xref: /aosp_15_r20/external/webp/tests/fuzzer/huffman_fuzzer.c (revision b2055c353e87c8814eb2b6b1b11112a1562253bd) 
1 // Copyright 2023 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include <stdint.h>
18 #include <string.h>
19 
20 #include "src/dec/vp8li_dec.h"
21 #include "src/utils/bit_reader_utils.h"
22 #include "src/utils/huffman_utils.h"
23 #include "src/utils/utils.h"
24 #include "src/webp/format_constants.h"
25 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)26 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
27   // Number of bits to initialize data.
28   static const int kColorCacheBitsBits = 4;
29   // 'num_htree_groups' is contained in the RG channel, hence 16 bits.
30   static const int kNumHtreeGroupsBits = 16;
31   if (size * sizeof(*data) < kColorCacheBitsBits + kNumHtreeGroupsBits) {
32     return 0;
33   }
34 
35   // A non-NULL mapping brings minor changes that are tested by the normal
36   // fuzzer.
37   int* const mapping = NULL;
38   HuffmanTables huffman_tables;
39   memset(&huffman_tables, 0, sizeof(huffman_tables));
40   HTreeGroup* htree_groups = NULL;
41 
42   VP8LDecoder* dec = VP8LNew();
43   if (dec == NULL) goto Error;
44   VP8LBitReader* const br = &dec->br_;
45   VP8LInitBitReader(br, data, size);
46 
47   const int color_cache_bits = VP8LReadBits(br, kColorCacheBitsBits);
48   if (color_cache_bits < 1 || color_cache_bits > MAX_CACHE_BITS) goto Error;
49 
50   const int num_htree_groups = VP8LReadBits(br, kNumHtreeGroupsBits);
51   // 'num_htree_groups' cannot be 0 as it is built from a non-empty image.
52   if (num_htree_groups == 0) goto Error;
53   // This variable is only useful when mapping is not NULL.
54   const int num_htree_groups_max = num_htree_groups;
55   (void)ReadHuffmanCodesHelper(color_cache_bits, num_htree_groups,
56                                num_htree_groups_max, mapping, dec,
57                                &huffman_tables, &htree_groups);
58 
59  Error:
60   WebPSafeFree(mapping);
61   VP8LHtreeGroupsFree(htree_groups);
62   VP8LHuffmanTablesDeallocate(&huffman_tables);
63   VP8LDelete(dec);
64   return 0;
65 }
66