Commit 6e400fa3 for libheif
commit 6e400fa3ffbc6d56fd5ae1090999178199e4a33b
Author: Dirk Farin <dirk.farin@gmail.com>
Date: Sat Apr 11 23:15:49 2026 +0200
fuzzing: let encoder_fuzzer test all formats and encoders (#1751)
diff --git a/fuzzing/CMakeLists.txt b/fuzzing/CMakeLists.txt
index 02fb5138..9b27f916 100644
--- a/fuzzing/CMakeLists.txt
+++ b/fuzzing/CMakeLists.txt
@@ -9,6 +9,8 @@ target_link_libraries(color_conversion_fuzzer PRIVATE heif)
add_executable(encoder_fuzzer encoder_fuzzer.cc)
target_link_libraries(encoder_fuzzer PRIVATE heif)
+configure_file(encoder_fuzzer.options ${CMAKE_CURRENT_BINARY_DIR}/encoder_fuzzer.options COPYONLY)
+configure_file(encoder_fuzzer_lsan_suppressions.txt ${CMAKE_CURRENT_BINARY_DIR}/encoder_fuzzer_lsan_suppressions.txt COPYONLY)
add_executable(file_fuzzer file_fuzzer.cc)
target_link_libraries(file_fuzzer PRIVATE heif)
diff --git a/fuzzing/encoder_fuzzer.cc b/fuzzing/encoder_fuzzer.cc
index fc9fa46b..f7d003e0 100644
--- a/fuzzing/encoder_fuzzer.cc
+++ b/fuzzing/encoder_fuzzer.cc
@@ -144,14 +144,21 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
}
int quality = (data[0] & 0x7F) % 101;
- bool lossless = (data[1] & 0x80);
- bool use_avif = (data[1] & 0x40);
+ bool lossless = (data[0] & 0x80);
+ uint8_t format_uint8 = ((data[1] & 0xf0) >> 4);
+ uint8_t encoder_idx = data[1] & 0x0f;
+
+ if (format_uint8==0 || format_uint8 > 10) {
+ return 0;
+ }
+ heif_compression_format format = (heif_compression_format)format_uint8;
+
data += 2;
size -= 2;
static const size_t kMaxEncoders = 5;
const heif_encoder_descriptor* encoder_descriptors[kMaxEncoders];
- int count = heif_get_encoder_descriptors(use_avif ? heif_compression_AV1 : heif_compression_HEVC,
+ int count = heif_get_encoder_descriptors(format,
nullptr,
encoder_descriptors, kMaxEncoders);
assert(count >= 0);
@@ -159,8 +166,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
return 0;
}
+ if (encoder_idx >= count) {
+ return 0;
+ }
+
heif_encoder* encoder;
- err = heif_context_get_encoder(context.get(), encoder_descriptors[0], &encoder);
+ err = heif_context_get_encoder(context.get(), encoder_descriptors[encoder_idx], &encoder);
if (err.code != heif_error_Ok) {
return 0;
}
diff --git a/fuzzing/encoder_fuzzer.options b/fuzzing/encoder_fuzzer.options
new file mode 100644
index 00000000..8b8f1ff6
--- /dev/null
+++ b/fuzzing/encoder_fuzzer.options
@@ -0,0 +1,4 @@
+[libfuzzer]
+
+[lsan]
+suppressions=encoder_fuzzer_lsan_suppressions.txt
diff --git a/fuzzing/encoder_fuzzer_lsan_suppressions.txt b/fuzzing/encoder_fuzzer_lsan_suppressions.txt
new file mode 100644
index 00000000..486cab4a
--- /dev/null
+++ b/fuzzing/encoder_fuzzer_lsan_suppressions.txt
@@ -0,0 +1 @@
+leak:x265_encoder_open