xref: /aosp_15_r20/external/webp/tests/fuzzer/simple_api_fuzzer.c (revision b2055c353e87c8814eb2b6b1b11112a1562253bd) 
1*b2055c35SXin Li // Copyright 2018 Google Inc.
2*b2055c35SXin Li //
3*b2055c35SXin Li // Licensed under the Apache License, Version 2.0 (the "License");
4*b2055c35SXin Li // you may not use this file except in compliance with the License.
5*b2055c35SXin Li // You may obtain a copy of the License at
6*b2055c35SXin Li //
7*b2055c35SXin Li //      http://www.apache.org/licenses/LICENSE-2.0
8*b2055c35SXin Li //
9*b2055c35SXin Li // Unless required by applicable law or agreed to in writing, software
10*b2055c35SXin Li // distributed under the License is distributed on an "AS IS" BASIS,
11*b2055c35SXin Li // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*b2055c35SXin Li // See the License for the specific language governing permissions and
13*b2055c35SXin Li // limitations under the License.
14*b2055c35SXin Li //
15*b2055c35SXin Li ////////////////////////////////////////////////////////////////////////////////
16*b2055c35SXin Li 
17*b2055c35SXin Li #include "./fuzz_utils.h"
18*b2055c35SXin Li #include "src/webp/decode.h"
19*b2055c35SXin Li 
LLVMFuzzerTestOneInput(const uint8_t * const data,size_t size)20*b2055c35SXin Li int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
21*b2055c35SXin Li   int w, h;
22*b2055c35SXin Li   if (!WebPGetInfo(data, size, &w, &h)) return 0;
23*b2055c35SXin Li   if ((size_t)w * h > kFuzzPxLimit) return 0;
24*b2055c35SXin Li 
25*b2055c35SXin Li   const uint8_t value = FuzzHash(data, size);
26*b2055c35SXin Li   uint8_t* buf = NULL;
27*b2055c35SXin Li 
28*b2055c35SXin Li   // For *Into functions, which decode into an external buffer, an
29*b2055c35SXin Li   // intentionally too small buffer can be given with low probability.
30*b2055c35SXin Li   if (value < 0x16) {
31*b2055c35SXin Li     buf = WebPDecodeRGBA(data, size, &w, &h);
32*b2055c35SXin Li   } else if (value < 0x2b) {
33*b2055c35SXin Li     buf = WebPDecodeBGRA(data, size, &w, &h);
34*b2055c35SXin Li #if !defined(WEBP_REDUCE_CSP)
35*b2055c35SXin Li   } else if (value < 0x40) {
36*b2055c35SXin Li     buf = WebPDecodeARGB(data, size, &w, &h);
37*b2055c35SXin Li   } else if (value < 0x55) {
38*b2055c35SXin Li     buf = WebPDecodeRGB(data, size, &w, &h);
39*b2055c35SXin Li   } else if (value < 0x6a) {
40*b2055c35SXin Li     buf = WebPDecodeBGR(data, size, &w, &h);
41*b2055c35SXin Li #endif  // !defined(WEBP_REDUCE_CSP)
42*b2055c35SXin Li   } else if (value < 0x7f) {
43*b2055c35SXin Li     uint8_t *u, *v;
44*b2055c35SXin Li     int stride, uv_stride;
45*b2055c35SXin Li     buf = WebPDecodeYUV(data, size, &w, &h, &u, &v, &stride, &uv_stride);
46*b2055c35SXin Li   } else if (value < 0xe8) {
47*b2055c35SXin Li     const int stride = (value < 0xbe ? 4 : 3) * w;
48*b2055c35SXin Li     size_t buf_size = stride * h;
49*b2055c35SXin Li     if (value % 0x10 == 0) buf_size--;
50*b2055c35SXin Li     uint8_t* const ext_buf = (uint8_t*)malloc(buf_size);
51*b2055c35SXin Li     if (value < 0x94) {
52*b2055c35SXin Li       (void)WebPDecodeRGBAInto(data, size, ext_buf, buf_size, stride);
53*b2055c35SXin Li #if !defined(WEBP_REDUCE_CSP)
54*b2055c35SXin Li     } else if (value < 0xa9) {
55*b2055c35SXin Li       (void)WebPDecodeARGBInto(data, size, ext_buf, buf_size, stride);
56*b2055c35SXin Li     } else if (value < 0xbe) {
57*b2055c35SXin Li       (void)WebPDecodeBGRInto(data, size, ext_buf, buf_size, stride);
58*b2055c35SXin Li     } else if (value < 0xd3) {
59*b2055c35SXin Li       (void)WebPDecodeRGBInto(data, size, ext_buf, buf_size, stride);
60*b2055c35SXin Li #endif  // !defined(WEBP_REDUCE_CSP)
61*b2055c35SXin Li     } else {
62*b2055c35SXin Li       (void)WebPDecodeBGRAInto(data, size, ext_buf, buf_size, stride);
63*b2055c35SXin Li     }
64*b2055c35SXin Li     free(ext_buf);
65*b2055c35SXin Li   } else {
66*b2055c35SXin Li     size_t luma_size = w * h;
67*b2055c35SXin Li     const int uv_stride = (w + 1) / 2;
68*b2055c35SXin Li     size_t u_size = uv_stride * (h + 1) / 2;
69*b2055c35SXin Li     size_t v_size = uv_stride * (h + 1) / 2;
70*b2055c35SXin Li     if (value % 0x10 == 0) {
71*b2055c35SXin Li       if (size & 1) luma_size--;
72*b2055c35SXin Li       if (size & 2) u_size--;
73*b2055c35SXin Li       if (size & 4) v_size--;
74*b2055c35SXin Li     }
75*b2055c35SXin Li     uint8_t* const luma_buf = (uint8_t*)malloc(luma_size);
76*b2055c35SXin Li     uint8_t* const u_buf = (uint8_t*)malloc(u_size);
77*b2055c35SXin Li     uint8_t* const v_buf = (uint8_t*)malloc(v_size);
78*b2055c35SXin Li     (void)WebPDecodeYUVInto(data, size, luma_buf, luma_size,
79*b2055c35SXin Li                             w /* luma_stride */, u_buf, u_size, uv_stride,
80*b2055c35SXin Li                             v_buf, v_size, uv_stride);
81*b2055c35SXin Li     free(luma_buf);
82*b2055c35SXin Li     free(u_buf);
83*b2055c35SXin Li     free(v_buf);
84*b2055c35SXin Li   }
85*b2055c35SXin Li 
86*b2055c35SXin Li   if (buf) WebPFree(buf);
87*b2055c35SXin Li 
88*b2055c35SXin Li   return 0;
89*b2055c35SXin Li }
90