From bcbca8b9bc3998102e1cdf21945a369949870b5b Mon Sep 17 00:00:00 2001 From: DRC Date: Thu, 12 Sep 2024 20:55:39 -0400 Subject: [PATCH] Fuzz: Calc. xformed buf size based on dst. subsamp (oversight from b3f0abe377f2dd83396c9d0d4176f684c122af3f) --- fuzz/transform.cc | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fuzz/transform.cc b/fuzz/transform.cc index 6497121f..d8262030 100644 --- a/fuzz/transform.cc +++ b/fuzz/transform.cc @@ -37,7 +37,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) tjhandle handle = NULL; unsigned char *dstBufs[1] = { NULL }; size_t dstSizes[1] = { 0 }, maxBufSize; - int width = 0, height = 0, jpegSubsamp, i; + int width = 0, height = 0, jpegSubsamp, dstSubsamp, i; tjtransform transforms[1]; if ((handle = tj3Init(TJINIT_TRANSFORM)) == NULL) @@ -124,12 +124,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) transforms[0].op = TJXOP_ROT90; transforms[0].options = TJXOPT_TRIM | TJXOPT_ARITHMETIC; + dstSubsamp = jpegSubsamp; + if (dstSubsamp == TJSAMP_422) dstSubsamp = TJSAMP_440; + else if (dstSubsamp == TJSAMP_440) dstSubsamp = TJSAMP_422; + else if (dstSubsamp == TJSAMP_411) dstSubsamp = TJSAMP_441; + else if (dstSubsamp == TJSAMP_441) dstSubsamp = TJSAMP_411; dstBufs[0] = - (unsigned char *)tj3Alloc(tj3JPEGBufSize(height, width, jpegSubsamp)); + (unsigned char *)tj3Alloc(tj3JPEGBufSize(height, width, dstSubsamp)); if (!dstBufs[0]) goto bailout; - maxBufSize = tj3JPEGBufSize(height, width, jpegSubsamp); + maxBufSize = tj3JPEGBufSize(height, width, dstSubsamp); if (tj3Transform(handle, data, size, 1, dstBufs, dstSizes, transforms) == 0) {