webpsan  

A Rust WebP format "sanitizer".

The sanitizer currently simply checks the validity of a WebP file input, so that passing malformed files to an unsafe parser can be avoided.

Usage

The main entry points to the sanitizer are sanitize, which take a Read + Skip input. The Skip trait represents a subset of the Seek trait; an input stream which can be skipped forward, but not necessarily seeked to arbitrary positions.

let example_input = b"RIFF\x14\0\0\0WEBPVP8L\x08\0\0\0\x2f\0\0\0\0\x88\x88\x08";
webpsan::sanitize(std::io::Cursor::new(example_input)).unwrap();

The parse module also contains a less stable and undocumented API which can be used to parse individual WebP chunk types.

API Documentation
Private Documentation

Contributing Bug Reports

GitHub is the project's bug tracker. Please search for similar existing issues before submitting a new one.

Testing

libwebp-based verification of webpsan tests can be enabled using the webpsan-test/libwebp feature. libwebp is linked statically, so does not need to be installed for the tests.

The test_data integration test runs on sample data files in the private test-data submodule. If you have access to this repo, you may check out the submodule manually:

$ git submodule update --init --checkout

Fuzz Testing

Fuzz testing via both cargo afl and cargo fuzz is supported. See the Rust Fuzz Book for more details. To run AFL-based fuzzing:

$ cargo install cargo-afl
$ cd fuzz-afl
$ ./fuzz $num_cpus

To run libFuzzer-based fuzzing:

$ cargo +nightly install cargo-fuzz
$ cargo +nightly fuzz run sanitize -- -dict=fuzz/webp.dict -seed_inputs=fuzz/input/smallest-possible.webp

OSS-Fuzz

Continuous fuzz testing is also provided by OSS-Fuzz.

Build Status
Code Coverage
Bugs Found

License

Licensed under MIT.