summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--testing/libfuzzer/pdf_jpx_fuzzer.cc8
1 files changed, 8 insertions, 0 deletions
diff --git a/testing/libfuzzer/pdf_jpx_fuzzer.cc b/testing/libfuzzer/pdf_jpx_fuzzer.cc
index b48c14068c..88d82abb80 100644
--- a/testing/libfuzzer/pdf_jpx_fuzzer.cc
+++ b/testing/libfuzzer/pdf_jpx_fuzzer.cc
@@ -8,6 +8,7 @@
#include "core/fxcodec/codec/cjpx_decoder.h"
#include "core/fxcodec/codec/codec_int.h"
+#include "core/fxcrt/fx_safe_types.h"
#include "core/fxge/dib/cfx_dibitmap.h"
#include "core/fxge/fx_dib.h"
@@ -24,6 +25,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
uint32_t components;
g_module.GetImageInfo(decoder.get(), &width, &height, &components);
+ static constexpr uint32_t kMemLimit = 1024 * 1024 * 1024; // 1 GB.
+ FX_SAFE_UINT32 mem = width;
+ mem *= height;
+ mem *= components;
+ if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit)
+ return 0;
+
FXDIB_Format format;
if (components == 1) {
format = FXDIB_8bppRgb;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 10:59:23 +0000