xref: /aosp_15_r20/external/webp/tests/fuzzer/animencoder_fuzzer.cc (revision b2055c353e87c8814eb2b6b1b11112a1562253bd) 
1 // Copyright 2018 Google Inc.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //      http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ////////////////////////////////////////////////////////////////////////////////
16 
17 #include <stdio.h>
18 #include <stdlib.h>
19 
20 #include "./fuzz_utils.h"
21 #include "src/webp/encode.h"
22 #include "src/webp/mux.h"
23 
24 namespace {
25 
26 const VP8CPUInfo default_VP8GetCPUInfo = VP8GetCPUInfo;
27 
AddFrame(WebPAnimEncoder ** const enc,const WebPAnimEncoderOptions & anim_config,int * const width,int * const height,int timestamp_ms,const uint8_t data[],size_t size,uint32_t * const bit_pos)28 int AddFrame(WebPAnimEncoder** const enc,
29              const WebPAnimEncoderOptions& anim_config, int* const width,
30              int* const height, int timestamp_ms, const uint8_t data[],
31              size_t size, uint32_t* const bit_pos) {
32   if (enc == nullptr || width == nullptr || height == nullptr) {
33     fprintf(stderr, "NULL parameters.\n");
34     if (enc != nullptr) WebPAnimEncoderDelete(*enc);
35     abort();
36   }
37 
38   // Init the source picture.
39   WebPPicture pic;
40   if (!WebPPictureInit(&pic)) {
41     fprintf(stderr, "WebPPictureInit failed.\n");
42     WebPAnimEncoderDelete(*enc);
43     abort();
44   }
45   pic.use_argb = Extract(1, data, size, bit_pos);
46 
47   // Read the source picture.
48   if (!ExtractSourcePicture(&pic, data, size, bit_pos)) {
49     const WebPEncodingError error_code = pic.error_code;
50     WebPAnimEncoderDelete(*enc);
51     WebPPictureFree(&pic);
52     if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
53     fprintf(stderr, "Can't read input image. Error code: %d\n", error_code);
54     abort();
55   }
56 
57   // Crop and scale.
58   if (*enc == nullptr) {  // First frame will set canvas width and height.
59     if (!ExtractAndCropOrScale(&pic, data, size, bit_pos)) {
60       const WebPEncodingError error_code = pic.error_code;
61       WebPPictureFree(&pic);
62       if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
63       fprintf(stderr, "ExtractAndCropOrScale failed. Error code: %d\n",
64               error_code);
65       abort();
66     }
67   } else {  // Other frames will be resized to the first frame's dimensions.
68     if (!WebPPictureRescale(&pic, *width, *height)) {
69       const WebPEncodingError error_code = pic.error_code;
70       WebPAnimEncoderDelete(*enc);
71       WebPPictureFree(&pic);
72       if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY) return 0;
73       fprintf(stderr,
74               "WebPPictureRescale failed. Size: %d,%d. Error code: %d\n",
75               *width, *height, error_code);
76       abort();
77     }
78   }
79 
80   // Create encoder if it doesn't exist.
81   if (*enc == nullptr) {
82     *width = pic.width;
83     *height = pic.height;
84     *enc = WebPAnimEncoderNew(*width, *height, &anim_config);
85     if (*enc == nullptr) {
86       WebPPictureFree(&pic);
87       return 0;
88     }
89   }
90 
91   // Create frame encoding config.
92   WebPConfig config;
93   if (!ExtractWebPConfig(&config, data, size, bit_pos)) {
94     fprintf(stderr, "ExtractWebPConfig failed.\n");
95     WebPAnimEncoderDelete(*enc);
96     WebPPictureFree(&pic);
97     abort();
98   }
99   // Skip slow settings on big images, it's likely to timeout.
100   if (pic.width * pic.height > 32 * 32) {
101     config.method = (config.method > 4) ? 4 : config.method;
102     config.quality = (config.quality > 99.0f) ? 99.0f : config.quality;
103     config.alpha_quality =
104         (config.alpha_quality > 99) ? 99 : config.alpha_quality;
105   }
106 
107   // Encode.
