diff options
author | Robert Loehning <robert.loehning@qt.io> | 2020-06-08 14:42:55 +0200 |
---|---|---|
committer | Robert Loehning <robert.loehning@qt.io> | 2020-06-15 09:31:56 +0000 |
commit | 927a82f5e0d0e8a174cbb027c58412e13f7067c5 (patch) | |
tree | 310b840b5a1b0251c47d74c2cdc630f9f4b07a41 /tests/libfuzzer | |
parent | 9ba88a2689dacf3226f3a1f87c043d88a45dc97a (diff) |
Fuzzing: Don't try to load huge valid images
They are justified in using huge memory.
Pick-to: 5.15
Change-Id: Id16d2ea67cfac0e031d05258173391e222b41097
Reviewed-by: Albert Astals Cid <albert.astals.cid@kdab.com>
Reviewed-by: Eirik Aavitsland <eirik.aavitsland@qt.io>
Diffstat (limited to 'tests/libfuzzer')
-rw-r--r-- | tests/libfuzzer/gui/image/qimage/loadfromdata/main.cpp | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/tests/libfuzzer/gui/image/qimage/loadfromdata/main.cpp b/tests/libfuzzer/gui/image/qimage/loadfromdata/main.cpp index 46d48ebf8c..54d1ed0ee6 100644 --- a/tests/libfuzzer/gui/image/qimage/loadfromdata/main.cpp +++ b/tests/libfuzzer/gui/image/qimage/loadfromdata/main.cpp @@ -26,8 +26,11 @@ ** ****************************************************************************/ +#include <QBuffer> #include <QGuiApplication> #include <QImage> +#include <QImageReader> +#include <QSize> #include <QtGlobal> // silence warnings @@ -41,6 +44,12 @@ extern "C" int LLVMFuzzerTestOneInput(const char *Data, size_t Size) { static char arg3[] = "minimal"; static char *argv[] = {arg1, arg2, arg3, nullptr}; static QGuiApplication qga(argc, argv); - QImage().loadFromData(QByteArray::fromRawData(Data, Size)); + QByteArray input(QByteArray::fromRawData(Data, Size)); + QBuffer buf(&input); + const QSize size = QImageReader(&buf).size(); + // Don't try to load huge valid images. + // They are justified in using huge memory. + if (!size.isValid() || uint64_t(size.width()) * size.height() < 64 * 1024 * 1024) + QImage().loadFromData(input); return 0; } |