Handle jpeg library fuzz false positives

The jpeg library has some assembly code that is missed by the compiler instrumentation used by memory sanitization. There is a runtime environment variable that is used to work around this issue.

Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler instrumentation used by memory sanitization. There is a runtime environment variable that is used to work around this issue.
Jay Berkenbilt
1 parent c1684eae
Showing 3 changed files with 13 additions and 0 deletions
fuzz/dct_fuzzer.cc
fuzz/qpdf_fuzzer.cc
libqpdf/Pl_DCT.cc
@@ -2,6 +2,7 @@
 #include <qpdf/Pl_DCT.hh>
 #include <iostream>
 #include <stdexcept>
+#include <cstdlib>
 class FuzzHelper
 {
@@ -46,6 +47,11 @@ FuzzHelper::run()
 extern "C" int LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
 {
+#ifndef _WIN32
+    // Used by jpeg library to work around false positives in memory
+    // sanitizer.
+    setenv("JSIMD_FORCENONE", "1", 1);
+#endif
     FuzzHelper f(data, size);
     f.run();
     return 0;
@@ -9,6 +9,7 @@
 #include <qpdf/QPDFPageLabelDocumentHelper.hh>
 #include <qpdf/QPDFOutlineDocumentHelper.hh>
 #include <qpdf/QPDFAcroFormDocumentHelper.hh>
+#include <cstdlib>
 class DiscardContents: public QPDFObjectHandle::ParserCallbacks
 {
@@ -223,6 +224,11 @@ FuzzHelper::run()
 extern "C" int LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
 {
+#ifndef _WIN32
+    // Used by jpeg library to work around false positives in memory
+    // sanitizer.
+    setenv("JSIMD_FORCENONE", "1", 1);
+#endif
     FuzzHelper f(data, size);
     f.run();
     return 0;
@@ -8,6 +8,7 @@
 #include <stdexcept>
 #include <stdlib.h>
 #include <string>
+#include <cstring>
 #if BITS_IN_JSAMPLE != 8
 # error "qpdf does not support libjpeg built with BITS_IN_JSAMPLE != 8"