Limit scaling in libwebp advanced_api_fuzzer.c

Change-Id: Ic1e3fdc76f4bdcb1ac68cf4f9334d2e77ca29374
webmproject · Jan 27, 2023 · 7361842 · 7361842
1 parent b54d21a
commit 7361842
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/tests/fuzzer/advanced_api_fuzzer.c b/tests/fuzzer/advanced_api_fuzzer.c
@@ -69,9 +69,14 @@ int LLVMFuzzerTestOneInput(const uint8_t* const data, size_t size) {
       // files prepended with sizeof(config.options) zeroes to allow the fuzzer
       // to modify these independently.
       const int data_offset = 50;
-      if (size > data_offset + sizeof(config.options)) {
-        memcpy(&config.options, data + data_offset, sizeof(config.options));
-      } else {
+      if (data_offset + sizeof(config.options) >= size) break;
+      memcpy(&config.options, data + data_offset, sizeof(config.options));
+
+      // Skip easily avoidable out-of-memory fuzzing errors.
+      if (config.options.use_scaling && config.options.scaled_width > 0 &&
+          config.options.scaled_height > 0 &&
+          (size_t)config.options.scaled_width * config.options.scaled_height >
+              kFuzzPxLimit) {
         break;
       }
     }