Limit pdf_jpx_fuzzer memory usage.

BUG=chromium:738711 Change-Id: I4a308694c3e6fcd17431515b7897969d54486071 Reviewed-on: https://pdfium-review.googlesource.com/11870 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
author: Lei Zhang <thestig@chromium.org> 2017-08-23 15:33:07 -0700
committer: Chromium commit bot <commit-bot@chromium.org> 2017-08-28 16:16:38 +0000
commit: b0860beccd6a4a8d9f8ea3dbba392a3a13218ad3 (patch)
tree: 50440c358f683e1bd5b1981981ca3defa8a602cc
parent: 41799881d04a01168700558ff394962b3b318b46 (diff)
download: pdfium-b0860beccd6a4a8d9f8ea3dbba392a3a13218ad3.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/testing/libfuzzer/pdf_jpx_fuzzer.cc b/testing/libfuzzer/pdf_jpx_fuzzer.cc
index b48c14068c..88d82abb80 100644
--- a/testing/libfuzzer/pdf_jpx_fuzzer.cc
+++ b/testing/libfuzzer/pdf_jpx_fuzzer.cc
@@ -8,6 +8,7 @@
 
 #include "core/fxcodec/codec/cjpx_decoder.h"
 #include "core/fxcodec/codec/codec_int.h"
+#include "core/fxcrt/fx_safe_types.h"
 #include "core/fxge/dib/cfx_dibitmap.h"
 #include "core/fxge/fx_dib.h"
 
@@ -24,6 +25,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   uint32_t components;
   g_module.GetImageInfo(decoder.get(), &width, &height, &components);
 
+  static constexpr uint32_t kMemLimit = 1024 * 1024 * 1024;  // 1 GB.
+  FX_SAFE_UINT32 mem = width;
+  mem *= height;
+  mem *= components;
+  if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit)
+    return 0;
+
   FXDIB_Format format;
   if (components == 1) {
     format = FXDIB_8bppRgb;
author	Lei Zhang <thestig@chromium.org>	2017-08-23 15:33:07 -0700
committer	Chromium commit bot <commit-bot@chromium.org>	2017-08-28 16:16:38 +0000
commit	b0860beccd6a4a8d9f8ea3dbba392a3a13218ad3 (patch)
tree	50440c358f683e1bd5b1981981ca3defa8a602cc
parent	41799881d04a01168700558ff394962b3b318b46 (diff)
download	pdfium-b0860beccd6a4a8d9f8ea3dbba392a3a13218ad3.tar.xz