summaryrefslogtreecommitdiff
path: root/util/fuzz-tests/jpeg-test.c
diff options
context:
space:
mode:
Diffstat (limited to 'util/fuzz-tests/jpeg-test.c')
-rw-r--r--util/fuzz-tests/jpeg-test.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/util/fuzz-tests/jpeg-test.c b/util/fuzz-tests/jpeg-test.c
index da21824b6e..4a925384ac 100644
--- a/util/fuzz-tests/jpeg-test.c
+++ b/util/fuzz-tests/jpeg-test.c
@@ -19,18 +19,23 @@ int main(int argc, char **argv)
if (fseek(f, 0, SEEK_SET) != 0)
return 1;
- char *buf = malloc(len);
- struct jpeg_decdata *decdata = malloc(sizeof(*decdata));
+ unsigned char *buf = malloc(len);
if (fread(buf, len, 1, f) != 1)
return 1;
fclose(f);
- int width;
- int height;
- jpeg_fetch_size(buf, &width, &height);
+ unsigned int width;
+ unsigned int height;
+ if (jpeg_fetch_size(buf, len, &width, &height) != 0) {
+ return 1;
+ }
+ if ((width > 6000) || (height > 6000)) {
+ // infeasible data set
+ return 1;
+ }
//printf("width: %d, height: %d\n", width, height);
- char *pic = malloc(depth / 8 * width * height);
- int ret = jpeg_decode(buf, pic, width, height, width * depth / 8, depth, decdata);
+ unsigned char *pic = malloc(depth / 8 * width * height);
+ int ret = jpeg_decode(buf, len, pic, width, height, width * depth / 8, depth);
//printf("ret: %x\n", ret);
return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-29 18:15:05 +0000