• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include "fuzz.h"
18 #include "webp/decode.h"
19 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)20 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
21   int w, h;
22   if (!WebPGetInfo(data, size, &w, &h)) return 0;
23   if ((size_t)w * h > kFuzzPxLimit) return 0;
24 
25   const uint8_t value = FuzzHash(data, size);
26   uint8_t* buf = NULL;
27 
28   // For *Into functions, which decode into an external buffer, an
29   // intentionally too small buffer can be given with low probability.
30   if (value < 0x16) {
31     buf = WebPDecodeRGBA(data, size, &w, &h);
32   } else if (value < 0x2b) {
33     buf = WebPDecodeARGB(data, size, &w, &h);
34   } else if (value < 0x40) {
35     buf = WebPDecodeBGRA(data, size, &w, &h);
36   } else if (value < 0x55) {
37     buf = WebPDecodeRGB(data, size, &w, &h);
38   } else if (value < 0x6a) {
39     buf = WebPDecodeBGR(data, size, &w, &h);
40   } else if (value < 0x7f) {
41     uint8_t *u, *v;
42     int stride, uv_stride;
43     buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
44   } else if (value < 0xe8) {
45     const int stride = (value < 0xbe ? 4 : 3) * w;
46     size_t buf_size = stride * h;
47     if (value % 0x10 == 0) buf_size--;
48     uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
49     if (value < 0x94) {
50       WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
51     } else if (value < 0xa9) {
52       WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
53     } else if (value < 0xbe) {
54       WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
55     } else if (value < 0xd3) {
56       WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
57     } else {
58       WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
59     }
60     free(ext_buf);
61   } else {
62     size_t luma_size = w * h;
63     const int uv_stride = (w + 1) / 2;
64     size_t u_size = uv_stride * (h + 1) / 2;
65     size_t v_size = uv_stride * (h + 1) / 2;
66     if (value % 0x10 == 0) {
67       if (size & 1) luma_size--;
68       if (size & 2) u_size--;
69       if (size & 4) v_size--;
70     }
71     uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
72     uint8_t* const u_buf = (uint8_t*)malloc(u_size);
73     uint8_t* const v_buf = (uint8_t*)malloc(v_size);
74     WebPDecodeYUVInto(data, size, luma_buf, luma_size, w /* luma_stride */,
75                       u_buf, u_size, uv_stride, v_buf, v_size, uv_stride);
76     free(luma_buf);
77     free(u_buf);
78     free(v_buf);
79   }
80 
81   if (buf) WebPFree(buf);
82 
83   return 0;
84 }
85