From 5b35f212ac50a59b6dcdff154db6a93ed1c136a7 Mon Sep 17 00:00:00 2001 From: Zepeng Hu Date: Sun, 14 Jun 2020 19:03:34 +0000 Subject: [PATCH] replace max_len with if statements --- fuzz/oss_fuzz/FuzzAPIImageFilter.cpp | 3 +++ fuzz/oss_fuzz/FuzzAPISkDescriptor.cpp | 3 +++ fuzz/oss_fuzz/FuzzAndroidCodec.cpp | 3 +++ fuzz/oss_fuzz/FuzzAnimatedImage.cpp | 3 +++ fuzz/oss_fuzz/FuzzDrawFunctions.cpp | 3 +++ fuzz/oss_fuzz/FuzzGradients.cpp | 3 +++ fuzz/oss_fuzz/FuzzImage.cpp | 3 +++ fuzz/oss_fuzz/FuzzIncrementalImage.cpp | 3 +++ fuzz/oss_fuzz/FuzzJPEGEncoder.cpp | 3 +++ fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp | 3 +++ fuzz/oss_fuzz/FuzzNullCanvas.cpp | 3 +++ fuzz/oss_fuzz/FuzzPNGEncoder.cpp | 3 +++ fuzz/oss_fuzz/FuzzPathDeserialize.cpp | 2 +- fuzz/oss_fuzz/FuzzPathMeasure.cpp | 3 +++ fuzz/oss_fuzz/FuzzPathop.cpp | 3 +++ fuzz/oss_fuzz/FuzzPolyUtils.cpp | 3 +++ fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp | 3 +++ fuzz/oss_fuzz/FuzzRegionDeserialize.cpp | 3 +++ fuzz/oss_fuzz/FuzzRegionSetPath.cpp | 3 +++ fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp | 3 +++ fuzz/oss_fuzz/FuzzSKSL2Metal.cpp | 3 +++ fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp | 3 +++ fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp | 3 +++ fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp | 3 +++ fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp | 3 +++ fuzz/oss_fuzz/FuzzWEBPEncoder.cpp | 3 +++ 26 files changed, 76 insertions(+), 1 deletion(-) diff --git a/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp b/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp index 03394d3077c3c..f78fadddbd167 100644 --- a/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp +++ b/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp @@ -10,6 +10,9 @@ void fuzz_ImageFilter(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_ImageFilter(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzAPISkDescriptor.cpp b/fuzz/oss_fuzz/FuzzAPISkDescriptor.cpp index e1e76411ceca2..35a37a30404b1 100644 --- a/fuzz/oss_fuzz/FuzzAPISkDescriptor.cpp +++ b/fuzz/oss_fuzz/FuzzAPISkDescriptor.cpp @@ -11,6 +11,9 @@ void fuzz_SkDescriptor(Fuzz* f); #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_SkDescriptor(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzAndroidCodec.cpp b/fuzz/oss_fuzz/FuzzAndroidCodec.cpp index 7ab8833fd5917..6378c9031052f 100644 --- a/fuzz/oss_fuzz/FuzzAndroidCodec.cpp +++ b/fuzz/oss_fuzz/FuzzAndroidCodec.cpp @@ -52,6 +52,9 @@ bool FuzzAndroidCodec(sk_sp bytes, uint8_t sampleSize) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 10240) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); Fuzz fuzz(bytes); uint8_t sampleSize; diff --git a/fuzz/oss_fuzz/FuzzAnimatedImage.cpp b/fuzz/oss_fuzz/FuzzAnimatedImage.cpp index 0c64bb9b61edd..dbe8567cde34b 100644 --- a/fuzz/oss_fuzz/FuzzAnimatedImage.cpp +++ b/fuzz/oss_fuzz/FuzzAnimatedImage.cpp @@ -38,6 +38,9 @@ bool FuzzAnimatedImage(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 10240) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzAnimatedImage(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzDrawFunctions.cpp b/fuzz/oss_fuzz/FuzzDrawFunctions.cpp index 906a025046a38..71e5a95d4bd79 100644 --- a/fuzz/oss_fuzz/FuzzDrawFunctions.cpp +++ b/fuzz/oss_fuzz/FuzzDrawFunctions.cpp @@ -10,6 +10,9 @@ void fuzz_DrawFunctions(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_DrawFunctions(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzGradients.cpp b/fuzz/oss_fuzz/FuzzGradients.cpp index 47809be333034..cbabfa4f6259f 100644 --- a/fuzz/oss_fuzz/FuzzGradients.cpp +++ b/fuzz/oss_fuzz/FuzzGradients.cpp @@ -10,6 +10,9 @@ void fuzz_Gradients(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_Gradients(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzImage.cpp b/fuzz/oss_fuzz/FuzzImage.cpp index 0ae18d4112df7..c2997b02b4bb9 100644 --- a/fuzz/oss_fuzz/FuzzImage.cpp +++ b/fuzz/oss_fuzz/FuzzImage.cpp @@ -30,6 +30,9 @@ bool FuzzImageDecode(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 10240) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzImageDecode(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzIncrementalImage.cpp