OSS-Fuzz: More code coverage improvements
diff --git a/fuzz/compress.cc b/fuzz/compress.cc
index f225669..6bf657e 100644
--- a/fuzz/compress.cc
+++ b/fuzz/compress.cc
@@ -56,7 +56,7 @@
{ TJPF_RGB, TJSAMP_444, 100 },
{ TJPF_BGR, TJSAMP_422, 90 },
{ TJPF_RGBX, TJSAMP_420, 80 },
- { TJPF_BGRX, TJSAMP_411, 70 },
+ { TJPF_BGRA, TJSAMP_411, 70 },
{ TJPF_XRGB, TJSAMP_GRAY, 60 },
{ TJPF_GRAY, TJSAMP_GRAY, 50 },
{ TJPF_CMYK, TJSAMP_440, 40 }
@@ -77,15 +77,16 @@
goto bailout;
for (ti = 0; ti < NUMTESTS; ti++) {
- int flags = TJFLAG_FUZZING | TJFLAG_NOREALLOC, sum = 0, pf = tests[ti].pf;
+ int flags = TJFLAG_FUZZING, sum = 0, pf = tests[ti].pf;
unsigned long dstSize = 0, maxBufSize;
- /* Test non-default compression options on the first and second
- iterations. */
+ /* Test non-default compression options on specific iterations. */
if (ti == 0)
flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
else if (ti == 1)
flags |= TJFLAG_PROGRESSIVE;
+ if (ti != 2)
+ flags |= TJFLAG_NOREALLOC;
/* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
when FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined (yes, that's
@@ -95,8 +96,11 @@
continue;
maxBufSize = tjBufSize(width, height, tests[ti].subsamp);
- if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
- goto bailout;
+ if (flags & TJFLAG_NOREALLOC) {
+ if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL)
+ goto bailout;
+ } else
+ dstBuf = NULL;
if (tjCompress2(handle, srcBuf, width, 0, height, pf, &dstBuf, &dstSize,
tests[ti].subsamp, tests[ti].quality, flags) == 0) {
diff --git a/fuzz/compress_yuv.cc b/fuzz/compress_yuv.cc
index 4a274de..6269d42 100644
--- a/fuzz/compress_yuv.cc
+++ b/fuzz/compress_yuv.cc
@@ -60,13 +60,17 @@
{ TJPF_BGR, TJSAMP_GRAY, 60 },
{ TJPF_GRAY, TJSAMP_GRAY, 50 }
};
+ char arithEnv[16] = "TJ_ARITHMETIC=0";
+ char restartEnv[13] = "TJ_RESTART=0";
#if defined(__has_feature) && __has_feature(memory_sanitizer)
- char env[18] = "JSIMD_FORCENONE=1";
+ char simdEnv[18] = "JSIMD_FORCENONE=1";
/* The libjpeg-turbo SIMD extensions produce false positives with
MemorySanitizer. */
- putenv(env);
+ putenv(simdEnv);
#endif
+ putenv(arithEnv);
+ putenv(restartEnv);
snprintf(filename, FILENAME_MAX, "/tmp/libjpeg-turbo_compress_yuv_fuzz.XXXXXX");
if ((fd = mkstemp(filename)) < 0 || write(fd, data, size) < 0)
@@ -79,12 +83,19 @@
int flags = TJFLAG_FUZZING | TJFLAG_NOREALLOC, sum = 0, pf = tests[ti].pf;
unsigned long dstSize = 0, maxBufSize;
- /* Test non-default compression options on the first and second
- iterations. */
+ /* Test non-default compression options on specific iterations. */
if (ti == 0)
flags |= TJFLAG_BOTTOMUP | TJFLAG_ACCURATEDCT;
- else if (ti == 1)
+ else if (ti == 1 || ti == 3)
flags |= TJFLAG_PROGRESSIVE;
+ if (ti == 2 || ti == 3)
+ arithEnv[14] = '1';
+ else
+ arithEnv[14] = '0';
+ if (ti == 1 || ti == 2)
+ restartEnv[11] = '2';
+ else
+ restartEnv[11] = '0';
/* tjLoadImage() ignores 0-pixel images and images larger than 1 Megapixel
when FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined (yes, that's