From 62478433b0b7dbcd9a312b49042f4f17e69b527f Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Mon, 8 Jan 2018 16:48:02 -0500
Subject: [PATCH] add fuzzers from oss-fuzz

---
 fuzz/crop_fuzzer.cc           | 24 ++++++++++++++++++++++++
 fuzz/encoder_fuzzer.cc        | 24 ++++++++++++++++++++++++
 fuzz/encoder_list.cc          | 17 +++++++++++++++++
 fuzz/enhance_fuzzer.cc        | 16 ++++++++++++++++
 fuzz/huffman_decode_fuzzer.cc | 17 +++++++++++++++++
 fuzz/rotate_fuzzer.cc         | 23 +++++++++++++++++++++++
 6 files changed, 121 insertions(+)
 create mode 100644 fuzz/crop_fuzzer.cc
 create mode 100644 fuzz/encoder_fuzzer.cc
 create mode 100644 fuzz/encoder_list.cc
 create mode 100644 fuzz/enhance_fuzzer.cc
 create mode 100644 fuzz/huffman_decode_fuzzer.cc
 create mode 100644 fuzz/rotate_fuzzer.cc

diff --git a/fuzz/crop_fuzzer.cc b/fuzz/crop_fuzzer.cc
new file mode 100644
index 000000000..afcebba11
--- /dev/null
+++ b/fuzz/crop_fuzzer.cc
@@ -0,0 +1,24 @@
+#include <cstdint>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  uint16_t Width;
+  uint16_t Height;
+  if (Size < (sizeof(Width) + sizeof(Height))) {
+    return 0;
+  }
+  Width = *reinterpret_cast<const uint16_t *>(Data);
+  Height = *reinterpret_cast<const uint16_t *>(Data + sizeof(Width));
+  const Magick::Blob blob(Data + sizeof(Width) + sizeof(Height),
+                          Size - (sizeof(Width) + sizeof(Height)));
+  Magick::Image image;
+  try {
+    image.read(blob);
+  } catch (Magick::Exception &e) {
+    return 0;
+  }
+  image.crop(Magick::Geometry(Width, Height));
+  return 0;
+}
diff --git a/fuzz/encoder_fuzzer.cc b/fuzz/encoder_fuzzer.cc
new file mode 100644
index 000000000..1bd601ead
--- /dev/null
+++ b/fuzz/encoder_fuzzer.cc
@@ -0,0 +1,24 @@
+#include <cstdint>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+#define FUZZ_ENCODER_STRING_LITERAL(name) #name
+#define FUZZ_ENCODER FUZZ_ENCODER_STRING_LITERAL(FUZZ_IMAGEMAGICK_ENCODER)
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  const Magick::Blob blob(Data, Size);
+  Magick::Image image;
+  try {
+    image.read(blob);
+  } catch (Magick::Exception &e) {
+    return 0;
+  }
+
+  Magick::Blob outBlob;
+  try {
+    image.write(&outBlob, FUZZ_ENCODER);
+  } catch (Magick::Exception &e) {
+  }
+  return 0;
+}
diff --git a/fuzz/encoder_list.cc b/fuzz/encoder_list.cc
new file mode 100644
index 000000000..bf1a35ff8
--- /dev/null
+++ b/fuzz/encoder_list.cc
@@ -0,0 +1,17 @@
+#include <iostream>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+extern "C" int main() {
+  size_t nFormats;
+  Magick::ExceptionInfo ex;
+  const Magick::MagickInfo **formats = GetMagickInfoList("*", &nFormats, &ex);
+
+  for (size_t i = 0; i < nFormats; i++) {
+    const Magick::MagickInfo *format = formats[i];
+    if (format->encoder && format->name) {
+      std::cout << format->name << std::endl;
+    }
+  }
+}
diff --git a/fuzz/enhance_fuzzer.cc b/fuzz/enhance_fuzzer.cc
new file mode 100644
index 000000000..f50887903
--- /dev/null
+++ b/fuzz/enhance_fuzzer.cc
@@ -0,0 +1,16 @@
+#include <cstdint>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  const Magick::Blob blob(Data, Size);
+  Magick::Image image;
+  try {
+    image.read(blob);
+    image.enhance();
+  } catch (Magick::Exception &e) {
+    return 0;
+  }
+  return 0;
+}
diff --git a/fuzz/huffman_decode_fuzzer.cc b/fuzz/huffman_decode_fuzzer.cc
new file mode 100644
index 000000000..2ad257538
--- /dev/null
+++ b/fuzz/huffman_decode_fuzzer.cc
@@ -0,0 +1,17 @@
+#include <cstdint>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  const Magick::Blob blob(Data, Size);
+  Magick::Image image;
+  try {
+    image.read(blob);
+  } catch (Magick::Exception &e) {
+    return 0;
+  }
+  Magick::ExceptionInfo ex;
+  auto res = HuffmanDecodeImage(image.image(), &ex);
+  return 0;
+}
diff --git a/fuzz/rotate_fuzzer.cc b/fuzz/rotate_fuzzer.cc
new file mode 100644
index 000000000..774bf13f1
--- /dev/null
+++ b/fuzz/rotate_fuzzer.cc
@@ -0,0 +1,23 @@
+#include <cstdint>
+
+#include <Magick++/Blob.h>
+#include <Magick++/Image.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size < sizeof(double)) {
+    return 0;
+  }
+  double Degrees = *reinterpret_cast<const double *>(Data);
+  if (!isfinite(Degrees)) {
+    return 0;
+  }
+  const Magick::Blob blob(Data + sizeof(Degrees), Size - sizeof(Degrees));
+  Magick::Image image;
+  try {
+    image.read(blob);
+  } catch (Magick::Exception &e) {
+    return 0;
+  }
+  image.rotate(Degrees);
+  return 0;
+}
-- 
2.40.0