Google Git
Sign in
skia / external / github.com / libjpeg-turbo / libjpeg-turbo / 3ab3234875bd58320b1646c086f95511ab67c972^! / .
commit3ab3234875bd58320b1646c086f95511ab67c972[log] [tgz]
authorDRC <information@libjpeg-turbo.org>Tue Apr 13 11:51:29 2021 -0500
committerDRC <information@libjpeg-turbo.org>Tue Apr 13 11:58:20 2021 -0500
tree5dd6cef58f63cbdd65c7f025fe40d7f2de086c94
parent3e68a5ee202bd4306263c81f24d0ec1458dcaff0 [diff]
OSS-Fuzz: More code coverage improvements

diff --git a/fuzz/compress.cc b/fuzz/compress.cc
index f225669..6bf657e 100644
--- a/fuzz/compress.cc
+++ b/fuzz/compress.cc

@@ -56,7 +56,7 @@
     { TJPF_RGB, TJSAMP_444, 100 },
     { TJPF_BGR, TJSAMP_422, 90 },
     { TJPF_RGBX, TJSAMP_420, 80 },
-    { TJPF_BGRX, TJSAMP_411, 70 },
+    { TJPF_BGRA, TJSAMP_411, 70 },
     { TJPF_XRGB, TJSAMP_GRAY, 60 },
     { TJPF_GRAY, TJSAMP_GRAY, 50 },
     { TJPF_CMYK, TJSAMP_440, 40 }
@@ -77,15 +77,16 @@
     goto bailout;
 
   for (ti = 0; ti < NUMTESTS; ti++) {
-    int flags = TJFLAG_FUZZING | TJFLAG_NOREALLOC, sum = 0, pf = tests[ti].pf;
+    int flags = TJFLAG_FUZZING, sum = 0, pf = tests[ti].pf;
     unsigned long dstSize = 0, maxBufSize;
 
-    /* Test non-default compression options on the first and second
-       iterations. */
+    /* Test non-default compression options on specific iterations. */
     if (ti == 0)
       flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
     else if (ti == 1)
       flags |= TJFLAG_PROGRESSIVE;
+    if (ti != 2)
+      flags |= TJFLAG_NOREALLOC;
 
     /* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
        when FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined (yes, that's
@@ -95,8 +96,11 @@
       continue;
 
     maxBufSize = tjBufSize(width, height, tests[ti].subsamp);
-    if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
-      goto bailout;
+    if (flags & TJFLAG_NOREALLOC) {
+      if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
+        goto bailout;
+    } else
+      dstBuf = NULL;
 
     if (tjCompress2(handle, srcBuf, width, 0, height, pf, &dstBuf, &dstSize,
                     tests[ti].subsamp, tests[ti].quality, flags) == 0) {

diff --git a/fuzz/compress_yuv.cc b/fuzz/compress_yuv.cc
index 4a274de..6269d42 100644
--- a/fuzz/compress_yuv.cc
+++ b/fuzz/compress_yuv.cc

@@ -60,13 +60,17 @@
     { TJPF_BGR, TJSAMP_GRAY, 60 },
     { TJPF_GRAY, TJSAMP_GRAY, 50 }
   };
+  char arithEnv[16] = "TJ_ARITHMETIC=0";
+  char restartEnv[13] = "TJ_RESTART=0";
 #if defined(__has_feature) && __has_feature(memory_sanitizer)
-  char env[18] = "JSIMD_FORCENONE=1";
+  char simdEnv[18] = "JSIMD_FORCENONE=1";
 
   /* The libjpeg-turbo SIMD extensions produce false positives with
      MemorySanitizer. */
-  putenv(env);
+  putenv(simdEnv);
 #endif
+  putenv(arithEnv);
+  putenv(restartEnv);
 
   snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress_yuv_fuzz.XXXXXX");
   if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
@@ -79,12 +83,19 @@
     int flags = TJFLAG_FUZZING | TJFLAG_NOREALLOC, sum = 0, pf = tests[ti].pf;
     unsigned long dstSize = 0, maxBufSize;
 
-    /* Test non-default compression options on the first and second
-       iterations. */
+    /* Test non-default compression options on specific iterations. */
     if (ti == 0)
       flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
-    else if (ti == 1)
+    else if (ti == 1 || ti == 3)
       flags |= TJFLAG_PROGRESSIVE;
+    if (ti == 2 || ti == 3)
+      arithEnv[14] = '1';
+    else
+      arithEnv[14] = '0';
+    if (ti == 1 || ti == 2)
+      restartEnv[11] = '2';
+    else
+      restartEnv[11] = '0';
 
     /* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
        when FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined (yes, that's