Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 23174fc1 authored by Keith Mok's avatar Keith Mok
Browse files

Fix fuzzer error for FormatConvertFuzzer 

FormatConvert have some restructions
on the width and height.

The logic to ensure width is even,
and height is divisible by 16 is wrong.
Fix it.

Bug: 230733449
Test: FormatConvertFuzzer_copyNV21toRGB32
Change-Id: Ic52c1eea1ea89625db31538c97e49903af6958dc
parent 5ca0ccb3

automotive/evs/common/utils/default/test/fuzz/FormatConvertFuzzer.cpp

+3 −2
Original line number Diff line number Diff line
@@ -32,9 +32,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, std::size_t size) { 


    // API have a requirement that width must be divied by 16 except yuyvtorgb

    int min_height = 2;

    int max_height = (image_pixel_size / 16) & ~(1);  // must be even number

    int max_height = (image_pixel_size / 16);

    int height = fdp.ConsumeIntegralInRange<uint32_t>(min_height, max_height);

    int width = (image_pixel_size / height) & ~(16);  // must be divisible by 16

    height &= ~(1);  // must be even number

    int width = (image_pixel_size / height) & ~(0xF);  // must be divisible by 16



    uint8_t* src = (uint8_t*)(data + 4);

    uint32_t* tgt = (uint32_t*)malloc(sizeof(uint32_t) * image_pixel_size);