1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#include <vips/vips.h>
#define MAX_ARG_LEN 4096 // =VIPS_PATH_MAX
extern "C" int
LLVMFuzzerInitialize(int *argc, char ***argv)
{
if (VIPS_INIT(*argv[0]))
return -1;
vips_concurrency_set(1);
return 0;
}
static char *
ExtractLine(const guint8 *data, size_t size, size_t *n)
{
const guint8 *end;
end = static_cast<const guint8 *>(
memchr(data, '\n', VIPS_MIN(size, MAX_ARG_LEN)));
if (end == nullptr)
return nullptr;
*n = end - data;
return g_strndup(reinterpret_cast<const char *>(data), *n);
}
extern "C" int
LLVMFuzzerTestOneInput(const guint8 *data, size_t size)
{
VipsImage *image;
void *buf;
char *option_string, *suffix;
size_t len, n;
option_string = ExtractLine(data, size, &n);
if (option_string == nullptr)
return 0;
data += n + 1;
size -= n + 1;
suffix = ExtractLine(data, size, &n);
if (suffix == nullptr) {
g_free(option_string);
return 0;
}
data += n + 1;
size -= n + 1;
if (!(image = vips_image_new_from_buffer(data, size, option_string, nullptr))) {
g_free(option_string);
g_free(suffix);
return 0;
}
// We're done with option_string, free early.
g_free(option_string);
if (image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4) {
g_object_unref(image);
g_free(suffix);
return 0;
}
if (vips_image_write_to_buffer(image, suffix, &buf, &len, nullptr)) {
g_object_unref(image);
g_free(suffix);
return 0;
}
g_free(buf);
g_free(suffix);
g_object_unref(image);
return 0;
}
|
