2 * The copyright in this software is being made available under the 2-clauses
3 * BSD License, included below. This software may be subject to other third
4 * party and contributor rights, including patent rights, and no such rights
5 * are granted under this license.
7 * Copyright (c) 2017, IntoPix SA <contact@intopix.com>
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS `AS IS'
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
39 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv);
40 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len);
43 const uint8_t* pabyData;
49 static void ErrorCallback(const char * msg, void *)
52 //fprintf(stderr, "%s\n", msg);
56 static void WarningCallback(const char *, void *)
60 static void InfoCallback(const char *, void *)
64 static OPJ_SIZE_T ReadCallback(void* pBuffer, OPJ_SIZE_T nBytes,
67 MemFile* memFile = (MemFile*)pUserData;
68 //printf("want to read %d bytes at %d\n", (int)memFile->nCurPos, (int)nBytes);
69 if (memFile->nCurPos >= memFile->nLength) {
72 if (memFile->nCurPos + nBytes >= memFile->nLength) {
73 size_t nToRead = memFile->nLength - memFile->nCurPos;
74 memcpy(pBuffer, memFile->pabyData + memFile->nCurPos, nToRead);
75 memFile->nCurPos = memFile->nLength;
81 memcpy(pBuffer, memFile->pabyData + memFile->nCurPos, nBytes);
82 memFile->nCurPos += nBytes;
86 static OPJ_BOOL SeekCallback(OPJ_OFF_T nBytes, void * pUserData)
88 MemFile* memFile = (MemFile*)pUserData;
89 //printf("seek to %d\n", (int)nBytes);
90 memFile->nCurPos = nBytes;
94 static OPJ_OFF_T SkipCallback(OPJ_OFF_T nBytes, void * pUserData)
96 MemFile* memFile = (MemFile*)pUserData;
97 memFile->nCurPos += nBytes;
102 int LLVMFuzzerInitialize(int* /*argc*/, char*** argv)
107 static const unsigned char jpc_header[] = {0xff, 0x4f};
108 static const unsigned char jp2_box_jp[] = {0x6a, 0x50, 0x20, 0x20}; /* 'jP ' */
110 int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
113 OPJ_CODEC_FORMAT eCodecFormat;
114 if (len >= sizeof(jpc_header) &&
115 memcmp(buf, jpc_header, sizeof(jpc_header)) == 0) {
116 eCodecFormat = OPJ_CODEC_J2K;
117 } else if (len >= 4 + sizeof(jp2_box_jp) &&
118 memcmp(buf + 4, jp2_box_jp, sizeof(jp2_box_jp)) == 0) {
119 eCodecFormat = OPJ_CODEC_JP2;
124 opj_codec_t* pCodec = opj_create_decompress(eCodecFormat);
125 opj_set_info_handler(pCodec, InfoCallback, NULL);
126 opj_set_warning_handler(pCodec, WarningCallback, NULL);
127 opj_set_error_handler(pCodec, ErrorCallback, NULL);
129 opj_dparameters_t parameters;
130 opj_set_default_decoder_parameters(¶meters);
132 opj_setup_decoder(pCodec, ¶meters);
134 opj_stream_t *pStream = opj_stream_create(1024, OPJ_TRUE);
136 memFile.pabyData = buf;
137 memFile.nLength = len;
139 opj_stream_set_user_data_length(pStream, len);
140 opj_stream_set_read_function(pStream, ReadCallback);
141 opj_stream_set_seek_function(pStream, SeekCallback);
142 opj_stream_set_skip_function(pStream, SkipCallback);
143 opj_stream_set_user_data(pStream, &memFile, NULL);
145 opj_image_t * psImage = NULL;
146 if (!opj_read_header(pStream, pCodec, &psImage)) {
147 opj_destroy_codec(pCodec);
148 opj_stream_destroy(pStream);
149 opj_image_destroy(psImage);
153 OPJ_UINT32 width = psImage->x1 - psImage->x0;
154 OPJ_UINT32 height = psImage->y1 - psImage->y0;
156 // Reject too big images since that will require allocating a lot of
158 if (width != 0 && psImage->numcomps != 0 &&
159 (width > INT_MAX / psImage->numcomps ||
160 height > INT_MAX / (width * psImage->numcomps * sizeof(OPJ_UINT32)))) {
161 opj_stream_destroy(pStream);
162 opj_destroy_codec(pCodec);
163 opj_image_destroy(psImage);
168 // Also reject too big tiles.
169 // TODO: remove this limitation when subtile decoding no longer imply
170 // allocation memory for whole tile
171 opj_codestream_info_v2_t* pCodeStreamInfo = opj_get_cstr_info(pCodec);
172 OPJ_UINT32 nTileW, nTileH;
173 nTileW = pCodeStreamInfo->tdx;
174 nTileH = pCodeStreamInfo->tdy;
175 opj_destroy_cstr_info(&pCodeStreamInfo);
176 if (nTileW > 2048 || nTileH > 2048) {
177 opj_stream_destroy(pStream);
178 opj_destroy_codec(pCodec);
179 opj_image_destroy(psImage);
184 OPJ_UINT32 width_to_read = width;
185 if (width_to_read > 1024) {
186 width_to_read = 1024;
188 OPJ_UINT32 height_to_read = height;
189 if (height_to_read > 1024) {
190 height_to_read = 1024;
193 if (opj_set_decode_area(pCodec, psImage,
194 psImage->x0, psImage->y0,
195 psImage->x0 + width_to_read,
196 psImage->y0 + height_to_read)) {
197 if (opj_decode(pCodec, pStream, psImage)) {
198 //printf("success\n");
202 opj_end_decompress(pCodec, pStream);
203 opj_stream_destroy(pStream);
204 opj_destroy_codec(pCodec);
205 opj_image_destroy(psImage);