Skip to content

Commit

Permalink
Same size limit in read_image fuzzer as dec_incr (#1995)
Browse files Browse the repository at this point in the history
  • Loading branch information
@y-guyon
y-guyon authored Feb 8, 2024
1 parent 0bcc007 commit 063a461
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
9 changes: 7 additions & 2 deletions tests/gtest/avif_fuzztest_dec_incr.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,15 @@ void DecodeIncr(const std::string& arbitrary_bytes, bool is_persistent,
ASSERT_NE(decoder.get(), nullptr);
avifDecoderSetIO(decoder.get(), &io);
// OSS-Fuzz limits the allocated memory to 2560 MB.
constexpr uint32_t kMaxMem = 2560u * 1024 * 1024;
// Consider at most four planes of 16-bit samples.
constexpr uint32_t kMaxImageSize =
kMaxMem / (AVIF_PLANE_COUNT_YUV + 1) / sizeof(uint16_t);
// Reduce the limit further to include pixel buffer copies and other memory
// allocations.
constexpr uint32_t kImageSizeLimit = kMaxImageSize / 4;
// avifDecoderParse returns AVIF_RESULT_NOT_IMPLEMENTED if kImageSizeLimit is
// bigger than AVIF_DEFAULT_IMAGE_SIZE_LIMIT.
constexpr uint32_t kImageSizeLimit =
2560u * 512 * 512 / AVIF_MAX_AV1_LAYER_COUNT / sizeof(uint16_t);
static_assert(kImageSizeLimit <= AVIF_DEFAULT_IMAGE_SIZE_LIMIT,
"Too big an image size limit");
decoder->imageSizeLimit = kImageSizeLimit;
Expand Down
11 changes: 8 additions & 3 deletions tests/gtest/avif_fuzztest_read_image.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,14 @@ void ReadImageFile(const std::string& arbitrary_bytes,
ImagePtr avif_image(avifImageCreateEmpty());
avif_image->matrixCoefficients = matrix_coefficients;

// OSS-Fuzz limits the allocated memory to 2560 MB. Consider 16-bit samples.
constexpr uint32_t kImageSizeLimit =
2560u * 1024 * 1024 / AVIF_MAX_AV1_LAYER_COUNT / sizeof(uint16_t);
// OSS-Fuzz limits the allocated memory to 2560 MB.
constexpr uint32_t kMaxMem = 2560u * 1024 * 1024;
// Consider at most four planes of 16-bit samples.
constexpr uint32_t kMaxImageSize =
kMaxMem / (AVIF_PLANE_COUNT_YUV + 1) / sizeof(uint16_t);
// Reduce the limit further to include pixel buffer copies and other memory
// allocations.
constexpr uint32_t kImageSizeLimit = kMaxImageSize / 4;
// SharpYUV is computationally expensive. Avoid timeouts.
const uint32_t imageSizeLimit =
(chroma_downsampling == AVIF_CHROMA_DOWNSAMPLING_SHARP_YUV &&
Expand Down

0 comments on commit 063a461

Please sign in to comment.