diff --git a/Tests/oss-fuzz/fuzz_font.py b/Tests/oss-fuzz/fuzz_font.py index 43c23fe60..ec3a4b2de 100755 --- a/Tests/oss-fuzz/fuzz_font.py +++ b/Tests/oss-fuzz/fuzz_font.py @@ -20,17 +20,11 @@ import warnings import atheris_no_libfuzzer as atheris -from PIL import Image, ImageDraw, ImageFont - +import fuzzers def TestOneInput(data): try: - with ImageFont.load(io.BytesIO(data)) as font: - font.getsize_multiline("ABC\nAaaa") - font.getmask("test text") - with Image.new(mode="RGBA", size=(200, 200)) as im: - draw = ImageDraw.Draw(im) - draw.text((10,10), "Test Text", font) + fuzzers.fuzz_font(data) except Exception: # We're catching all exceptions because Pillow's exceptions are # directly inheriting from Exception. diff --git a/Tests/oss-fuzz/fuzz_pillow.py b/Tests/oss-fuzz/fuzz_pillow.py index 894068f63..695e9e5eb 100644 --- a/Tests/oss-fuzz/fuzz_pillow.py +++ b/Tests/oss-fuzz/fuzz_pillow.py @@ -18,28 +18,21 @@ import io import sys import warnings +import fuzzers + import atheris_no_libfuzzer as atheris -from PIL import Image, ImageFile, ImageFilter - - def TestOneInput(data): try: - with Image.open(io.BytesIO(data)) as im: - im.rotate(45) - im.filter(ImageFilter.DETAIL) - im.save(io.BytesIO(), "BMP") + fuzzers.fuzz_image(data) except Exception: # We're catching all exceptions because Pillow's exceptions are # directly inheriting from Exception. return return - def main(): - ImageFile.LOAD_TRUNCATED_IMAGES = True - warnings.filterwarnings("ignore") - warnings.simplefilter("error", Image.DecompressionBombWarning) + fuzzers.enable_decompressionbomb_error() atheris.Setup(sys.argv, TestOneInput, enable_python_coverage=True) atheris.Fuzz() diff --git a/Tests/oss-fuzz/fuzzers.py b/Tests/oss-fuzz/fuzzers.py new file mode 100644 index 000000000..f7c395e76 --- /dev/null +++ b/Tests/oss-fuzz/fuzzers.py @@ -0,0 +1,33 @@ +import warnings +import io + +from PIL import Image, ImageFont, ImageDraw, ImageFilter, ImageFile, PcfFontFile + +def enable_decompressionbomb_error(): + ImageFile.LOAD_TRUNCATED_IMAGES = True + warnings.filterwarnings("ignore") + warnings.simplefilter("error", Image.DecompressionBombWarning) + +def fuzz_image(data): + # This will fail on some images in the corpus, as we have many + # invalid images in the test suite. + with Image.open(io.BytesIO(data)) as im: + im.rotate(45) + im.filter(ImageFilter.DETAIL) + im.save(io.BytesIO(), "BMP") + +def fuzz_font(data): + # This should not fail on a valid font load for any of the fonts in the corpus + wrapper = io.BytesIO(data) + try: + font = ImageFont.truetype(wrapper) + except OSError: + # pcf/pilfonts/random garbage here here. They're different. + return + + font.getsize_multiline("ABC\nAaaa") + font.getmask("test text") + with Image.new(mode="RGBA", size=(200, 200)) as im: + draw = ImageDraw.Draw(im) + draw.multiline_textsize("ABC\nAaaa", font, stroke_width=2) + draw.text((10,10), "Test Text", font=font, fill="#000") diff --git a/Tests/oss-fuzz/test_fuzzers.py b/Tests/oss-fuzz/test_fuzzers.py new file mode 100644 index 000000000..56b1ee9a0 --- /dev/null +++ b/Tests/oss-fuzz/test_fuzzers.py @@ -0,0 +1,31 @@ +import pytest + +import fuzzers +import glob +import subprocess + +from PIL import Image + +@pytest.mark.parametrize("path", subprocess.check_output('find Tests/images -type f', shell=True).split(b'\n')) +def test_fuzz_images(path): + fuzzers.enable_decompressionbomb_error() + try: + with open(path, 'rb') as f: + fuzzers.fuzz_image(f.read()) + assert True + except (OSError, SyntaxError, MemoryError, ValueError, NotImplementedError): + # Known exceptions that are through from Pillow + assert True + except (Image.DecompressionBombError, Image.DecompressionBombWarning, + Image.UnidentifiedImageError): + # Known Image.* exceptions + assert True + + +@pytest.mark.parametrize("path", subprocess.check_output('find Tests/fonts -type f', shell=True).split(b'\n')) +def test_fuzz_fonts(path): + if not path or b'LICENSE.txt' in path or b'.pil' in path: + return + with open(path, 'rb') as f: + fuzzers.fuzz_font(f.read()) + assert True