diff options
Diffstat (limited to 'testing/fuzzers/pdf_jpx_fuzzer.cc')
| -rw-r--r-- | testing/fuzzers/pdf_jpx_fuzzer.cc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/testing/fuzzers/pdf_jpx_fuzzer.cc b/testing/fuzzers/pdf_jpx_fuzzer.cc index da65bc2d9a..b74957bb14 100644 --- a/testing/fuzzers/pdf_jpx_fuzzer.cc +++ b/testing/fuzzers/pdf_jpx_fuzzer.cc @@ -14,6 +14,10 @@ CCodec_JpxModule g_module; +namespace { +const uint32_t kMaxJPXFuzzSize = 100 * 1024 * 1024; // 100 MB +} // namespace + extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { std::unique_ptr<CJPX_Decoder> decoder = g_module.CreateDecoder(data, size, nullptr); @@ -47,6 +51,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { if (!bitmap->Create(width, height, format)) return 0; + if (bitmap->GetHeight() <= 0 || + kMaxJPXFuzzSize / bitmap->GetPitch() < + static_cast<uint32_t>(bitmap->GetHeight())) + return 0; + std::vector<uint8_t> output_offsets(components); for (uint32_t i = 0; i < components; ++i) output_offsets[i] = i; |