1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16
17 #include <stdio.h>
18 #include <stdlib.h>
19
20 #include "./fuzz_utils.h"
21 #include "src/webp/encode.h"
22 #include "src/webp/mux.h"
23
24 namespace {
25
26 const VP8CPUInfo default_VP8GetCPUInfo = VP8GetCPUInfo;
27
AddFrame(WebPAnimEncoder ** const enc,const WebPAnimEncoderOptions & anim_config,int * const width,int * const height,int timestamp_ms,const uint8_t data[],size_t size,uint32_t * const bit_pos)28 int AddFrame(WebPAnimEncoder** const enc,
29 const WebPAnimEncoderOptions& anim_config, int* const width,
30 int* const height, int timestamp_ms, const uint8_t data[],
31 size_t size, uint32_t* const bit_pos) {
32 if (enc == nullptr || width == nullptr || height == nullptr) {
33 fprintf(stderr, "NULL parameters.\n");
34 if (enc != nullptr) WebPAnimEncoderDelete(*enc);
35 abort();
36 }
37
38 // Init the source picture.
39 WebPPicture pic;
40 if (!WebPPictureInit(&pic)) {
41 fprintf(stderr, "WebPPictureInit failed.\n");
42 WebPAnimEncoderDelete(*enc);
43 abort();
44 }
45 pic.use_argb = Extract(1, data, size, bit_pos);
46
47 // Read the source picture.
48 if (!ExtractSourcePicture(&pic, data, size, bit_pos)) {
49 const WebPEncodingError error_code = pic.error_code;
50 WebPPictureFree(&pic);
51 if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
52 fprintf(stderr, "Can't read input image. Error code: %d\n", error_code);
53 abort();
54 }
55
56 // Crop and scale.
57 if (*enc == nullptr) { // First frame will set canvas width and height.
58 if (!ExtractAndCropOrScale(&pic, data, size, bit_pos)) {
59 const WebPEncodingError error_code = pic.error_code;
60 WebPPictureFree(&pic);
61 if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
62 fprintf(stderr, "ExtractAndCropOrScale failed. Error code: %d\n",
63 error_code);
64 abort();
65 }
66 } else { // Other frames will be resized to the first frame's dimensions.
67 if (!WebPPictureRescale(&pic, *width, *height)) {
68 const WebPEncodingError error_code = pic.error_code;
69 WebPAnimEncoderDelete(*enc);
70 WebPPictureFree(&pic);
71 if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
72 fprintf(stderr,
73 "WebPPictureRescale failed. Size: %d,%d. Error code: %d\n",
74 *width, *height, error_code);
75 abort();
76 }
77 }
78
79 // Create encoder if it doesn't exist.
80 if (*enc == nullptr) {
81 *width = pic.width;
82 *height = pic.height;
83 *enc = WebPAnimEncoderNew(*width, *height, &anim_config);
84 if (*enc == nullptr) {
85 WebPPictureFree(&pic);
86 return 0;
87 }
88 }
89
90 // Create frame encoding config.
91 WebPConfig config;
92 if (!ExtractWebPConfig(&config, data, size, bit_pos)) {
93 fprintf(stderr, "ExtractWebPConfig failed.\n");
94 WebPAnimEncoderDelete(*enc);
95 WebPPictureFree(&pic);
96 abort();
97 }
98 // Skip slow settings on big images, it's likely to timeout.
99 if (pic.width * pic.height > 32 * 32) {
100 config.method = (config.method > 4) ? 4 : config.method;
101 config.quality = (config.quality > 99.0f) ? 99.0f : config.quality;
102 config.alpha_quality =
103 (config.alpha_quality > 99) ? 99 : config.alpha_quality;
104 }
105
106 // Encode.
107 if (!WebPAnimEncoderAdd(*enc, &pic, timestamp_ms, &config)) {
108 const WebPEncodingError error_code = pic.error_code;
109 WebPAnimEncoderDelete(*enc);
110 WebPPictureFree(&pic);
111 if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
112 fprintf(stderr, "WebPEncode failed. Error code: %d\n", error_code);
113 abort();
114 }
115
116 WebPPictureFree(&pic);
117 return 1;
118 }
119
120 } // namespace
121
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)122 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
123 WebPAnimEncoder* enc = nullptr;
124 int width = 0, height = 0, timestamp_ms = 0;
125 uint32_t bit_pos = 0;
126
127 ExtractAndDisableOptimizations(default_VP8GetCPUInfo, data, size, &bit_pos);
128
129 // Extract a configuration from the packed bits.
130 WebPAnimEncoderOptions anim_config;
131 if (!WebPAnimEncoderOptionsInit(&anim_config)) {
132 fprintf(stderr, "WebPAnimEncoderOptionsInit failed.\n");
133 abort();
134 }
135 anim_config.minimize_size = Extract(1, data, size, &bit_pos);
136 anim_config.kmax = Extract(15, data, size, &bit_pos);
137 const int min_kmin = (anim_config.kmax > 1) ? (anim_config.kmax / 2) : 0;
138 const int max_kmin = (anim_config.kmax > 1) ? (anim_config.kmax - 1) : 0;
139 anim_config.kmin =
140 min_kmin + Extract((uint32_t)(max_kmin - min_kmin), data, size, &bit_pos);
141 anim_config.allow_mixed = Extract(1, data, size, &bit_pos);
142 anim_config.verbose = 0;
143
144 const int nb_frames = 1 + Extract(15, data, size, &bit_pos);
145
146 // For each frame.
147 for (int i = 0; i < nb_frames; ++i) {
148 if (!AddFrame(&enc, anim_config, &width, &height, timestamp_ms, data, size,
149 &bit_pos)) {
150 return 0;
151 }
152
153 timestamp_ms += (1 << (2 + Extract(15, data, size, &bit_pos))) +
154 Extract(1, data, size, &bit_pos); // [1..131073], arbitrary
155 }
156
157 // Assemble.
158 if (!WebPAnimEncoderAdd(enc, nullptr, timestamp_ms, nullptr)) {
159 fprintf(stderr, "Last WebPAnimEncoderAdd failed: %s.\n",
160 WebPAnimEncoderGetError(enc));
161 WebPAnimEncoderDelete(enc);
162 abort();
163 }
164 WebPData webp_data;
165 WebPDataInit(&webp_data);
166 if (!WebPAnimEncoderAssemble(enc, &webp_data)) {
167 fprintf(stderr, "WebPAnimEncoderAssemble failed: %s.\n",
168 WebPAnimEncoderGetError(enc));
169 WebPAnimEncoderDelete(enc);
170 WebPDataClear(&webp_data);
171 abort();
172 }
173
174 WebPAnimEncoderDelete(enc);
175 WebPDataClear(&webp_data);
176 return 0;
177 }
178