diff options
Diffstat (limited to 'contrib/oss-fuzz/libpng_read_fuzzer.cc')
-rw-r--r-- | contrib/oss-fuzz/libpng_read_fuzzer.cc | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc index 2b7270e62..bfce5bc98 100644 --- a/contrib/oss-fuzz/libpng_read_fuzzer.cc +++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc @@ -136,9 +136,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Reading. png_read_info(png_handler.png_ptr, png_handler.info_ptr); - png_handler.row_ptr = png_malloc( - png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, - png_handler.info_ptr)); // reset error handler to put png_deleter into scope. if (setjmp(png_jmpbuf(png_handler.png_ptr))) { @@ -174,6 +171,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { png_read_update_info(png_handler.png_ptr, png_handler.png_info_ptr); + png_handler.row_ptr = png_malloc( + png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, + png_handler.info_ptr)); + for (int pass = 0; pass < passes; ++pass) { for (png_uint_32 y = 0; y < height; ++y) { png_read_row(png_handler.png_ptr, |