OSS-Fuzz: Bail out immediately on decomp failure

dcommander · dcommander · commit 6316d4d7522a · 2023-02-07T13:34:34.000-06:00
Don't keep trying to decompress the same image if tj3Decompress*() has
already thrown an error.  Otherwise, if the image has an excessive
number of scans, then each iteration of the loop will try to decompress
up to the scan limit, which may cause the overall test to time out even
if one iteration doesn't time out.
diff --git a/fuzz/decompress.cc b/fuzz/decompress.cc
@@ -1,5 +1,5 @@
 /*
- * Copyright (C)2021 D. R. Commander.  All Rights Reserved.
+ * Copyright (C)2021, 2023 D. R. Commander.  All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -88,7 +88,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
          when using MemorySanitizer. */
       for (i = 0; i < w * h * tjPixelSize[pf]; i++)
         sum += dstBuf[i];
-    }
+    } else
+      goto bailout;
 
     free(dstBuf);
     dstBuf = NULL;
diff --git a/fuzz/decompress_yuv.cc b/fuzz/decompress_yuv.cc
@@ -1,5 +1,5 @@
 /*
- * Copyright (C)2021 D. R. Commander.  All Rights Reserved.
+ * Copyright (C)2021, 2023 D. R. Commander.  All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -90,7 +90,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
          when using MemorySanitizer. */
       for (i = 0; i < w * h * tjPixelSize[pf]; i++)
         sum += dstBuf[i];
-    }
+    } else
+      goto bailout;
 
     free(dstBuf);
     dstBuf = NULL;
