summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2017-08-23 23:48:01 -0700
committerChromium commit bot <commit-bot@chromium.org>2017-08-28 16:29:08 +0000
commit2bb28c347bcafc2fb5ad3e7782220e31048cc81d (patch)
tree3394eebab3d1e72b98d2960f7b84bcd64ef705fa
parentb0860beccd6a4a8d9f8ea3dbba392a3a13218ad3 (diff)
downloadpdfium-2bb28c347bcafc2fb5ad3e7782220e31048cc81d.tar.xz
Limit pdf_codec_jbig2_fuzzer memory usage.
BUG=chromium:749610 Change-Id: Ia83558568293398c72b7215e9b3fe4e4df6f969a Reviewed-on: https://pdfium-review.googlesource.com/11931 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat
-rw-r--r--testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc9
1 files changed, 9 insertions, 0 deletions
diff --git a/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc b/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc
index 9378141ffa..9a2ebd2e32 100644
--- a/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc
+++ b/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc
@@ -9,6 +9,7 @@
#include "core/fxcodec/JBig2_DocumentContext.h"
#include "core/fxcodec/codec/ccodec_jbig2module.h"
#include "core/fxcodec/jbig2/JBig2_Context.h"
+#include "core/fxcrt/fx_safe_types.h"
#include "core/fxge/dib/cfx_dibitmap.h"
#include "core/fxge/fx_dib.h"
#include "third_party/base/ptr_util.h"
@@ -27,6 +28,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
size -= kParameterSize;
data += kParameterSize;
+ static constexpr uint32_t kMemLimit = 1024 * 1024 * 1024; // 1 GB.
+ static constexpr uint32_t k1bppRgbComponents = 4; // From CFX_DIBitmap impl.
+ FX_SAFE_UINT32 mem = width;
+ mem *= height;
+ mem *= k1bppRgbComponents;
+ if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit)
+ return 0;
+
auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
if (!bitmap->Create(width, height, FXDIB_1bppRgb))
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 21:02:26 +0000