opj_decompress_fuzzer.cpp: reject images with too big tiles. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2918. Credit to OSS Fuzz

author: Even Rouault <even.rouault@spatialys.com> 2017-08-17 12:01:16 +0200
committer: Even Rouault <even.rouault@spatialys.com> 2017-08-17 12:01:16 +0200
commit: 1ab6e0e07a67193564811c5720a69cb28f09a809 (patch)
tree: 7a00a3154c3728f4187a550d538920d28db1604b /tests
parent: 2cd30c2b06ce332dede81cccad8b334cde997281 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/tests/fuzzers/opj_decompress_fuzzer.cpp b/tests/fuzzers/opj_decompress_fuzzer.cpp
index 82f9ea6a..f16e3edc 100644
--- a/tests/fuzzers/opj_decompress_fuzzer.cpp
+++ b/tests/fuzzers/opj_decompress_fuzzer.cpp
@@ -165,6 +165,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
         return 0;
     }
 
+    // Also reject too big tiles.
+    // TODO: remove this limitation when subtile decoding no longer imply
+    // allocation memory for whole tile
+    opj_codestream_info_v2_t* pCodeStreamInfo = opj_get_cstr_info(pCodec);
+    OPJ_UINT32 nTileW, nTileH;
+    nTileW = pCodeStreamInfo->tdx;
+    nTileH = pCodeStreamInfo->tdy;
+    opj_destroy_cstr_info(&pCodeStreamInfo);
+    if (nTileW > 2048 || nTileH > 2048) {
+        opj_stream_destroy(pStream);
+        opj_destroy_codec(pCodec);
+        opj_image_destroy(psImage);
+
+        return 0;
+    }
+
     OPJ_UINT32 width_to_read = width;
     if (width_to_read > 1024) {
         width_to_read = 1024;
author	Even Rouault <even.rouault@spatialys.com>	2017-08-17 12:01:16 +0200
committer	Even Rouault <even.rouault@spatialys.com>	2017-08-17 12:01:16 +0200
commit	1ab6e0e07a67193564811c5720a69cb28f09a809 (patch)
tree	7a00a3154c3728f4187a550d538920d28db1604b /tests
parent	2cd30c2b06ce332dede81cccad8b334cde997281 (diff)