xref: /aosp_15_r20/external/webp/tests/fuzzer/simple_api_fuzzer.c (revision b2055c353e87c8814eb2b6b1b11112a1562253bd)
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include "./fuzz_utils.h"
18 #include "src/webp/decode.h"
19 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)20 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
21   int w, h;
22   if (!WebPGetInfo(data, size, &w, &h)) return 0;
23   if ((size_t)w * h > kFuzzPxLimit) return 0;
24 
25   const uint8_t value = FuzzHash(data, size);
26   uint8_t* buf = NULL;
27 
28   // For *Into functions, which decode into an external buffer, an
29   // intentionally too small buffer can be given with low probability.
30   if (value < 0x16) {
31     buf = WebPDecodeRGBA(data, size, &w, &h);
32   } else if (value < 0x2b) {
33     buf = WebPDecodeBGRA(data, size, &w, &h);
34 #if !defined(WEBP_REDUCE_CSP)
35   } else if (value < 0x40) {
36     buf = WebPDecodeARGB(data, size, &w, &h);
37   } else if (value < 0x55) {
38     buf = WebPDecodeRGB(data, size, &w, &h);
39   } else if (value < 0x6a) {
40     buf = WebPDecodeBGR(data, size, &w, &h);
41 #endif  // !defined(WEBP_REDUCE_CSP)
42   } else if (value < 0x7f) {
43     uint8_t *u, *v;
44     int stride, uv_stride;
45     buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
46   } else if (value < 0xe8) {
47     const int stride = (value < 0xbe ? 4 : 3) * w;
48     size_t buf_size = stride * h;
49     if (value % 0x10 == 0) buf_size--;
50     uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
51     if (value < 0x94) {
52       (void)WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
53 #if !defined(WEBP_REDUCE_CSP)
54     } else if (value < 0xa9) {
55       (void)WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
56     } else if (value < 0xbe) {
57       (void)WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
58     } else if (value < 0xd3) {
59       (void)WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
60 #endif  // !defined(WEBP_REDUCE_CSP)
61     } else {
62       (void)WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
63     }
64     free(ext_buf);
65   } else {
66     size_t luma_size = w * h;
67     const int uv_stride = (w + 1) / 2;
68     size_t u_size = uv_stride * (h + 1) / 2;
69     size_t v_size = uv_stride * (h + 1) / 2;
70     if (value % 0x10 == 0) {
71       if (size & 1) luma_size--;
72       if (size & 2) u_size--;
73       if (size & 4) v_size--;
74     }
75     uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
76     uint8_t* const u_buf = (uint8_t*)malloc(u_size);
77     uint8_t* const v_buf = (uint8_t*)malloc(v_size);
78     (void)WebPDecodeYUVInto(data, size, luma_buf, luma_size,
79                             w /* luma_stride */, u_buf, u_size, uv_stride,
80                             v_buf, v_size, uv_stride);
81     free(luma_buf);
82     free(u_buf);
83     free(v_buf);
84   }
85 
86   if (buf) WebPFree(buf);
87 
88   return 0;
89 }
90