fuzz/fuzz.cpp - Issue 2047353003: Add ICC fuzzer

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: fuzz/fuzz.cpp

Issue 2047353003: Add ICC fuzzer (Closed) Base URL: https://skia.googlesource.com/skia@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: fuzz/fuzz.cpp

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp

index 326b942bbe718759b2f65b817302d96984acf40e..853b5e04117b4732af8adaa80b2974221d7ed70b 100644

--- a/fuzz/fuzz.cpp

+++ b/fuzz/fuzz.cpp

@@ -23,7 +23,7 @@

DEFINE_string2(bytes, b, "", "A path to a file. This can be the fuzz bytes or a binary to parse.");

DEFINE_string2(name, n, "", "If --type is 'api', fuzz the API with this name.");

-DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', or 'api'.");

+DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', 'icc', or 'api'.");

DEFINE_string2(dump, d, "", "If not empty, dump 'image*' or 'skp' types as a PNG with this name.");

static int printUsage(const char* name) {

@@ -35,6 +35,7 @@ static uint8_t calculate_option(SkData*);

static int fuzz_api(SkData*);

static int fuzz_img(SkData*, uint8_t, uint8_t);

static int fuzz_skp(SkData*);

+static int fuzz_icc(SkData*);

int main(int argc, char** argv) {

SkCommandLineFlags::Parse(argc, argv);

@@ -53,6 +54,9 @@ int main(int argc, char** argv) {

case 'a': return fuzz_api(bytes);

case 'i':

+ if (FLAGS_type[0][1] == 'c') { //icc

+ return fuzz_icc(bytes);

+ }

// We only allow one degree of freedom to avoid a search space explosion for afl-fuzz.

if (FLAGS_type[0][6] == 's') { // image_scale

return fuzz_img(bytes, option, 0);

@@ -372,6 +376,16 @@ int fuzz_skp(SkData* bytes) {

return 0;

}

+int fuzz_icc(SkData* bytes) {

+ sk_sp<SkColorSpace> space(SkColorSpace::NewICC(bytes->data(), bytes->size()));

+ if (!space) {

+ SkDebugf("[terminated] Couldn't decode ICC.\n");

+ return 1;

+ }

+ SkDebugf("[terminated] Success! Decoded ICC.\n");

+ return 0;

Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {}

void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }

« no previous file with comments | « no previous file | no next file » | no next file with comments »