Merge pull request #14 from bookmoons/gif

Yevgeny Pats · web-flow · commit dfe7f3cfced6 · 2019-11-10T22:15:26.000+02:00
Add GIF fuzzer
diff --git a/README.md b/README.md
@@ -147,5 +147,6 @@ any unnecessary work is done.
 * [js-yaml: Crash/TypeError](https://github.com/nodeca/js-yaml/issues/524)
 * [js-yaml: Crash/TypeError](https://github.com/nodeca/js-yaml/issues/525)
 * [asciidoctor: Hang/DoS](https://github.com/asciidoctor/asciidoctor/issues/3472)
+* [deanm/omggif: Crash/TypeError](https://github.com/deanm/omggif/issues/41)
 
 **Feel free to add bugs that you found with jsfuzz to this list via pull-request**
diff --git a/examples/gif/fuzz.js b/examples/gif/fuzz.js
@@ -0,0 +1,24 @@
+const omggif = require('omggif')
+
+async function fuzz (bytes) {
+  try {
+    omggif.GifReader(bytes)
+  } catch (error) {
+    if (!acceptable(error)) throw error
+  }
+}
+
+function acceptable (error) {
+  return !!expected
+    .find(message => error.message.startsWith(message))
+}
+
+const expected = [
+  'Invalid GIF 87a/89a header',
+  'Unknown gif block',
+  'Invalid block size',
+  'Invalid graphics extension block',
+  'Unknown graphic control label'
+]
+
+exports.fuzz = fuzz
diff --git a/examples/gif/package-lock.json b/examples/gif/package-lock.json
diff --git a/examples/gif/package.json b/examples/gif/package.json
@@ -0,0 +1,9 @@
+{
+    "name": "gif-fuzz",
+    "version": "1.0.0",
+    "main": "fuzz.js",
+    "license": "ISC",
+    "dependencies": {
+        "omggif": "^1.0.10"
+    }
+}
