Add a fuzzer script for PCX (and update image version, cargo-deny action) (#9)

mstoeckl · web-flow · commit 65807800db47 · 2025-09-15T18:13:11.000-07:00
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -61,4 +61,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: EmbarkStudios/cargo-deny-action@v2
diff --git a/Cargo.toml b/Cargo.toml
@@ -12,12 +12,10 @@ default = ["pcx"]
 pcx = ["dep:pcx"]
 
 [dependencies]
-image = { version = "0.25.5", default-features = false }
+image = { version = "0.25.8", default-features = false }
 pcx = { version = "0.2.4", optional = true }
 
 [dev-dependencies]
-image = { version = "0.25.5", default-features = false, features = ["png"] }
+image = { version = "0.25.8", default-features = false, features = ["png"] }
 walkdir = "2.5.0"
 
-[patch.crates-io]
-image = { git = "https://github.com/fintelia/image", branch = "decoding-hooks" }
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -0,0 +1,27 @@
+
+[package]
+name = "image-fuzz"
+version = "0.0.1"
+authors = ["Automatically generated"]
+edition = "2021"
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+image = { version = "0.25.8", default-features = false }
+
+[dependencies.image-extras]
+path = ".."
+features = []
+[dependencies.libfuzzer-sys]
+version = "0.4"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzzer_script_pcx"
+path = "fuzzers/fuzzer_script_pcx.rs"
diff --git a/fuzz/README.md b/fuzz/README.md
@@ -0,0 +1,13 @@
+# Fuzzing with libfuzzer
+
+For the possibly more up-to-date guide see <https://fuzz.rs/book/cargo-fuzz/setup.html>.
+
+> $ cargo install cargo-fuzz
+> $ cargo +nightly fuzz run fuzzer_script_<format>
+
+# Bug reports
+
+As explained in the project [README](../README.md), fuzzing is not a priority for
+this crate and decoders may panic or worse on malformed input. Please do not
+open issues for crashes found by fuzzing, unless they are memory safety violations,
+though PRs fixing them are welcome.
diff --git a/fuzz/fuzzers/fuzzer_script_pcx.rs b/fuzz/fuzzers/fuzzer_script_pcx.rs
@@ -0,0 +1,22 @@
+#![no_main]
+#[macro_use]
+extern crate libfuzzer_sys;
+
+use image::ImageDecoder;
+use std::io::Cursor;
+
+fuzz_target!(|data: &[u8]| {
+    let reader = Cursor::new(data);
+    let Ok(mut decoder) = image_extras::pcx::PCXDecoder::new(reader) else {
+        return;
+    };
+    let mut limits = image::Limits::default();
+    limits.max_alloc = Some(1024 * 1024); // 1 MiB
+    if limits.reserve(decoder.total_bytes()).is_err() {
+        return;
+    }
+    if decoder.set_limits(limits).is_err() {
+        return;
+    }
+    let _ = std::hint::black_box(image::DynamicImage::from_decoder(decoder));
+});