b/fuzz/oss_fuzz/FuzzIncrementalImage.cpp index c57cbb94ee0c6..2867a893473d9 100644 --- a/fuzz/oss_fuzz/FuzzIncrementalImage.cpp +++ b/fuzz/oss_fuzz/FuzzIncrementalImage.cpp @@ -47,6 +47,9 @@ bool FuzzIncrementalImageDecode(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 10240) { + return size; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzIncrementalImageDecode(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp b/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp index cc4cb7911ae15..cb7b2366ac73d 100644 --- a/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp +++ b/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp @@ -10,6 +10,9 @@ void fuzz_JPEGEncoder(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 262150) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_JPEGEncoder(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp b/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp index 05d4d963731f1..a18088c44e7ea 100644 --- a/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp +++ b/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp @@ -20,6 +20,9 @@ extern "C" { } int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } gSkFontMgr_DefaultFactory = &ToolUtils::MakePortableFontMgr; auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_MockGPUCanvas(&fuzz); diff --git a/fuzz/oss_fuzz/FuzzNullCanvas.cpp b/fuzz/oss_fuzz/FuzzNullCanvas.cpp index a0483ba78ca52..56235bc24f00a 100644 --- a/fuzz/oss_fuzz/FuzzNullCanvas.cpp +++ b/fuzz/oss_fuzz/FuzzNullCanvas.cpp @@ -12,6 +12,9 @@ void fuzz_NullCanvas(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } gSkFontMgr_DefaultFactory = &ToolUtils::MakePortableFontMgr; auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_NullCanvas(&fuzz); diff --git a/fuzz/oss_fuzz/FuzzPNGEncoder.cpp b/fuzz/oss_fuzz/FuzzPNGEncoder.cpp index d0eb09cf0f7f3..11e49890799b1 100644 --- a/fuzz/oss_fuzz/FuzzPNGEncoder.cpp +++ b/fuzz/oss_fuzz/FuzzPNGEncoder.cpp @@ -10,6 +10,9 @@ void fuzz_PNGEncoder(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 262150) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_PNGEncoder(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp index 05d495c26ebcb..c60b593f56900 100644 --- a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp +++ b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp @@ -28,7 +28,7 @@ void FuzzPathDeserialize(SkReadBuffer& buf) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (size < 4) { + if (size < 4 || size > 2000) { return 0; } uint32_t packed; diff --git a/fuzz/oss_fuzz/FuzzPathMeasure.cpp b/fuzz/oss_fuzz/FuzzPathMeasure.cpp index a6cebe6829e5a..a6825a799b9cf 100644 --- a/fuzz/oss_fuzz/FuzzPathMeasure.cpp +++ b/fuzz/oss_fuzz/FuzzPathMeasure.cpp @@ -10,6 +10,9 @@ void fuzz_PathMeasure(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_PathMeasure(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzPathop.cpp b/fuzz/oss_fuzz/FuzzPathop.cpp index a40d29b74a854..5ce51108fbb7a 100644 --- a/fuzz/oss_fuzz/FuzzPathop.cpp +++ b/fuzz/oss_fuzz/FuzzPathop.cpp @@ -10,6 +10,9 @@ void fuzz_Pathop(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_Pathop(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzPolyUtils.cpp b/fuzz/oss_fuzz/FuzzPolyUtils.cpp index 063aee79494e0..ab55ecb6dc5a3 100644 --- a/fuzz/oss_fuzz/FuzzPolyUtils.cpp +++ b/fuzz/oss_fuzz/FuzzPolyUtils.cpp @@ -10,6 +10,9 @@ void fuzz_PolyUtils(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_PolyUtils(&fuzz); return 0; diff --git a/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp b/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp index ba56148486753..f6559a74b0ac4 100644 --- a/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp +++ b/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp @@ -12,6 +12,9 @@ void fuzz_RasterN32Canvas(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 4000) { + return 0; + } gSkFontMgr_DefaultFactory = &ToolUtils::MakePortableFontMgr; auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_RasterN32Canvas(&fuzz); diff --git a/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp