summaryrefslogtreecommitdiff
path: root/testing/libfuzzer/xfa_codec_fuzzer.h
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2017-10-27 13:34:34 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-10-27 17:47:37 +0000
commit704cf8361659c4719d1294048a0e37991fa41748 (patch)
tree6ecd176aa2571b619248ec549698787410f0dde5 /testing/libfuzzer/xfa_codec_fuzzer.h
parent978ba20ffd0d2b37bf02b9d86828fa701c0c02fa (diff)
downloadpdfium-704cf8361659c4719d1294048a0e37991fa41748.tar.xz
Limit the size of images being fuzzed in XFACodecFuzzers
This limits the size detected in the header to 1,000,000 pixels, which will support 1000 x 1000 images. This is being done to remove non-useful OOM reports for very large images and improve fuzzing efficiency, since larger images are unlikely to cover new logic. BUG=pdfium:925 Change-Id: I4a7fa7cf02cbb469048b752d45bc9f64a1b60a98 Reviewed-on: https://pdfium-review.googlesource.com/17010 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'testing/libfuzzer/xfa_codec_fuzzer.h')
-rw-r--r--testing/libfuzzer/xfa_codec_fuzzer.h12
1 files changed, 10 insertions, 2 deletions
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
index a590596dcf..e91ea20577 100644
--- a/testing/libfuzzer/xfa_codec_fuzzer.h
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -17,6 +17,10 @@
#include "testing/fx_string_testhelpers.h"
#include "third_party/base/ptr_util.h"
+// Arbitrarily picked to support up to 1000x1000 images. This is far below where
+// OOM issues are occuring.
+const int kXFACodecFuzzerPixelLimit = 1000000;
+
class XFACodecFuzzer {
public:
static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
@@ -33,14 +37,18 @@ class XFACodecFuzzer {
if (status != FXCODEC_STATUS_FRAME_READY)
return 0;
+ // Skipping very large images, since they will take a long time and may lead
+ // to OOM.
+ if (decoder->GetWidth() * decoder->GetHeight() > kXFACodecFuzzerPixelLimit)
+ return 0;
+
auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
int32_t frames;
if (decoder->GetFrames(&frames) != FXCODEC_STATUS_DECODE_READY ||
- frames == 0) {
+ frames == 0)
return 0;
- }
status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(),
bitmap->GetHeight());