Bug 1853026. Add a pref for fuzzers to limit image size so fuzzing can proceed more quickly. r=gfx-reviewers,lsalzman

Large image sizes slow down fuzzing for webp and aren't likely to catch any more issues. We will still want to fuzz without this pref to catch any large image issues though. Differential Revision: https://phabricator.services.mozilla.com/D188156
2023-10-02 21:22:52 +00:00 · 2023-10-02 21:22:52 +00:00 · 52922a36a4
--- a/image/SurfaceCache.cpp
+++ b/image/SurfaceCache.cpp
@ -1899,6 +1899,11 @@ bool SurfaceCache::IsLegalSize(const IntSize& aSize) {
    NS_WARNING("width or height too large");
    return false;
  }
+  const int32_t maxSize =
+      StaticPrefs::image_mem_max_legal_imgframe_size_kb_AtStartup();
+  if (MOZ_UNLIKELY(maxSize > 0 && requiredBytes.value() / 1024 > maxSize)) {
+    return false;
+  }
  return true;
 }

--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -6934,6 +6934,14 @@
  value: 4
  mirror: once

+# Maximum size in kilobytes that we allow to allocate an imgFrame, meant for
+# testing/fuzzing purposes. -1 disables this limit (there are other limits in
+# place).
+- name: image.mem.max_legal_imgframe_size_kb
+  type: int32_t
+  value: -1
+  mirror: once
+
 # Whether we record SVG images as blobs or not.
 - name: image.svg.blob-image
  type: RelaxedAtomicBool