summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
diff options
context:
space:
mode:
authorNicolas Pena <npm@chromium.org>2017-11-30 15:09:52 +0000
committerChromium commit bot <commit-bot@chromium.org>2017-11-30 15:09:52 +0000
commite053e0fd169a62ce36b33e37b8ed6a1d29a77630 (patch)
treef2179213846e15d78057d77419d5741fe432adb5 /testing/libfuzzer
parent98b56332e9b5c04cde680301a8b0685590c3b922 (diff)
downloadpdfium-e053e0fd169a62ce36b33e37b8ed6a1d29a77630.tar.xz
Reduce memory limit of PDF XFA fuzzers
CFX_DIBitmap::Create does an allocation of size roughly 4*width*height even in xfa_codec_fuzzer.h. This CL fixes the memory limit accordingly. Bug: 789359 Change-Id: Ib5cbd08510ecacb2fbd22cb23394d24a86110bc5 Reviewed-on: https://pdfium-review.googlesource.com/19890 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
Diffstat (limited to 'testing/libfuzzer')
-rw-r--r--testing/libfuzzer/xfa_codec_fuzzer.h8
1 files changed, 6 insertions, 2 deletions
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
index 90706af9f4..0ab7834f1e 100644
--- a/testing/libfuzzer/xfa_codec_fuzzer.h
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -38,9 +38,13 @@ class XFACodecFuzzer {
// Skipping very large images, since they will take a long time and may lead
// to OOM.
- if (decoder->GetHeight() != 0 &&
- decoder->GetWidth() > kXFACodecFuzzerPixelLimit / decoder->GetHeight())
+ FX_SAFE_UINT32 bitmap_size = decoder->GetHeight();
+ bitmap_size *= decoder->GetWidth();
+ bitmap_size *= 4; // From CFX_DIBitmap impl.
+ if (!bitmap_size.IsValid() ||
+ bitmap_size.ValueOrDie() > kXFACodecFuzzerPixelLimit) {
return 0;
+ }
auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);