opj_decompress_fuzzer.cpp: reject images with too big tiles. Fixes https://bugs.chrom...

[openjpeg.git] / tests / fuzzers / opj_decompress_fuzzer.cpp

diff --git a/tests/fuzzers/opj_decompress_fuzzer.cpp b/tests/fuzzers/opj_decompress_fuzzer.cpp
index 82f9ea6a8a9b1b03765b4da20c265590d5923299..f16e3edc6d04c900c7c45c849d2c4b680f28ab0e 100644 (file)
--- a/tests/fuzzers/opj_decompress_fuzzer.cpp
+++ b/tests/fuzzers/opj_decompress_fuzzer.cpp
@@ -165,6 +165,22 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
         return 0;
     }
 
+    // Also reject too big tiles.
+    // TODO: remove this limitation when subtile decoding no longer imply
+    // allocation memory for whole tile
+    opj_codestream_info_v2_t* pCodeStreamInfo = opj_get_cstr_info(pCodec);
+    OPJ_UINT32 nTileW, nTileH;
+    nTileW = pCodeStreamInfo->tdx;
+    nTileH = pCodeStreamInfo->tdy;
+    opj_destroy_cstr_info(&pCodeStreamInfo);
+    if (nTileW > 2048 || nTileH > 2048) {
+        opj_stream_destroy(pStream);
+        opj_destroy_codec(pCodec);
+        opj_image_destroy(psImage);
+
+        return 0;
+    }
+
     OPJ_UINT32 width_to_read = width;
     if (width_to_read > 1024) {
         width_to_read = 1024;