More fuzzer fixes

- allow for malloc to return 0.
- do not go through big resizing

BUG: oss-fuzz:4667732529577984, oss-fuzz:6595689259008000
Change-Id: I56892bbba2fbcf5d1ceede2b56ea34612f8d13ac

Author: vrabaud

tests/fuzzer/enc_dec_fuzzer.cc

@@ -191,6 +191,13 @@ void EncDecTest(bool use_argb, fuzz_utils::WebPPictureCpp pic_cpp,
     fprintf(stderr, "WebPInitDecoderConfig failed.\n");
     abort();
   }
+  if (decoder_options.use_scaling &&
+      static_cast<size_t>(decoder_options.scaled_width) *
+              decoder_options.scaled_height >
+          1000u * 1000u) {
+    // Skip huge scaling.
+    return;
+  }
 
   dec_config.output.colorspace = static_cast<WEBP_CSP_MODE>(colorspace);
   std::memcpy(&dec_config.options, &decoder_options, sizeof(decoder_options));

tests/fuzzer/oss-fuzz/build.sh

@@ -74,16 +74,9 @@ for fuzz_main_file in $FUZZ_TEST_BINARIES_OUT_PATHS; do
 # LLVMFuzzerTestOneInput for fuzzer detection.
 this_dir=\$(dirname "\$0")
 export TEST_DATA_DIRS=\$this_dir/corpus
-filtered_args=()
-for arg in "\$@"; do
-    if [[ "\$arg" == -rss_limit_mb=* ]]; then
-        continue
-    else
-        filtered_args+=("\$arg")
-    fi
-done
+export ASAN_OPTIONS="\${ASAN_OPTIONS}:allocator_may_return_null=1"
 chmod +x \$this_dir/$fuzz_basename
-\$this_dir/$fuzz_basename --fuzz=$fuzz_entrypoint -- "\${filtered_args[@]}" -rss_limit_mb=0
+\$this_dir/$fuzz_basename --fuzz=$fuzz_entrypoint -- \$@
 chmod -x \$this_dir/$fuzz_basename
 EOF
     chmod +x $OUT/$TARGET_FUZZER