AuroraMiddleware/libpng
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[libpng16] Relocate malloc of row_ptr after png_read_update_info() in fuzzer

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-10-11 16:28:14 -05:00
parent 357af1f095
commit 12384eae6f
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/oss-fuzz/libpng_read_fuzzer.cc
View File

@ -136,9 +136,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
// Reading.
png_read_info(png_handler.png_ptr, png_handler.info_ptr);
png_handler.row_ptr = png_malloc(
png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr,
png_handler.info_ptr));
// reset error handler to put png_deleter into scope.
if (setjmp(png_jmpbuf(png_handler.png_ptr))) {
@ -174,6 +171,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
png_read_update_info(png_handler.png_ptr, png_handler.png_info_ptr);
png_handler.row_ptr = png_malloc(
png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr,
png_handler.info_ptr));
for (int pass = 0; pass < passes; ++pass) {
for (png_uint_32 y = 0; y < height; ++y) {
png_read_row(png_handler.png_ptr,