diff options
| author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-09-24 09:25:12 -0500 |
|---|---|---|
| committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-09-24 09:25:12 -0500 |
| commit | 346cbf2c2ae9c93fb0947b1edb3daf041cc5f5c4 (patch) | |
| tree | 2253419bb7c526179d9725e4f73a79d47898f1a8 | |
| parent | 8eb79b3435086935ec64aae74c5c730d75617979 (diff) | |
| download | libpng-346cbf2c2ae9c93fb0947b1edb3daf041cc5f5c4.tar.gz | |
[libpng16] Another attempt to defeat the fuzzer optimizer
| -rw-r--r-- | contrib/oss-fuzz/libpng_read_fuzzer.cc | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc index 12208f402..ef844e593 100644 --- a/contrib/oss-fuzz/libpng_read_fuzzer.cc +++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc @@ -169,14 +169,23 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { int passes = png_set_interlace_handling(png_handler.png_ptr); png_start_read_image(png_handler.png_ptr); - /* To do: prevent the optimizer from removing this code entirely */ + /* prevent the optimizer from removing this code entirely */ + int max_sample = 0; for (int pass = 0; pass < passes; ++pass) { for (png_uint_32 y = 0; y < height; ++y) { png_read_row(png_handler.png_ptr, static_cast<png_bytep>(png_handler.row_ptr), nullptr); + max_sample = png_handler.row_ptr[0] > max_sample ? + png_handler.row_ptr[0] : max_sample; } } + /* I hope the compiler doesn't figure out that this cannot happen */ + if (max_sample > 255) { + PNG_CLEANUP + return 0; + } + png_read_end(png_handler.png_ptr, png_handler.end_info_ptr); PNG_CLEANUP |