Merge pull request #869 from HeroicKatora/master

Fuzzing reports, take 2

Newly established fuzzing corpus for pnm and addition of `afl` fuzzer

fuzz-afl/.gitignore

@@ -0,0 +1,4 @@
+target
+out
+cmin
+tmin

fuzz-afl/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "image-fuzz-afl"
+version = "0.0.1"
+authors = ["HeroicKatora"]
+publish = false
+
+[dependencies.image]
+path = ".."
+
+[dependencies.afl]
+version = "0.4.3"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzzer_script_pnm"
+path = "fuzzers/fuzzer_script_pnm.rs"

fuzz-afl/README.md

@@ -0,0 +1,11 @@
+# Fuzzing harnesses
+
+This is intended for integration fuzzing and those decoders that do not yet
+live in their own crate. `image-png` for example has their own fuzzing targets.
+
+## Using the fuzzer
+
+> $ cargo install afl
+> $ RUSTFLAGS="-Clink-arg=-fuse-ld=gold" cargo +nightly afl build --release --bin fuzzer_script_<format>
+> $ cargo afl fuzz -i ./in/<format> -o ./out/<format> ./target/release/fuzzer_script_<format>
+

fuzz-afl/fuzzers/fuzzer_script_pnm.rs

@@ -0,0 +1,22 @@
+extern crate afl;
+extern crate image;
+
+use image::ImageDecoder;
+
+#[inline(always)]
+fn pnm_decode(data: &[u8]) -> image::ImageResult<Vec<u8>> {
+    let decoder = image::pnm::PNMDecoder::new(data)?;
+    let (width, height) = decoder.dimensions();
+
+    if width.saturating_mul(height) > 4_000_000 {
+        return Err(image::ImageError::DimensionError);
+    }
+
+    decoder.read_image()
+}
+
+fn main() {
+    afl::fuzz(|data| {
+        let _ = pnm_decode(data);
+    });
+}

fuzz-afl/in/pnm/all_pnm.pnm

@@ -0,0 +1,13 @@
+P7
+HEIGHT 1
+WIDTH 1
+DEPTH 3
+MAXVAL 255
+TUPLTYPE GRAYSCALE
+TUPLTYPE GRAYSCALE_ALPHA
+TUPLTYPE RGB
+TUPLTYPE RGB_ALPHA
+TUPLTYPE BLACKANDWHITE
+TUPLTYPE BLACKANDWHITE_ALPHA
+GARBAGE
+ENDHDR

