );
} }

15
fuzz/webpsave_buffer_fuzzer.cc
View File

@ -12,19 +12,16 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
{ {
VipsImage *image; VipsImage *image;
void *buf; void *buf;
size_t len, width, height, bands; size_t len;
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) ) { if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 ); return( 0 );
}
width = image->Xsize; /* Skip big images. They are likely to timeout.
height = image->Ysize;
bands = image->Bands;
/* Skip big images. It is likely to timeout.
*/ */
if ( width * height * bands > 256 * 256 * 16 ) { if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
g_object_unref( image ); g_object_unref( image );
return( 0 ); return( 0 );
} }