Fuzz+LibGfx: When fuzzing GIFLoader, try to load all frames

Author: https://github.com/BenWiederhake Commit: https://github.com/SerenityOS/serenity/commit/774107f37c6 Pull-request: https://github.com/SerenityOS/serenity/pull/7584
2024-09-30 00:31:14 +00:00 · 2021-05-30 12:37:52 +02:00 · 2021-05-30 12:37:52 +02:00 · 774107f37c · 2024-07-18 17:10:11 +09:00
parent 2d011961c9
commit 774107f37c
1 changed files with 21 additions and 1 deletions
--- a/Meta/Lagom/Fuzzers/FuzzGIFLoader.cpp
+++ b/Meta/Lagom/Fuzzers/FuzzGIFLoader.cpp
@ -4,12 +4,32 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */

+#include <AK/Debug.h>
+#include <AK/Format.h>
+#include <AK/String.h>
 #include <LibGfx/GIFLoader.h>
 #include <stddef.h>
 #include <stdint.h>

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-    Gfx::load_gif_from_memory(data, size);
+    Gfx::GIFImageDecoderPlugin gif_decoder(data, size);
+    auto bitmap = gif_decoder.bitmap();
+    if (bitmap) {
+        // Looks like a valid GIF. Try to load the other frames:
+        dbgln_if(GIF_DEBUG, "bitmap size: {}", bitmap->size());
+        dbgln_if(GIF_DEBUG, "codec size: {}", gif_decoder.size());
+        dbgln_if(GIF_DEBUG, "is_sniff: {}", gif_decoder.sniff());
+        dbgln_if(GIF_DEBUG, "is_animated: {}", gif_decoder.is_animated());
+        dbgln_if(GIF_DEBUG, "loop_count: {}", gif_decoder.loop_count());
+        dbgln_if(GIF_DEBUG, "frame_count: {}", gif_decoder.frame_count());
+        for (size_t i = 0; i < gif_decoder.frame_count(); ++i) {
+            auto ifd = gif_decoder.frame(i);
+            dbgln_if(GIF_DEBUG, "frame #{} size: {}", i, ifd.image->size());
+            dbgln_if(GIF_DEBUG, "frame #{} duration: {}", i, ifd.duration);
+        }
+        dbgln_if(GIF_DEBUG, "Done.");
+    }
+
    return 0;
 }