• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 
20 #include "./fuzz_utils.h"
21 #include "src/webp/decode.h"
22 #include "src/webp/encode.h"
23 
24 namespace {
25 
26 const VP8CPUInfo default_VP8GetCPUInfo = VP8GetCPUInfo;
27 
28 }  // namespace
29 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)30 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
31   uint32_t bit_pos = 0;
32 
33   ExtractAndDisableOptimizations(default_VP8GetCPUInfo, data, size, &bit_pos);
34 
35   // Init the source picture.
36   WebPPicture pic;
37   if (!WebPPictureInit(&pic)) {
38     fprintf(stderr, "WebPPictureInit failed.\n");
39     abort();
40   }
41   pic.use_argb = Extract(1, data, size, &bit_pos);
42 
43   // Read the source picture.
44   if (!ExtractSourcePicture(&pic, data, size, &bit_pos)) {
45     const WebPEncodingError error_code = pic.error_code;
46     WebPPictureFree(&pic);
47     if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
48     fprintf(stderr, "Can't read input image. Error code: %d\n", error_code);
49     abort();
50   }
51 
52   // Crop and scale.
53   if (!ExtractAndCropOrScale(&pic, data, size, &bit_pos)) {
54     const WebPEncodingError error_code = pic.error_code;
55     WebPPictureFree(&pic);
56     if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
57     fprintf(stderr, "ExtractAndCropOrScale failed. Error code: %d\n",
58             error_code);
59     abort();
60   }
61 
62   // Extract a configuration from the packed bits.
63   WebPConfig config;
64   if (!ExtractWebPConfig(&config, data, size, &bit_pos)) {
65     fprintf(stderr, "ExtractWebPConfig failed.\n");
66     abort();
67   }
68   // Skip slow settings on big images, it's likely to timeout.
69   if (pic.width * pic.height > 32 * 32) {
70     if (config.lossless) {
71       if (config.quality > 99.0f && config.method >= 5) {
72         config.quality = 99.0f;
73         config.method = 5;
74       }
75     } else {
76       if (config.quality > 99.0f && config.method == 6) {
77         config.quality = 99.0f;
78       }
79     }
80     if (config.alpha_quality == 100 && config.method == 6) {
81       config.alpha_quality = 99;
82     }
83   }
84 
85   // Encode.
86   WebPMemoryWriter memory_writer;
87   WebPMemoryWriterInit(&memory_writer);
88   pic.writer = WebPMemoryWrite;
89   pic.custom_ptr = &memory_writer;
90   if (!WebPEncode(&config, &pic)) {
91     const WebPEncodingError error_code = pic.error_code;
92     WebPMemoryWriterClear(&memory_writer);
93     WebPPictureFree(&pic);
94     if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
95     fprintf(stderr, "WebPEncode failed. Error code: %d\n", error_code);
96     abort();
97   }
98 
99   // Try decoding the result.
100   int w, h;
101   const uint8_t* const out_data = memory_writer.mem;
102   const size_t out_size = memory_writer.size;
103   uint8_t* const rgba = WebPDecodeBGRA(out_data, out_size, &w, &h);
104   if (rgba == nullptr || w != pic.width || h != pic.height) {
105     fprintf(stderr, "WebPDecodeBGRA failed.\n");
106     WebPFree(rgba);
107     WebPMemoryWriterClear(&memory_writer);
108     WebPPictureFree(&pic);
109     abort();
110   }
111 
112   // Compare the results if exact encoding.
113   if (pic.use_argb && config.lossless && config.near_lossless == 100) {
114     const uint32_t* src1 = (const uint32_t*)rgba;
115     const uint32_t* src2 = pic.argb;
116     for (int y = 0; y < h; ++y, src1 += w, src2 += pic.argb_stride) {
117       for (int x = 0; x < w; ++x) {
118         uint32_t v1 = src1[x], v2 = src2[x];
119         if (!config.exact) {
120           if ((v1 & 0xff000000u) == 0 || (v2 & 0xff000000u) == 0) {
121             // Only keep alpha for comparison of fully transparent area.
122             v1 &= 0xff000000u;
123             v2 &= 0xff000000u;
124           }
125         }
126         if (v1 != v2) {
127           fprintf(stderr, "Lossless compression failed pixel-exactness.\n");
128           WebPFree(rgba);
129           WebPMemoryWriterClear(&memory_writer);
130           WebPPictureFree(&pic);
131           abort();
132         }
133       }
134     }
135   }
136 
137   WebPFree(rgba);
138   WebPMemoryWriterClear(&memory_writer);
139   WebPPictureFree(&pic);
140   return 0;
141 }
142