Same size limit in read_image fuzzer as dec_incr (#1995)
diff --git a/tests/gtest/avif_fuzztest_dec_incr.cc b/tests/gtest/avif_fuzztest_dec_incr.cc
index 1ba7c97..328ceb1 100644
--- a/tests/gtest/avif_fuzztest_dec_incr.cc
+++ b/tests/gtest/avif_fuzztest_dec_incr.cc
@@ -62,10 +62,15 @@
ASSERT_NE(decoder.get(), nullptr);
avifDecoderSetIO(decoder.get(), &io);
// OSS-Fuzz limits the allocated memory to 2560 MB.
+ constexpr uint32_t kMaxMem = 2560u * 1024 * 1024;
+ // Consider at most four planes of 16-bit samples.
+ constexpr uint32_t kMaxImageSize =
+ kMaxMem / (AVIF_PLANE_COUNT_YUV + 1) / sizeof(uint16_t);
+ // Reduce the limit further to include pixel buffer copies and other memory
+ // allocations.
+ constexpr uint32_t kImageSizeLimit = kMaxImageSize / 4;
// avifDecoderParse returns AVIF_RESULT_NOT_IMPLEMENTED if kImageSizeLimit is
// bigger than AVIF_DEFAULT_IMAGE_SIZE_LIMIT.
- constexpr uint32_t kImageSizeLimit =
- 2560u * 512 * 512 / AVIF_MAX_AV1_LAYER_COUNT / sizeof(uint16_t);
static_assert(kImageSizeLimit <= AVIF_DEFAULT_IMAGE_SIZE_LIMIT,
"Too big an image size limit");
decoder->imageSizeLimit = kImageSizeLimit;
diff --git a/tests/gtest/avif_fuzztest_read_image.cc b/tests/gtest/avif_fuzztest_read_image.cc
index 608861b..b0b893d 100644
--- a/tests/gtest/avif_fuzztest_read_image.cc
+++ b/tests/gtest/avif_fuzztest_read_image.cc
@@ -60,9 +60,14 @@
ImagePtr avif_image(avifImageCreateEmpty());
avif_image->matrixCoefficients = matrix_coefficients;
- // OSS-Fuzz limits the allocated memory to 2560 MB. Consider 16-bit samples.
- constexpr uint32_t kImageSizeLimit =
- 2560u * 1024 * 1024 / AVIF_MAX_AV1_LAYER_COUNT / sizeof(uint16_t);
+ // OSS-Fuzz limits the allocated memory to 2560 MB.
+ constexpr uint32_t kMaxMem = 2560u * 1024 * 1024;
+ // Consider at most four planes of 16-bit samples.
+ constexpr uint32_t kMaxImageSize =
+ kMaxMem / (AVIF_PLANE_COUNT_YUV + 1) / sizeof(uint16_t);
+ // Reduce the limit further to include pixel buffer copies and other memory
+ // allocations.
+ constexpr uint32_t kImageSizeLimit = kMaxImageSize / 4;
// SharpYUV is computationally expensive. Avoid timeouts.
const uint32_t imageSizeLimit =
(chroma_downsampling == AVIF_CHROMA_DOWNSAMPLING_SHARP_YUV &&