ryan/mozjpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OSS-Fuzz: More MSan fixes

Browse Source 
We need to use tj3Alloc() (which, when ZERO_BUFFERS is defined, calls
calloc() instead of malloc()) to allocate all destination buffers.
Otherwise, if the compression/decompression/transform operation fails,
then the buffer checksum (which is computed to prevent the compiler from
optimizing out the whole test, since the destination buffer is never
used otherwise) will depend upon values in the destination buffer that
were never written, and MSan will complain.
This commit is contained in:
DRC
2024-08-19 10:06:59 -04:00
parent 488d42a8a5
commit 562ad7612e
7 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
fuzz/compress12_lossless.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -85,7 +85,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444); maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444);
if (tj3Get(handle, TJPARAM_NOREALLOC)) { if (tj3Get(handle, TJPARAM_NOREALLOC)) {
if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL) if ((dstBuf = (unsigned char *)tj3Alloc(maxBufSize)) == NULL)
goto bailout; goto bailout;
} else } else
dstBuf = NULL; dstBuf = NULL;

4
fuzz/compress16_lossless.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -85,7 +85,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444); maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444);
if (tj3Get(handle, TJPARAM_NOREALLOC)) { if (tj3Get(handle, TJPARAM_NOREALLOC)) {
if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL) if ((dstBuf = (unsigned char *)tj3Alloc(maxBufSize)) == NULL)
goto bailout; goto bailout;
} else } else
dstBuf = NULL; dstBuf = NULL;

4
fuzz/compress_lossless.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -84,7 +84,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444); maxBufSize = tj3JPEGBufSize(width, height, TJSAMP_444);
if (tj3Get(handle, TJPARAM_NOREALLOC)) { if (tj3Get(handle, TJPARAM_NOREALLOC)) {
if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL) if ((dstBuf = (unsigned char *)tj3Alloc(maxBufSize)) == NULL)
goto bailout; goto bailout;
} else } else
dstBuf = NULL; dstBuf = NULL;

4
fuzz/compress_yuv.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -87,7 +87,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
continue; continue;
maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp); maxBufSize = tj3JPEGBufSize(width, height, tests[ti].subsamp);
if ((dstBuf = (unsigned char *)malloc(maxBufSize)) == NULL) if ((dstBuf = (unsigned char *)tj3Alloc(maxBufSize)) == NULL)
goto bailout; goto bailout;
if ((yuvBuf = if ((yuvBuf =
(unsigned char *)malloc(tj3YUVBufSize(width, 1, height, (unsigned char *)malloc(tj3YUVBufSize(width, 1, height,

4
fuzz/decompress.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -95,7 +95,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
tj3SetCroppingRegion(handle, TJUNCROPPED); tj3SetCroppingRegion(handle, TJUNCROPPED);
} }
if ((dstBuf = malloc(w * h * tjPixelSize[pf] * sampleSize)) == NULL) if ((dstBuf = tj3Alloc(w * h * tjPixelSize[pf] * sampleSize)) == NULL)
goto bailout; goto bailout;
if (precision == 8) { if (precision == 8) {

4
fuzz/decompress_yuv.cc
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (C)2021-2023 D. R. Commander. All Rights Reserved. * Copyright (C)2021-2024 D. R. Commander. All Rights Reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met: * modification, are permitted provided that the following conditions are met:
@@ -83,7 +83,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
tj3SetScalingFactor(handle, TJUNSCALED); tj3SetScalingFactor(handle, TJUNSCALED);
} }
if ((dstBuf = (unsigned char *)malloc(w * h * tjPixelSize[pf])) == NULL) if ((dstBuf = (unsigned char *)tj3Alloc(w * h * tjPixelSize[pf])) == NULL)
goto bailout; goto bailout;
if ((yuvBuf = if ((yuvBuf =
(unsigned char *)malloc(tj3YUVBufSize(w, 1, h, jpegSubsamp))) == NULL) (unsigned char *)malloc(tj3YUVBufSize(w, 1, h, jpegSubsamp))) == NULL)

6
fuzz/transform.cc
View File

@@ -101,8 +101,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
transforms[0].options = TJXOPT_GRAY | TJXOPT_CROP | TJXOPT_COPYNONE | transforms[0].options = TJXOPT_GRAY | TJXOPT_CROP | TJXOPT_COPYNONE |
TJXOPT_OPTIMIZE; TJXOPT_OPTIMIZE;
dstBufs[0] = dstBufs[0] =
(unsigned char *)malloc(tj3JPEGBufSize((height + 1) / 2, (width + 1) / 2, (unsigned char *)tj3Alloc(tj3JPEGBufSize((height + 1) / 2, (width + 1) / 2,
jpegSubsamp)); jpegSubsamp));
if (!dstBufs[0]) if (!dstBufs[0])
goto bailout; goto bailout;
@@ -125,7 +125,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
transforms[0].op = TJXOP_ROT90; transforms[0].op = TJXOP_ROT90;
transforms[0].options = TJXOPT_TRIM | TJXOPT_ARITHMETIC; transforms[0].options = TJXOPT_TRIM | TJXOPT_ARITHMETIC;
dstBufs[0] = dstBufs[0] =
(unsigned char *)malloc(tj3JPEGBufSize(height, width, jpegSubsamp)); (unsigned char *)tj3Alloc(tj3JPEGBufSize(height, width, jpegSubsamp));
if (!dstBufs[0]) if (!dstBufs[0])
goto bailout; goto bailout;