1 #include <libexif/exif-data.h>
2 #include <libexif/exif-loader.h>
3 #include <stddef.h>
4 #include <stdlib.h>
5 
6 /* Extract all MakerNote tags */
mnote_dump(ExifData * data)7 static void mnote_dump(ExifData *data) {
8   ExifMnoteData *mn = exif_data_get_mnote_data(data);
9   if (mn) {
10     int num = exif_mnote_data_count(mn);
11 
12     /* Loop through all MakerNote tags */
13     for (int i = 0; i < num; ++i) {
14       char buf[1024];
15       exif_mnote_data_get_value(mn, i, buf, sizeof(buf));
16     }
17   }
18 }
19 
dump_value(ExifEntry * entry,void *)20 static void dump_value(ExifEntry *entry, void *) {
21   char buf[1024];
22   exif_entry_get_value(entry, buf, sizeof(buf));
23 }
24 
data_func(ExifContent * content,void *)25 static void data_func(ExifContent *content, void *) {
26   exif_content_foreach_entry(content, dump_value, NULL);
27 }
28 
29 /* This is like exif_data_dump but without writing to stdout */
data_dump(ExifData * data)30 static void data_dump(ExifData *data) {
31   exif_data_foreach_content(data, data_func, NULL);
32 }
33 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)34 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
35   // Parse tags using (ultimately) exif_data_load_data()
36   auto image = exif_data_new_from_data(data, size);
37   if (image) {
38     // Exercise the EXIF tag manipulation code
39     exif_data_get_mnote_data(image);
40     data_dump(image);
41     mnote_dump(image);
42     unsigned char *buf;
43     unsigned int sz;
44     exif_data_save_data(image, &buf, &sz);
45     free(buf);
46     exif_data_fix(image);
47     exif_data_unref(image);
48   }
49 
50   // Parse tags again, but using exif_loader_write(), which is a separate
51   // parser.  There is no need to fuzz the parsed ExifData again, since it will
52   // be identical to what has been loaded (and fuzzed) above.
53   ExifLoader *loader = exif_loader_new();
54   if (!loader) {
55     return 0;
56   }
57   exif_loader_write(loader, const_cast<unsigned char *>(data), size);
58   image = exif_loader_get_data(loader);
59   if (image) {
60     exif_data_unref(image);
61   }
62   exif_loader_unref(loader);
63 
64   return 0;
65 }
66