108   if (!WebPAnimEncoderAdd(*enc, &pic, timestamp_ms, &config)) {
109     const WebPEncodingError error_code = pic.error_code;
110     WebPAnimEncoderDelete(*enc);
111     WebPPictureFree(&pic);
112     // Tolerate failures when running under the nallocfuzz engine as
113     // WebPAnimEncoderAdd() may fail due to memory allocation errors outside of
114     // the encoder; in muxer functions that return booleans for instance.
115     if (error_code == VP8_ENC_ERROR_OUT_OF_MEMORY ||
116         error_code == VP8_ENC_ERROR_BAD_WRITE ||
117         getenv("NALLOC_FUZZ_VERSION") != nullptr) {
118       return 0;
119     }
120     fprintf(stderr, "WebPEncode failed. Error code: %d\n", error_code);
121     abort();
122   }
123 
124   WebPPictureFree(&pic);
125   return 1;
126 }
127 
128 }  // namespace
129 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)130 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
131   WebPAnimEncoder* enc = nullptr;
132   int width = 0, height = 0, timestamp_ms = 0;
133   uint32_t bit_pos = 0;
134 
135   ExtractAndDisableOptimizations(default_VP8GetCPUInfo, data, size, &bit_pos);
136 
137   // Extract a configuration from the packed bits.
138   WebPAnimEncoderOptions anim_config;
139   if (!WebPAnimEncoderOptionsInit(&anim_config)) {
140     fprintf(stderr, "WebPAnimEncoderOptionsInit failed.\n");
141     abort();
142   }
143   anim_config.minimize_size = Extract(1, data, size, &bit_pos);
144   anim_config.kmax = Extract(15, data, size, &bit_pos);
145   const int min_kmin = (anim_config.kmax > 1) ? (anim_config.kmax / 2) : 0;
146   const int max_kmin = (anim_config.kmax > 1) ? (anim_config.kmax - 1) : 0;
147   anim_config.kmin =
148       min_kmin + Extract((uint32_t)(max_kmin - min_kmin), data, size, &bit_pos);
149   anim_config.allow_mixed = Extract(1, data, size, &bit_pos);
150   anim_config.verbose = 0;
151 
152   const int nb_frames = 1 + Extract(15, data, size, &bit_pos);
153 
154   // For each frame.
155   for (int i = 0; i < nb_frames; ++i) {
156     if (!AddFrame(&enc, anim_config, &width, &height, timestamp_ms, data, size,
157                   &bit_pos)) {
158       return 0;
159     }
160 
161     timestamp_ms += (1 << (2 + Extract(15, data, size, &bit_pos))) +
162                     Extract(1, data, size, &bit_pos);  // [1..131073], arbitrary
163   }
164 
165   // Assemble.
166   if (!WebPAnimEncoderAdd(enc, nullptr, timestamp_ms, nullptr)) {
167     fprintf(stderr, "Last WebPAnimEncoderAdd failed: %s.\n",
168             WebPAnimEncoderGetError(enc));
169     WebPAnimEncoderDelete(enc);
170     abort();
171   }
172   WebPData webp_data;
173   WebPDataInit(&webp_data);
174   // Tolerate failures when running under the nallocfuzz engine as allocations
175   // during assembly may fail.
176   if (!WebPAnimEncoderAssemble(enc, &webp_data) &&
177       getenv("NALLOC_FUZZ_VERSION") == nullptr) {
178     fprintf(stderr, "WebPAnimEncoderAssemble failed: %s.\n",
179             WebPAnimEncoderGetError(enc));
180     WebPAnimEncoderDelete(enc);
181     WebPDataClear(&webp_data);
182     abort();
183   }
184 
185   WebPAnimEncoderDelete(enc);
186   WebPDataClear(&webp_data);
187   return 0;
188 }
189