Skip to content
Permalink
Browse files

tighten fuzz size limits

we are still seeing timeouts
  • Loading branch information...
jcupitt committed Oct 30, 2019
1 parent acb68c8 commit 7c5971392cabb9b8de7e3bc774fe508d83c58759
@@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -19,11 +19,9 @@ test_one_file( const char *name )
NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -22,17 +22,15 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
struct mosaic_opt *opt;
double d;

if( size < sizeof(struct mosaic_opt) )
if( size < sizeof( struct mosaic_opt ) )
return( 0 );

if( !(ref = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( ref->Xsize > 1024 ||
ref->Ysize > 1024 ||
ref->Bands > 10 ) {
if( ref->Xsize > 100 ||
ref->Ysize > 100 ||
ref->Bands > 4 ) {
g_object_unref( ref );
return( 0 );
}
@@ -44,10 +42,10 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )

/* Extract some bytes from the tail to fuzz the arguments of the API.
*/
opt = (struct mosaic_opt *) (data + size - sizeof(struct mosaic_opt));
opt = (struct mosaic_opt *) (data + size - sizeof( struct mosaic_opt ));

if( vips_mosaic( ref, sec, &out, (VipsDirection) opt->dir,
opt->xref, opt->yref, opt->xsec, opt->ysec, NULL ) ) {
opt->xref, opt->yref, opt->xsec, opt->ysec, NULL ) ) {
g_object_unref( sec );
g_object_unref( ref );
return( 0 );
@@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -16,11 +16,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}
@@ -17,11 +17,9 @@ LLVMFuzzerTestOneInput( const guint8 *data, size_t size )
if( !(image = vips_image_new_from_buffer( data, size, "", NULL )) )
return( 0 );

/* Skip big images. They are likely to timeout.
*/
if( image->Xsize > 1024 ||
image->Ysize > 1024 ||
image->Bands > 10 ) {
if( image->Xsize > 100 ||
image->Ysize > 100 ||
image->Bands > 4 ) {
g_object_unref( image );
return( 0 );
}

0 comments on commit 7c59713

Please sign in to comment.
You can’t perform that action at this time.