Add new fuzzer to increase OSS-Fuzz coverage
Adding another libtiff fuzzer to increase coverage. This fuzzer utilizes the TiffStream
class, so we propose a few updates to tiffstream.cpp
and tiffstream.h
to make them work with modern C++ versions and the rest of libtiff. We also update the OSS-Fuzz build script in order to account for the addition of this fuzzer (and any others to come).
tiff_read_data_fuzzer.cc
is an adaptation of the fuzzer located here. Summary of changes:
- Remove unused imports
- Use libtiff's stream class instead of defining custom handler functions for in-memory parsing
- Remove all instances of
printf
and change outputFILE *
to/dev/null
instead ofstdout
because we don't need any output for fuzz testing - Remove the use of static variables in favor of refactoring based on desired code paths to hit (except in the case of
TIFFReadSeparateStripData()
, where rather than break the inner loop we immediately jump to the call to_TIFFfree()
) - Clean up the function calls made in
TIFFReadData()
by avoiding repetition of code