libvips
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_avif_to_avif
899 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_avif_to_avif
899 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_gif_all_pages
817 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_gif_all_pages
817 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_webp_all_pages
823 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_webp_all_pages
823 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_webp_page_three
731 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_gif_to_webp_page_three
731 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_jpeg_to_png
1005 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_jpeg_to_png
1005 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_leak_webpsave
824 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_leak_webpsave
824 Bytes
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_pdf_to_png
Lines changed: 39 additions & 0 deletions b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_pdf_to_png
Lines changed: 39 additions & 0 deletions
diff --git a/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_webp_to_tiff
662 Bytes b/‎fuzz/common_fuzzer_corpus/generic_buffer_with_args_webp_to_tiff
662 Bytes
diff --git a/‎fuzz/generic_buffer_with_args_fuzzer.cc
Lines changed: 81 additions & 0 deletions b/‎fuzz/generic_buffer_with_args_fuzzer.cc
Lines changed: 81 additions & 0 deletions
diff --git a/‎fuzz/meson.build
Lines changed: 7 additions & 0 deletions b/‎fuzz/meson.build
Lines changed: 7 additions & 0 deletions
@@ -0,0 +1,39 @@
+[n=-1,page=0,dpi=72,scale=0.1,password=secret]
+.png[filter=none]
+%PDF-1.1
+%����
+1 0 obj 
+<<
+/Pages 2 0 R
+/Type /Catalog
+>>
+endobj 
+2 0 obj 
+<<
+/MediaBox [0 0 595 842]
+/Kids [3 0 R]
+/Count 1
+/Type /Pages
+>>
+endobj 
+3 0 obj 
+<<
+/Parent 2 0 R
+/MediaBox [0 0 595 842]
+/Type /Page
+>>
+endobj xref
+0 4
+0000000000 65535 f 
+0000000015 00000 n 
+0000000066 00000 n 
+0000000149 00000 n 
+trailer
+
+<<
+/Root 1 0 R
+/Size 4
+>>
+startxref
+221
+%%EOF
@@ -0,0 +1,81 @@
+#include <vips/vips.h>
+
+#define MAX_ARG_LEN 4096 // =VIPS_PATH_MAX
+
+extern "C" int
+LLVMFuzzerInitialize(int *argc, char ***argv)
+{
+	if (VIPS_INIT(*argv[0]))
+		return -1;
+
+	vips_concurrency_set(1);
+	return 0;
+}
+
+static char *
+ExtractLine(const guint8 *data, size_t size, size_t *n)
+{
+	const guint8 *end;
+
+	end = static_cast<const guint8 *>(
+		memchr(data, '\n', VIPS_MIN(size, MAX_ARG_LEN)));
+	if (end == nullptr)
+		return nullptr;
+
+	*n = end - data;
+	return g_strndup(reinterpret_cast<const char *>(data), *n);
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput(const guint8 *data, size_t size)
+{
+	VipsImage *image;
+	void *buf;
+	char *option_string, *suffix;
+	size_t len, n;
+
+	option_string = ExtractLine(data, size, &n);
+	if (option_string == nullptr)
+		return 0;
+
+	data += n + 1;
+	size -= n + 1;
+
+	suffix = ExtractLine(data, size, &n);
+	if (suffix == nullptr) {
+		g_free(option_string);
+		return 0;
+	}
+
+	data += n + 1;
+	size -= n + 1;
+
+	if (!(image = vips_image_new_from_buffer(data, size, option_string, nullptr))) {
+		g_free(option_string);
+		g_free(suffix);
+		return 0;
+	}
+
+	// We're done with option_string, free early.
+	g_free(option_string);
+
+	if (image->Xsize > 100 ||
+		image->Ysize > 100 ||
+		image->Bands > 4) {
+		g_object_unref(image);
+		g_free(suffix);
+		return 0;
+	}
+
+	if (vips_image_write_to_buffer(image, suffix, &buf, &len, nullptr)) {
+		g_object_unref(image);
+		g_free(suffix);
+		return 0;
+	}
+
+	g_free(buf);
+	g_free(suffix);
+	g_object_unref(image);
+
+	return 0;
+}
@@ -97,6 +97,13 @@ foreach fuzz_basename, fuzz_save_suffix : fuzz_save_buffer_progs
     )
 endforeach
 
+
+fuzz_execs += executable('generic_buffer_with_args_fuzzer',
+    'generic_buffer_with_args_fuzzer.cc',
+    dependencies: [libvips_dep, fuzz_deps],
+    link_args: fuzz_ldflags,
+)
+
 # If the fuzzing engine is not OSS-Fuzz, build the unit tests to be run on CI
 if fuzzing_engine != 'oss-fuzz'
     test_fuzz = configure_file(