commit 70603804c1e5242691011399350d61fb976e19bb
author Yannis Guyon <yguyon@google.com> Tue Feb 07 14:06:06 2023
committer Yannis Guyon <yguyon@google.com> Tue Feb 07 14:29:38 2023
tree 91624895ee3d3b3eba60ccf0a6756273f82e5f1b
parent a502ae93fe2d84c1121a490074d7877cc7327269

Use jpeg_calc_output_dimensions()

To avoid fuzz timeouts.
Also reduce WP2::testutil::kMaxNumPixels.

Change-Id: If8d9b21f63798dcbc23ec2c8805634c81761396d
Reviewed-on: https://chromium-review.googlesource.com/c/codecs/libwebp2/+/4228005
Tested-by: WebM Builds <builds@webmproject.org>
Reviewed-by: Maryla Ustarroz-Calonge <maryla@google.com>

imageio/jpegdec.cc

diff --git a/imageio/jpegdec.cc b/imageio/jpegdec.cc
index 9aff254..4ff799f 100644
--- a/imageio/jpegdec.cc
+++ b/imageio/jpegdec.cc
@@ -419,7 +419,9 @@
   // setjmp() and longjmp() and needs to be freed afterwards.
   WP2Status ReadCanvas(volatile jpeg_decompress_struct* const dinfo,
                        uint8_t* volatile* const tmp_rgb) {
-    jpeg_start_decompress((j_decompress_ptr)dinfo);
+    // Use jpeg_calc_output_dimensions() to obtain the image dimensions before
+    // calling jpeg_start_decompress() which can be slow.
+    jpeg_calc_output_dimensions((j_decompress_ptr)dinfo);
 
     WP2_CHECK_OK(dinfo->output_components == kNumOutputComponents,
                  WP2_STATUS_UNSUPPORTED_FEATURE);
@@ -441,6 +443,8 @@
     JSAMPROW buffer[1];
     buffer[0] = (JSAMPLE*)*tmp_rgb;
 
+    jpeg_start_decompress((j_decompress_ptr)dinfo);
+
     while (dinfo->output_scanline < dinfo->output_height) {
       const uint32_t row = dinfo->output_scanline;
       WP2_CHECK_OK(jpeg_read_scanlines((j_decompress_ptr)dinfo, buffer, 1) == 1,

tests/fuzz/fuzz_utils.h

diff --git a/tests/fuzz/fuzz_utils.h b/tests/fuzz/fuzz_utils.h
index 54da2f5..3ad6c87 100644
--- a/tests/fuzz/fuzz_utils.h
+++ b/tests/fuzz/fuzz_utils.h
@@ -34,10 +34,12 @@
 namespace WP2 {
 namespace testutil {
 
-// Limit read image size to avoid out-of-memory issues.
+// Limit read image size to avoid out-of-memory and timeout issues.
 // Hint:  kMaxNumPixels * kMaxBytesPerPixel (4) * kMaxNumFullCanvasAlloc (3)
 //        should be below kMaxFuzzMemory (2 GB).
-constexpr size_t kMaxNumPixels = 1u << 26;
+// Hint:  Fuzzed inputs of a few megapixels tend to take longer than
+//        kEncodingMaxNumSeconds to decode when sanitizers are enabled.
+constexpr size_t kMaxNumPixels = 1u << 22;
 
 // Limit encoding duration to avoid timeout issues (< 90 seconds).
 constexpr double kEncodingMaxNumSeconds = 60.;