Add new fuzz binary.

fuzz/Fuzz.h

Index: fuzz/Fuzz.h
diff --git a/fuzz/Fuzz.h b/fuzz/Fuzz.h
new file mode 100644
index 0000000000000000000000000000000000000000..cf5bcb9ead60df8d261830d74fadcd1c6ba2c004
--- /dev/null
+++ b/fuzz/Fuzz.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef Fuzz_DEFINED
+#define Fuzz_DEFINED
+
+#include "SkData.h"
+#include "SkTRegistry.h"
+#include "SkTypes.h"
+#include <stdlib.h>
+
+class Fuzz : SkNoncopyable {
+public:
+    explicit Fuzz(SkData*);
+
+    uint32_t nextU();
+    float    nextF();
+
+    // These return a value in [min, max).
+    uint32_t nextURange(uint32_t min, uint32_t max);
+    float    nextFRange(float    min, float    max);
+
+private:
+    SkAutoTUnref<SkData> fBytes;
+};
+
+struct Fuzzable {
+    const char* name;
+    void (*fn)(Fuzz*);
+};
+
+#define DEF_FUZZ(name, f)                                        \
+    static void fuzz_##name(Fuzz*);                              \
+    SkTRegistry<Fuzzable> register_##name({#name, fuzz_##name}); \
+    static void fuzz_##name(Fuzz* f)
+
+#define ASSERT(cond) do { if (!(cond)) abort(); } while(false)

[kjlubick, 2016/01/13 20:44:00]

Does this SEGFAULT?  If so, afl-fuzz will pick this up as a "crash".  I think
this is expected behavior, but I just wanted to run it by you.

[mtklein, 2016/01/13 20:48:28]

It's SIGABRT, not SIGSEGV, but same idea.

+
+#endif//Fuzz_DEFINED