From 704cf8361659c4719d1294048a0e37991fa41748 Mon Sep 17 00:00:00 2001 From: Ryan Harrison Date: Fri, 27 Oct 2017 13:34:34 -0400 Subject: Limit the size of images being fuzzed in XFACodecFuzzers This limits the size detected in the header to 1,000,000 pixels, which will support 1000 x 1000 images. This is being done to remove non-useful OOM reports for very large images and improve fuzzing efficiency, since larger images are unlikely to cover new logic. BUG=pdfium:925 Change-Id: I4a7fa7cf02cbb469048b752d45bc9f64a1b60a98 Reviewed-on: https://pdfium-review.googlesource.com/17010 Reviewed-by: Henrique Nakashima Commit-Queue: Ryan Harrison --- testing/libfuzzer/xfa_codec_fuzzer.h | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h index a590596dcf..e91ea20577 100644 --- a/testing/libfuzzer/xfa_codec_fuzzer.h +++ b/testing/libfuzzer/xfa_codec_fuzzer.h @@ -17,6 +17,10 @@ #include "testing/fx_string_testhelpers.h" #include "third_party/base/ptr_util.h" +// Arbitrarily picked to support up to 1000x1000 images. This is far below where +// OOM issues are occuring. +const int kXFACodecFuzzerPixelLimit = 1000000; + class XFACodecFuzzer { public: static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { @@ -33,14 +37,18 @@ class XFACodecFuzzer { if (status != FXCODEC_STATUS_FRAME_READY) return 0; + // Skipping very large images, since they will take a long time and may lead + // to OOM. + if (decoder->GetWidth() * decoder->GetHeight() > kXFACodecFuzzerPixelLimit) + return 0; + auto bitmap = pdfium::MakeRetain(); bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); int32_t frames; if (decoder->GetFrames(&frames) != FXCODEC_STATUS_DECODE_READY || - frames == 0) { + frames == 0) return 0; - } status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(), bitmap->GetHeight()); -- cgit v1.2.3