Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: testing/libfuzzer/fuzzers/libpng_read_fuzzer.cc

Issue 2377293002: [libfuzzer] libpng_read_fuzzer: call png_set_user_limits() for MSan. (Closed)
Patch Set: Rebase onto fresh master checkout. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stddef.h> 5 #include <stddef.h>
6 #include <stdint.h> 6 #include <stdint.h>
7 7
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 28 matching lines...) Expand all
39 std::vector<unsigned char> v(data, data + size); 39 std::vector<unsigned char> v(data, data + size);
40 if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) { 40 if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) {
41 // not a PNG. 41 // not a PNG.
42 return 0; 42 return 0;
43 } 43 }
44 44
45 png_structp png_ptr = png_create_read_struct 45 png_structp png_ptr = png_create_read_struct
46 (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); 46 (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr);
47 assert(png_ptr); 47 assert(png_ptr);
48 48
49 #ifdef MEMORY_SANITIZER
50 // To avoid OOM with MSan (crbug.com/648073). These values are recommended as
51 // safe settings by https://github.com/glennrp/libpng/blob/libpng16/pngusr.dfa
52 png_set_user_limits(png_ptr, 65535, 65535);
53 #endif
54
49 png_set_crc_action(png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); 55 png_set_crc_action(png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE);
50 56
51 png_infop info_ptr = png_create_info_struct(png_ptr); 57 png_infop info_ptr = png_create_info_struct(png_ptr);
52 assert(info_ptr); 58 assert(info_ptr);
53 59
54 base::ScopedClosureRunner struct_deleter(base::Bind( 60 base::ScopedClosureRunner struct_deleter(base::Bind(
55 &png_destroy_read_struct, &png_ptr, &info_ptr, nullptr)); 61 &png_destroy_read_struct, &png_ptr, &info_ptr, nullptr));
56 62
57 // Setting up reading from buffer. 63 // Setting up reading from buffer.
58 std::unique_ptr<BufState> buf_state(new BufState()); 64 std::unique_ptr<BufState> buf_state(new BufState());
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
95 png_start_read_image(png_ptr); 101 png_start_read_image(png_ptr);
96 102
97 for (int pass = 0; pass < passes; ++pass) { 103 for (int pass = 0; pass < passes; ++pass) {
98 for (png_uint_32 y = 0; y < height; ++y) { 104 for (png_uint_32 y = 0; y < height; ++y) {
99 png_read_row(png_ptr, static_cast<png_bytep>(row), NULL); 105 png_read_row(png_ptr, static_cast<png_bytep>(row), NULL);
100 } 106 }
101 } 107 }
102 108
103 return 0; 109 return 0;
104 } 110 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698