b/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp index da4615ab1a980..0e947533adb18 100644 --- a/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp +++ b/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp @@ -36,6 +36,9 @@ bool FuzzRegionDeserialize(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 512) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzRegionDeserialize(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzRegionSetPath.cpp b/fuzz/oss_fuzz/FuzzRegionSetPath.cpp index 369b92b5075a0..ff4130ce5c7d1 100644 --- a/fuzz/oss_fuzz/FuzzRegionSetPath.cpp +++ b/fuzz/oss_fuzz/FuzzRegionSetPath.cpp @@ -38,6 +38,9 @@ void FuzzRegionSetPath(Fuzz* fuzz) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 512) { + return 0; + } sk_sp bytes(SkData::MakeWithoutCopy(data, size)); Fuzz fuzz(bytes); FuzzRegionSetPath(&fuzz); diff --git a/fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp b/fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp index f0acc48723fa2..7133e73801d3f 100644 --- a/fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp +++ b/fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp @@ -29,6 +29,9 @@ bool FuzzSKSL2GLSL(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 3000) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzSKSL2GLSL(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzSKSL2Metal.cpp b/fuzz/oss_fuzz/FuzzSKSL2Metal.cpp index 06730c33d8c45..ca0a7f40f0aa6 100644 --- a/fuzz/oss_fuzz/FuzzSKSL2Metal.cpp +++ b/fuzz/oss_fuzz/FuzzSKSL2Metal.cpp @@ -29,6 +29,9 @@ bool FuzzSKSL2Metal(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 3000) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzSKSL2Metal(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp b/fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp index 4923eeb50fcc8..48e6ee89b5c5b 100644 --- a/fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp +++ b/fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp @@ -29,6 +29,9 @@ bool FuzzSKSL2Pipeline(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 3000) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzSKSL2Pipeline(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp b/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp index dac6133dc01e2..f762f7ca79538 100644 --- a/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp +++ b/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp @@ -29,6 +29,9 @@ bool FuzzSKSL2SPIRV(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 3000) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzSKSL2SPIRV(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp b/fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp index 9505eb715798f..30174bbf75084 100644 --- a/fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp +++ b/fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp @@ -29,6 +29,9 @@ void FuzzSkDescriptorDeserialize(sk_sp bytes) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 1024) { + return 0; + } auto bytes = SkData::MakeWithoutCopy(data, size); FuzzSkDescriptorDeserialize(bytes); return 0; diff --git a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp index 975eeb8b01d1f..37460d1925c42 100644 --- a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp +++ b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp @@ -29,6 +29,9 @@ void FuzzTextBlobDeserialize(SkReadBuffer& buf) { #if defined(IS_FUZZING_WITH_LIBFUZZER) extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 1024) { + return 0; + } gSkFontMgr_DefaultFactory = &ToolUtils::MakePortableFontMgr; SkReadBuffer buf(data, size); FuzzTextBlobDeserialize(buf); diff --git a/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp b/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp index 40d84b7100f7d..dcaaddc811293 100644 --- a/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp +++ b/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp @@ -10,6 +10,9 @@ void fuzz_WEBPEncoder(Fuzz* f); extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size > 262150) { + return 0; + } auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); fuzz_WEBPEncoder(&fuzz); return 0;