Initial work on a libjpeg-turbo fuzzer.

targets/README.md

@@ -14,6 +14,7 @@ Targets integrated with oss-fuzz.
 | [libarchive](https://github.com/libarchive/libarchive) | [/targets/libarchive](libarchive) |
 | [libass](https://github.com/libass/libass) | [/targets/libass](libass) |
 | [libchewing](http://chewing.im/) | [/targets/libchewing](libchewing) |
+| [libjpeg-turbo](https://github.com/libjpeg-turbo/libjpeg-turbo) | [/targets/libjpeg-turbo](libjpeg-turbo) |
 | [lcms](https://github.com/mm2/Little-CMS) | [/targets/lcms](lcms) |
 | [libpng](http://www.libpng.org/pub/png/libpng.html) | [/targets/libpng](libpng) |
 | [libteken](http://80386.nl/projects/libteken/) | [/targets/libteken](libteken) |

targets/libjpeg-turbo/Dockerfile

@@ -0,0 +1,27 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM ossfuzz/base-libfuzzer
+MAINTAINER alex.gaynor@gmail.com
+RUN apt-get install -y make autoconf automake libtool nasm curl
+RUN git clone https://github.com/libjpeg-turbo/libjpeg-turbo
+
+RUN mkdir afl-testcases
+RUN curl -o afl-testcases/afl_testcases.tgz http://lcamtuf.coredump.cx/afl/demo/afl_testcases.tgz
+RUN cd afl-testcases/ && tar -xf afl_testcases.tgz
+RUN zip libjpeg_turbo_fuzzer_seed_corpus.zip afl-testcases/jpeg/full/images/*
+
+COPY build.sh libjpeg_turbo_fuzzer.cc /src/

targets/libjpeg-turbo/Jenkinsfile

@@ -0,0 +1,22 @@
+// Copyright 2016 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+def libfuzzerBuild = fileLoader.fromGit('infra/libfuzzer-pipeline.groovy',
+                                        'https://github.com/google/oss-fuzz.git')
+
+libfuzzerBuild {
+  git = "https://github.com/libjpeg-turbo/libjpeg-turbo"
+}

targets/libjpeg-turbo/build.sh

@@ -0,0 +1,28 @@
+#!/bin/bash -eu
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+cd /src/libjpeg-turbo
+
+autoreconf -fiv
+./configure
+make "-j$(nproc)"
+
+$CXX $CXXFLAGS -std=c++11 -I. \
+    /src/libjpeg_turbo_fuzzer.cc -o /out/libjpeg_turbo_fuzzer \
+    -lfuzzer ./.libs/libturbojpeg.a $FUZZER_LDFLAGS
+
+cp /src/libjpeg_turbo_fuzzer_seed_corpus.zip /out/

targets/libjpeg-turbo/libjpeg_turbo_fuzzer.cc

@@ -0,0 +1,48 @@
+/*
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <memory>
+
+#include <turbojpeg.h>
+
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    tjhandle jpegDecompressor = tjInitDecompress();
+
+    int width, height, subsamp, colorspace;
+    int res = tjDecompressHeader3(
+        jpegDecompressor, data, size, &width, &height, &subsamp, &colorspace);
+
+    // Bail out if decompressing the headers failed, the width or height is 0,
+    // or the image is too large (avoids slowing down too much)
+    if (res != 0 || width == 0 || height == 0 || (width * height > (1024 * 1024))) {
+        tjDestroy(jpegDecompressor);
+        return 0;
+    }
+
+    std::unique_ptr<unsigned char[]> buf(new unsigned char[width * height * 3]);
+    tjDecompress2(
+        jpegDecompressor, data, size, buf.get(), width, 0, height, TJPF_RGB, 0);
+
+    tjDestroy(jpegDecompressor);
+
+    return 0;
+}