fuzz-afl/in/pnm/id:000004,sig:06,src:000187,op:havoc,rep:4

@@ -0,0 +1,3 @@
+P7
+#P7
+#0 *0 10

fuzz-afl/in/pnm/id:000011,src:000000,op:flip1,pos:3,+cov

@@ -0,0 +1,3 @@
+P4
+00 00
+00000000

fuzz-afl/in/pnm/id:000012,src:000000,op:flip1,pos:4

@@ -0,0 +1,2 @@
+P4
+0�000000000000

fuzz-afl/in/pnm/id:000013,src:000000,op:flip1,pos:4

@@ -0,0 +1,3 @@
+P4
+1  10
+0000000000

fuzz-afl/in/pnm/id:000016,src:000000,op:flip1,pos:7

@@ -0,0 +1,2 @@
+P4
+10 1 000000000

fuzz-afl/in/pnm/id:000022,src:000000,op:flip2,pos:5,+cov

@@ -0,0 +1,3 @@
+P4
+00#00
+�0000000

fuzz-afl/in/pnm/id:000024,src:000000,op:flip4,pos:1,+cov

@@ -0,0 +1 @@
+P7000000000000000

fuzz-afl/in/pnm/id:000025,src:000000,op:flip4,pos:2,+cov

@@ -0,0 +1 @@
+P4�0000000000000

fuzz-afl/in/pnm/id:000026,src:000000,op:arith8,pos:1,val:-3,+cov

@@ -0,0 +1,3 @@
+P1
+10 10
+�0000000

fuzz-afl/in/pnm/id:000028,src:000000,op:arith8,pos:6,val:-14

@@ -0,0 +1,3 @@
+P4
+00 #0
+�0000000

fuzz-afl/in/pnm/id:000029,src:000000,op:arith8,pos:7,val:-13

@@ -0,0 +1,3 @@
+P4
+00 0#
+�0000000

fuzz-afl/in/pnm/id:000035,src:000000,op:havoc,rep:16

@@ -0,0 +1 @@
+P40000000�00000000000000000000000

fuzz-afl/in/pnm/id:000037,src:000000,op:havoc,rep:64,+cov

@@ -0,0 +1 @@
+0

fuzz-afl/in/pnm/id:000038,src:000000,op:havoc,rep:2

@@ -0,0 +1 @@
+P4�00

fuzz-afl/in/pnm/id:000041,src:000000,op:havoc,rep:16

@@ -0,0 +1 @@
+P0

fuzz-afl/in/pnm/id:000044,src:000000,op:havoc,rep:16

@@ -0,0 +1 @@
+0000

fuzz-afl/in/pnm/id:000045,src:000000,op:havoc,rep:2,+cov

@@ -0,0 +1 @@
+P4

fuzz-afl/in/pnm/id:000048,src:000000,op:havoc,rep:8

@@ -0,0 +1,3 @@
+P40
+000040000000000
+0000000000000

fuzz-afl/in/pnm/id:000051,src:000000,op:havoc,rep:4

@@ -0,0 +1 @@
+P4										0000

fuzz-afl/in/pnm/id:000053,src:000000,op:havoc,rep:2

@@ -0,0 +1,2 @@
+P4
+00 010000000000000000000000000000000

fuzz-afl/in/pnm/id:000054,src:000000,op:havoc,rep:16

@@ -0,0 +1 @@
+P4(00000000000000000000000000

fuzz-afl/in/pnm/id:000057,src:000000,op:havoc,rep:2

@@ -0,0 +1,3 @@
+P4
+10 4
+000000000000000000000000

fuzz-afl/in/pnm/id:000059,src:000000,op:havoc,rep:32

@@ -0,0 +1,12 @@
+P4
+
+
+
+
+
+
+
+
+
+
+000�0000000000000000

fuzz-afl/in/pnm/id:000061,src:000000,op:havoc,rep:2

@@ -0,0 +1,17 @@
+P4
+00
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

fuzz-afl/in/pnm/id:000063,src:000000,op:havoc,rep:8

@@ -0,0 +1,4 @@
+P4
+1
+1
+0000000000

fuzz-afl/in/pnm/id:000065,src:000000,op:havoc,rep:8,+cov

@@ -0,0 +1,2 @@
+P4
+10 01000000 000000000000000000

fuzz-afl/in/pnm/id:000071,src:000000,op:havoc,rep:2

@@ -0,0 +1,3 @@
+P4
+10 20
+0000000000000000000000000000000000000000

fuzz-afl/in/pnm/id:000072,src:000000,op:havoc,rep:2

@@ -0,0 +1,2 @@
+P4
+0                

fuzz-afl/in/pnm/id:000075,src:000000,op:havoc,rep:16

@@ -0,0 +1,2 @@
+P4
+00�00000000000000

fuzz-afl/in/pnm/id:000078,src:000003,op:havoc,rep:2,+cov

@@ -0,0 +1,4 @@
+P6
+1
+10 00
+000000

fuzz-afl/in/pnm/id:000081,src:000007,op:havoc,rep:8

@@ -0,0 +1 @@
+P41 400000000000000000000000000

fuzz-afl/in/pnm/id:000090,src:000017,op:havoc,rep:2

@@ -0,0 +1 @@
+P2#

fuzz-afl/in/pnm/id:000093,src:000017,op:havoc,rep:2

@@ -0,0 +1,4 @@
+P2
+10 2
+00 0�
+000

fuzz-afl/in/pnm/id:000105,src:000017,op:havoc,rep:16,+cov

@@ -0,0 +1,3 @@
+P7
+000
+00000000000000000000000000

fuzz-afl/in/pnm/id:000106,src:000017,op:havoc,rep:2

@@ -0,0 +1,3 @@
+P2
+000
+00 00 000

fuzz-afl/in/pnm/id:000109,src:000017,op:havoc,rep:8,+cov

@@ -0,0 +1,2 @@
+P7
+000000

fuzz-afl/in/pnm/id:000111,src:000017,op:havoc,rep:32

@@ -0,0 +1,2 @@
+P3
+000000000000000000000000000

fuzz-afl/in/pnm/id:000113,src:000017,op:havoc,rep:4

@@ -0,0 +1,33 @@
+P2
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+000 00
+ �

