From c8d0e9595e4ac140d8d77f4f775c4933e96d6727 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Sat, 10 Feb 2024 23:04:06 +0100
Subject: [PATCH] Add a fuzzer for ImageCms.buildTransform

---
 Tests/oss-fuzz/fuzz_imagecms.py | 55 +++++++++++++++++++++++++++++++++
 Tests/oss-fuzz/fuzzers.py       |  6 +++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100755 Tests/oss-fuzz/fuzz_imagecms.py

diff --git a/Tests/oss-fuzz/fuzz_imagecms.py b/Tests/oss-fuzz/fuzz_imagecms.py
new file mode 100755
index 000000000..f687c7054
--- /dev/null
+++ b/Tests/oss-fuzz/fuzz_imagecms.py
@@ -0,0 +1,55 @@
+#!/usr/bin/python3
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import atheris
+
+with atheris.instrument_imports():
+    import sys
+
+    import fuzzers
+
+MODES = ["1", "L", "P", "RGB", "RGBA", "CMYK", "YCbCr", "LAB",
+    "HSV", "I", "F", "LA", "PA", "RGBX", "RGBa", "La", "I;16",
+    "I;16L", "I;16B", "I;16N", "BGR;15", "BGR;16", "BGR;24",
+    ]
+
+
+def TestOneInput(data: bytes) -> None:
+    fdp = atheris.FuzzedDataProvider(data)
+
+    mode1 = fdp.PickValueInList(MODES)
+    mode2 = fdp.PickValueInList(MODES)
+    in_transform = fdp.PickValueInList(MODES)
+    out_transform = fdp.PickValueInList(MODES)
+
+    try:
+        fuzzers.fuzz_cms(mode1, mode2, in_transform, out_transform)
+    except Exception:
+        # We're catching all exceptions because Pillow's exceptions are
+        # directly inheriting from Exception.
+        pass
+
+
+def main() -> None:
+    fuzzers.enable_decompressionbomb_error()
+    atheris.Setup(sys.argv, TestOneInput)
+    atheris.Fuzz()
+    fuzzers.disable_decompressionbomb_error()
+
+
+if __name__ == "__main__":
+    main()
diff --git a/Tests/oss-fuzz/fuzzers.py b/Tests/oss-fuzz/fuzzers.py
index d6c1fab71..fbaf253ab 100644
--- a/Tests/oss-fuzz/fuzzers.py
+++ b/Tests/oss-fuzz/fuzzers.py
@@ -3,7 +3,7 @@ from __future__ import annotations
 import io
 import warnings
 
-from PIL import Image, ImageDraw, ImageFile, ImageFilter, ImageFont
+from PIL import Image, ImageDraw, ImageFile, ImageFilter, ImageFont, ImageCms
 
 
 def enable_decompressionbomb_error() -> None:
@@ -25,6 +25,10 @@ def fuzz_image(data: bytes) -> None:
         im.filter(ImageFilter.DETAIL)
         im.save(io.BytesIO(), "BMP")
 
+def fuzz_cms(profile1, profile2, trans1, trans2) -> None:
+    p1 = ImageCms.createProfile(profile1)
+    p2 = ImageCms.createProfile(profile2)
+    t = ImageCms.buildTransform(p1, p2, trans1, trans2)
 
 def fuzz_font(data: bytes) -> None:
     wrapper = io.BytesIO(data)