From e053e0fd169a62ce36b33e37b8ed6a1d29a77630 Mon Sep 17 00:00:00 2001 From: Nicolas Pena Date: Thu, 30 Nov 2017 15:09:52 +0000 Subject: Reduce memory limit of PDF XFA fuzzers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CFX_DIBitmap::Create does an allocation of size roughly 4*width*height even in xfa_codec_fuzzer.h. This CL fixes the memory limit accordingly. Bug: 789359 Change-Id: Ib5cbd08510ecacb2fbd22cb23394d24a86110bc5 Reviewed-on: https://pdfium-review.googlesource.com/19890 Reviewed-by: dsinclair Commit-Queue: Nicolás Peña Moreno --- testing/libfuzzer/xfa_codec_fuzzer.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h index 90706af9f4..0ab7834f1e 100644 --- a/testing/libfuzzer/xfa_codec_fuzzer.h +++ b/testing/libfuzzer/xfa_codec_fuzzer.h @@ -38,9 +38,13 @@ class XFACodecFuzzer { // Skipping very large images, since they will take a long time and may lead // to OOM. - if (decoder->GetHeight() != 0 && - decoder->GetWidth() > kXFACodecFuzzerPixelLimit / decoder->GetHeight()) + FX_SAFE_UINT32 bitmap_size = decoder->GetHeight(); + bitmap_size *= decoder->GetWidth(); + bitmap_size *= 4; // From CFX_DIBitmap impl. + if (!bitmap_size.IsValid() || + bitmap_size.ValueOrDie() > kXFACodecFuzzerPixelLimit) { return 0; + } auto bitmap = pdfium::MakeRetain(); bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); -- cgit v1.2.3