OSS-Fuzz: Bail out immediately on decomp failure
Don't keep trying to decompress the same image if tj3Decompress*() has
already thrown an error. Otherwise, if the image has an excessive
number of scans, then each iteration of the loop will try to decompress
up to the scan limit, which may cause the overall test to time out even
if one iteration doesn't time out.
diff --git a/fuzz/decompress.cc b/fuzz/decompress.cc
index 1752e3e..12886f1 100644
--- a/fuzz/decompress.cc
+++ b/fuzz/decompress.cc
@@ -109,14 +109,16 @@
when using MemorySanitizer. */
for (i = 0; i < w * h * tjPixelSize[pf]; i++)
sum += ((unsigned char *)dstBuf)[i];
- }
+ } else
+ goto bailout;
} else if (precision == 12) {
if (tj3Decompress12(handle, data, size, (short *)dstBuf, 0, pf) == 0) {
/* Touch all of the output pixels in order to catch uninitialized reads
when using MemorySanitizer. */
for (i = 0; i < w * h * tjPixelSize[pf]; i++)
sum += ((short *)dstBuf)[i];
- }
+ } else
+ goto bailout;
} else {
if (tj3Decompress16(handle, data, size, (unsigned short *)dstBuf, 0,
pf) == 0) {
@@ -124,7 +126,8 @@
when using MemorySanitizer. */
for (i = 0; i < w * h * tjPixelSize[pf]; i++)
sum += ((unsigned short *)dstBuf)[i];
- }
+ } else
+ goto bailout;
}
free(dstBuf);
diff --git a/fuzz/decompress_yuv.cc b/fuzz/decompress_yuv.cc
index 125b163..fc262ef 100644
--- a/fuzz/decompress_yuv.cc
+++ b/fuzz/decompress_yuv.cc
@@ -100,7 +100,8 @@
when using MemorySanitizer. */
for (i = 0; i < w * h * tjPixelSize[pf]; i++)
sum += dstBuf[i];
- }
+ } else
+ goto bailout;
free(dstBuf);
dstBuf = NULL;
