Limit the input size to pdf_scanlinecompositor_fuzzer.
Excessively large inputs are going to time out on ClusterFuzz. Set a
limit to how big images can be.
Bug: chromium:1113870
Change-Id: Idc1b18f5a5da92c48f39a03c469cc561a74e500a
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/72553
Reviewed-by: Hui Yingst <nigi@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
diff --git a/testing/fuzzers/BUILD.gn b/testing/fuzzers/BUILD.gn
index 03e0610..b97c08f 100644
--- a/testing/fuzzers/BUILD.gn
+++ b/testing/fuzzers/BUILD.gn
@@ -485,6 +485,7 @@
sources = [ "pdf_scanlinecompositor_fuzzer.cc" ]
deps = [
":fuzzer_utils",
+ "../../core/fxcrt",
"../../core/fxge",
"../../third_party:pdfium_base",
]
diff --git a/testing/fuzzers/pdf_scanlinecompositor_fuzzer.cc b/testing/fuzzers/pdf_scanlinecompositor_fuzzer.cc
index 9bd59b2..deb6bfc 100644
--- a/testing/fuzzers/pdf_scanlinecompositor_fuzzer.cc
+++ b/testing/fuzzers/pdf_scanlinecompositor_fuzzer.cc
@@ -4,6 +4,7 @@
#include <memory>
+#include "core/fxcrt/fx_safe_types.h"
#include "core/fxge/cfx_cliprgn.h"
#include "core/fxge/dib/cfx_dibitmap.h"
#include "core/fxge/fx_dib.h"
@@ -42,6 +43,14 @@
size -= kParameterSize;
data += kParameterSize;
+ static constexpr uint32_t kMemLimit = 512000000; // 512 MB
+ static constexpr uint32_t kComponents = 4;
+ FX_SAFE_UINT32 mem = width;
+ mem *= height;
+ mem *= kComponents;
+ if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit)
+ return 0;
+
auto src_bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
auto dest_bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
if (!src_bitmap->Create(width, height, src_format) ||