fuzz-afl/in/pnm/id:000118,src:000020,op:flip2,pos:8

@@ -0,0 +1 @@
+P410 1000000000000000000000

fuzz-afl/in/pnm/id:000119,src:000026,op:flip1,pos:7

@@ -0,0 +1,3 @@
+P1
+10 1 
+�0000000

fuzz-afl/in/pnm/id:000120,src:000026,op:arith8,pos:8,val:+25,+cov

@@ -0,0 +1,2 @@
+P1
+10 10#00000000

fuzz-afl/in/pnm/id:000121,src:000052,op:havoc,rep:4,+cov

@@ -0,0 +1,2 @@
+P7
+00000

fuzz-afl/in/pnm/id:000124,src:000052,op:havoc,rep:4,+cov

@@ -0,0 +1 @@
+P7

fuzz-afl/in/pnm/id:000127,src:000063,op:flip1,pos:5

@@ -0,0 +1,4 @@
+P4
+1
+3
+0000000000

fuzz-afl/in/pnm/id:000130,src:000065,op:flip4,pos:11,+cov

@@ -0,0 +1,2 @@
+P4
+10 10000000000000000000000000

fuzz-afl/in/pnm/id:000135,src:000070,op:flip2,pos:10,+cov

@@ -0,0 +1,2 @@
+P110
+10 10�00000

fuzz-afl/in/pnm/id:000137,src:000070,op:flip4,pos:8,+cov

@@ -0,0 +1,3 @@
+P110
+10 0
+�00000

fuzz-afl/in/pnm/id:000145,src:000070,op:havoc,rep:2

@@ -0,0 +1,19 @@
+P110
+10 10
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+�00000

fuzz-afl/in/pnm/id:000146,src:000070,op:havoc,rep:2

@@ -0,0 +1,4 @@
+P110
+10
+10 1010 10
+�

fuzz-afl/in/pnm/id:000147,src:000070,op:havoc,rep:2

@@ -0,0 +1,6 @@
+P110
+10
+
+
+
+00000

fuzz-afl/in/pnm/id:000148,src:000070,op:havoc,rep:2

@@ -0,0 +1,2 @@
+P110
+10 1000000000000@00000000000

fuzz-afl/in/pnm/id:000153,src:000070,op:havoc,rep:16

@@ -0,0 +1 @@
+P10300000000000000000000#0

fuzz-afl/in/pnm/id:000156,src:000070,op:havoc,rep:4

@@ -0,0 +1,2 @@
+P110
+10 �0000000000000

fuzz-afl/in/pnm/id:000157,src:000070,op:havoc,rep:32

@@ -0,0 +1 @@
+P10#00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

fuzz-afl/in/pnm/id:000158,src:000078,op:flip1,pos:3,+cov

@@ -0,0 +1,4 @@
+P6
+0
+00 00
+000000

fuzz-afl/in/pnm/id:000159,src:000078,op:flip1,pos:6,+cov

@@ -0,0 +1,4 @@
+P6
+1
+1  00
+000000

fuzz-afl/in/pnm/id:000161,src:000078,op:havoc,rep:2

@@ -0,0 +1,3 @@
+P66
+1
+00 000000000000000000000000

fuzz-afl/in/pnm/id:000162,src:000079,op:arith8,pos:5,val:-21

@@ -0,0 +1 @@
+P4101000000000000000000000

fuzz-afl/in/pnm/id:000163,src:000079,op:havoc,rep:2

@@ -0,0 +1 @@
+P400 &0000000

fuzz-afl/in/pnm/id:000164,src:000084,op:flip2,pos:11,+cov

@@ -0,0 +1,4 @@
+P2
+1
+10 00
+�00000