xref: /aosp_15_r20/external/webp/tests/fuzzer/mux_demux_api_fuzzer.c (revision b2055c353e87c8814eb2b6b1b11112a1562253bd) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include "./fuzz_utils.h"
18 #include "src/webp/demux.h"
19 #include "src/webp/mux.h"
20 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)21 int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
22   WebPData webp_data;
23   WebPDataInit(&webp_data);
24   webp_data.size = size;
25   webp_data.bytes = data;
26 
27   // Extracted chunks and frames are not processed or decoded,
28   // which is already covered extensively by the other fuzz targets.
29 
30   if (size & 1) {
31     // Mux API
32     WebPMux* mux = WebPMuxCreate(&webp_data, size & 2);
33     if (!mux) return 0;
34 
35     WebPData chunk;
36     (void)WebPMuxGetChunk(mux, "EXIF", &chunk);
37     (void)WebPMuxGetChunk(mux, "ICCP", &chunk);
38     (void)WebPMuxGetChunk(mux, "FUZZ", &chunk);  // unknown
39 
40     uint32_t flags;
41     (void)WebPMuxGetFeatures(mux, &flags);
42 
43     WebPMuxAnimParams params;
44     (void)WebPMuxGetAnimationParams(mux, &params);
45 
46     WebPMuxError status;
47     WebPMuxFrameInfo info;
48     for (int i = 0; i < kFuzzFrameLimit; i++) {
49       status = WebPMuxGetFrame(mux, i + 1, &info);
50       if (status == WEBP_MUX_NOT_FOUND) {
51         break;
52       } else if (status == WEBP_MUX_OK) {
53         WebPDataClear(&info.bitstream);
54       }
55     }
56 
57     WebPMuxDelete(mux);
58   } else {
59     // Demux API
60     WebPDemuxer* demux;
61     if (size & 2) {
62       WebPDemuxState state;
63       demux = WebPDemuxPartial(&webp_data, &state);
64       if (state < WEBP_DEMUX_PARSED_HEADER) {
65         WebPDemuxDelete(demux);
66         return 0;
67       }
68     } else {
69       demux = WebPDemux(&webp_data);
70       if (!demux) return 0;
71     }
72 
73     WebPChunkIterator chunk_iter;
74     if (WebPDemuxGetChunk(demux, "EXIF", 1, &chunk_iter)) {
75       (void)WebPDemuxNextChunk(&chunk_iter);
76     }
77     WebPDemuxReleaseChunkIterator(&chunk_iter);
78     if (WebPDemuxGetChunk(demux, "ICCP", 0, &chunk_iter)) {  // 0 == last
79       (void)WebPDemuxPrevChunk(&chunk_iter);
80     }
81     WebPDemuxReleaseChunkIterator(&chunk_iter);
82     // Skips FUZZ because the Demux API has no concept of (un)known chunks.
83 
84     WebPIterator iter;
85     if (WebPDemuxGetFrame(demux, 1, &iter)) {
86       for (int i = 1; i < kFuzzFrameLimit; i++) {
87         if (!WebPDemuxNextFrame(&iter)) break;
88       }
89     }
90 
91     WebPDemuxReleaseIterator(&iter);
92     WebPDemuxDelete(demux);
93   }
94 
95   return 0;
96 }
97