5ab66e16e1
* Ensure UBSan exits with a non-zero code on error * Avoid misaligned member access in mosaic_fuzzer * Add missing VIPS_CLIP in scRGB2sRGB/scRGB2BW * Fix UBSan error in flatten By using saturated casts for the int types (copied from vips_cast). * CI: ensure fuzzer log is printed on error * Avoid UB in heifload * Revert flatten change I could no longer reproduce this with clang 12 locally. * Indentation fixes [skip ci]
68 lines
1.2 KiB
C++
68 lines
1.2 KiB
C++
#include <vips/vips.h>
|
|
|
|
struct mosaic_opt {
|
|
guint8 dir : 1;
|
|
guint16 xref;
|
|
guint16 yref;
|
|
guint16 xsec;
|
|
guint16 ysec;
|
|
} __attribute__ ((packed));
|
|
|
|
extern "C" int
|
|
LLVMFuzzerInitialize( int *argc, char ***argv )
|
|
{
|
|
vips_concurrency_set( 1 );
|
|
return( 0 );
|
|
}
|
|
|
|
extern "C" int
|
|
LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
|
|
{
|
|
VipsImage *ref, *sec, *out;
|
|
mosaic_opt opt = {};
|
|
double d;
|
|
|
|
if( size < sizeof( mosaic_opt ) )
|
|
return( 0 );
|
|
|
|
if( size > 100 * 1024 * 1024 )
|
|
return( 0 );
|
|
|
|
/* The beginning of `data` is treated as mosaic configuration
|
|
*/
|
|
memcpy( &opt, data, sizeof( mosaic_opt ) );
|
|
|
|
/* Remainder of input is the image
|
|
*/
|
|
if( !(ref = vips_image_new_from_buffer( data + sizeof( mosaic_opt ),
|
|
size - sizeof( mosaic_opt ), "", NULL )) )
|
|
return( 0 );
|
|
|
|
if( ref->Xsize > 100 ||
|
|
ref->Ysize > 100 ||
|
|
ref->Bands > 4 ) {
|
|
g_object_unref( ref );
|
|
return( 0 );
|
|
}
|
|
|
|
if( vips_rot180( ref, &sec, NULL ) ) {
|
|
g_object_unref( ref );
|
|
return( 0 );
|
|
}
|
|
|
|
if( vips_mosaic( ref, sec, &out, (VipsDirection) opt.dir,
|
|
opt.xref, opt.yref, opt.xsec, opt.ysec, NULL ) ) {
|
|
g_object_unref( sec );
|
|
g_object_unref( ref );
|
|
return( 0 );
|
|
}
|
|
|
|
vips_max( out, &d, NULL );
|
|
|
|
g_object_unref( out );
|
|
g_object_unref( sec );
|
|
g_object_unref( ref );
|
|
|
|
return( 0 );
|
|
}
|