You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Marcono1234 (Jira)" <ji...@apache.org> on 2023/10/13 01:18:00 UTC

[jira] [Created] (IMAGING-365) Extend oss-fuzz to cover Imaging class

Marcono1234 created IMAGING-365:
-----------------------------------

             Summary: Extend oss-fuzz to cover Imaging class
                 Key: IMAGING-365
                 URL: https://issues.apache.org/jira/browse/IMAGING-365
             Project: Commons Imaging
          Issue Type: Improvement
            Reporter: Marcono1234


Currently the existing fuzzer classes in https://github.com/google/oss-fuzz/tree/master/projects/apache-commons-imaging only seem to cover the {{getBufferedImage}} method of a few image parsers.

What do you think about adding an additional fuzzer class which covers some of the methods of {{org.apache.commons.imaging.Imaging}}, for example:
- {{getImageInfo(byte[])}}
- {{getImageSize(byte[])}}
- {{getMetadata(byte[])}}
- {{getXmpXml(byte[])}}

Unlike other methods which read the complete image, users might expect from these methods that they are safer to use and don't cause a denial of service because they 'only' extract metadata. So fuzzing them might be worth it.

Also in general fuzzing the methods of the {{Imaging}} class would have the advantage that this covers more of the supported image formats.

If you want I can try adjusting the code in oss-fuzz.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)