1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include "fuzz.h"
18 #include "webp/decode.h"
19
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)20 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
21 int w, h;
22 if (!WebPGetInfo(data, size, &w, &h)) return 0;
23 if ((size_t)w * h > kFuzzPxLimit) return 0;
24
25 const uint8_t value = FuzzHash(data, size);
26 uint8_t* buf = NULL;
27
28 // For *Into functions, which decode into an external buffer, an
29 // intentionally too small buffer can be given with low probability.
30 if (value < 0x16) {
31 buf = WebPDecodeRGBA(data, size, &w, &h);
32 } else if (value < 0x2b) {
33 buf = WebPDecodeARGB(data, size, &w, &h);
34 } else if (value < 0x40) {
35 buf = WebPDecodeBGRA(data, size, &w, &h);
36 } else if (value < 0x55) {
37 buf = WebPDecodeRGB(data, size, &w, &h);
38 } else if (value < 0x6a) {
39 buf = WebPDecodeBGR(data, size, &w, &h);
40 } else if (value < 0x7f) {
41 uint8_t *u, *v;
42 int stride, uv_stride;
43 buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
44 } else if (value < 0xe8) {
45 const int stride = (value < 0xbe ? 4 : 3) * w;
46 size_t buf_size = stride * h;
47 if (value % 0x10 == 0) buf_size--;
48 uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
49 if (value < 0x94) {
50 WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
51 } else if (value < 0xa9) {
52 WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
53 } else if (value < 0xbe) {
54 WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
55 } else if (value < 0xd3) {
56 WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
57 } else {
58 WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
59 }
60 free(ext_buf);
61 } else {
62 size_t luma_size = w * h;
63 const int uv_stride = (w + 1) / 2;
64 size_t u_size = uv_stride * (h + 1) / 2;
65 size_t v_size = uv_stride * (h + 1) / 2;
66 if (value % 0x10 == 0) {
67 if (size & 1) luma_size--;
68 if (size & 2) u_size--;
69 if (size & 4) v_size--;
70 }
71 uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
72 uint8_t* const u_buf = (uint8_t*)malloc(u_size);
73 uint8_t* const v_buf = (uint8_t*)malloc(v_size);
74 WebPDecodeYUVInto(data, size, luma_buf, luma_size, w /* luma_stride */,
75 u_buf, u_size, uv_stride, v_buf, v_size, uv_stride);
76 free(luma_buf);
77 free(u_buf);
78 free(v_buf);
79 }
80
81 if (buf) WebPFree(buf);
82
83 return 0;
84 }
85