From a154a2863ad5fc22ef33640b3b77e9740761062c Mon Sep 17 00:00:00 2001 From: Dirk Lemstra Date: Sat, 14 Apr 2018 18:00:26 +0200 Subject: [PATCH] Prevent label that contains '%#' because this will calculate a signature and will probably cause a timeout in the fuzzer. --- Magick++/fuzz/encoder_label_fuzzer.cc | 11 ++++++++++- Magick++/fuzz/encoder_utils.cc | 6 +++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/Magick++/fuzz/encoder_label_fuzzer.cc b/Magick++/fuzz/encoder_label_fuzzer.cc index 13388336e..6a8b7605b 100644 --- a/Magick++/fuzz/encoder_label_fuzzer.cc +++ b/Magick++/fuzz/encoder_label_fuzzer.cc @@ -6,8 +6,17 @@ #include "utils.cc" #include "encoder_utils.cc" +static bool validateFileName(const std::string &fileName) +{ + // Signature: this will most likely cause a timeout. + if (fileName.find("%#") != -1) + return false; + + return true; +} + extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - return fuzzEncoderWithStringFilename("label", Data, Size); + return fuzzEncoderWithStringFilename("label", Data, Size, validateFileName); } #include "travis.cc" diff --git a/Magick++/fuzz/encoder_utils.cc b/Magick++/fuzz/encoder_utils.cc index e2eaf7141..a533c010c 100644 --- a/Magick++/fuzz/encoder_utils.cc +++ b/Magick++/fuzz/encoder_utils.cc @@ -1,4 +1,4 @@ -static int fuzzEncoderWithStringFilename(const std::string encoder, const uint8_t *Data, size_t Size) +static int fuzzEncoderWithStringFilename(const std::string encoder, const uint8_t *Data, size_t Size, bool (*validate)(const std::string &) = NULL) { // Allow a bit extra to make sure we do proper bounds checking in Magick++ if (Size > MagickPathExtent) @@ -6,6 +6,10 @@ static int fuzzEncoderWithStringFilename(const std::string encoder, const uint8_ std::string fileName(reinterpret_cast(Data), Size); + // Can be used to deny specific file names + if ((validate != NULL) && (validate(fileName) == false)) + return 0; + Magick::Image image; try { image.read(encoder + ":" + fileName); -- 2.40.0