Marcono1234 created IMAGING-365:
-----------------------------------
Summary: Extend oss-fuzz to cover Imaging class
Key: IMAGING-365
URL: https://issues.apache.org/jira/browse/IMAGING-365
Project: Commons Imaging
Issue Type: Improvement
Reporter: Marcono1234
Currently the existing fuzzer classes in
https://github.com/google/oss-fuzz/tree/master/projects/apache-commons-imaging
only seem to cover the {{getBufferedImage}} method of a few image parsers.
What do you think about adding an additional fuzzer class which covers some of
the methods of {{org.apache.commons.imaging.Imaging}}, for example:
- {{getImageInfo(byte[])}}
- {{getImageSize(byte[])}}
- {{getMetadata(byte[])}}
- {{getXmpXml(byte[])}}
Unlike other methods which read the complete image, users might expect from
these methods that they are safer to use and don't cause a denial of service
because they 'only' extract metadata. So fuzzing them might be worth it.
Also in general fuzzing the methods of the {{Imaging}} class would have the
advantage that this covers more of the supported image formats.
If you want I can try adjusting the code in oss-fuzz.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
