diff options
Diffstat (limited to 'examples/libjpeg/persistent-jpeg.c')
-rw-r--r-- | examples/libjpeg/persistent-jpeg.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/examples/libjpeg/persistent-jpeg.c b/examples/libjpeg/persistent-jpeg.c index 00bfc1ea..e40d1093 100644 --- a/examples/libjpeg/persistent-jpeg.c +++ b/examples/libjpeg/persistent-jpeg.c @@ -35,7 +35,7 @@ static const char* const cdjpeg_message_table[] = { #include "cderror.h" NULL}; -static uint64_t max_total_pixels = 1000000000ULL; /* 1G */ +static uint64_t max_hv_size = 10000; int LLVMFuzzerInitialize(int* argc, char*** argv) { null_fd = open("/dev/null", O_WRONLY); @@ -48,9 +48,9 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { jpeg_create_decompress(&cinfo); - /* If there are any arguments provided, limit width*height to this value */ + /* If there are any arguments provided, limit width and height to this value */ if (*argc > 1) { - max_total_pixels = strtoull((*argv)[1], NULL, 0); + max_hv_size = strtoull((*argv)[1], NULL, 0); } return 0; } @@ -63,9 +63,11 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { jpeg_mem_src(&cinfo, buf, len); jpeg_read_header(&cinfo, TRUE); - /* Limit total number of pixels to decode to 50M */ - uint64_t total_pix = (uint64_t)cinfo.output_height * (uint64_t)cinfo.output_width; - if (total_pix > max_total_pixels) { + /* Make sure the picture's resultion is reasonable */ + if ((uint64_t)cinfo.output_height > max_hv_size) { + goto out; + } + if ((uint64_t)cinfo.output_width > max_hv_size) { goto out; } |