Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Side by Side Diff: third_party/afl/src/experimental/canvas_harness/canvas_harness.html

Issue 2075883002: Add American Fuzzy Lop (afl) to third_party/afl/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 <html>
2 <!--
3
4 american fuzzy lop - <canvas> harness
5 -------------------------------------
6
7 Written and maintained by Michal Zalewski <lcamtuf@google.com>
8
9 Copyright 2013, 2014 Google Inc. All rights reserved.
10
11 Licensed under the Apache License, Version 2.0 (the "License");
12 you may not use this file except in compliance with the License.
13 You may obtain a copy of the License at:
14
15 http://www.apache.org/licenses/LICENSE-2.0
16
17 A simple harness for going through afl-generated test cases, rendering them in
18 the browser environment, and discovering the use of uninitialized memory and
19 similar bugs. This code led to the discovery of a fair number of library and
20 browser security bugs!
21
22 The url_list[] array is a placeholder; for this to work properly, it needs to
23 be initialized with web-reachable paths to individual test cases. This can
24 be done manually or with a simple script.
25
26 -->
27
28 <body onload="set_images()">
29
30 <div id="status"></div>
31
32 <div id="image_div"></div>
33
34 <canvas height=64 width=64 id=cvs></canvas>
35
36 <h2>Results</h2>
37
38 <ul id="output"></ul>
39
40 <script>
41
42 var c = document.getElementById('cvs');
43 var ctx = c.getContext('2d');
44
45 var url_list = [
46 "images/id:000000,[...].jpg",
47 "images/id:000001,[...].jpg",
48 /* ... */
49 null
50 ];
51
52 var USE_IMAGES = 50;
53 var cur_image = 0;
54
55 if (location.hash) cur_image = parseInt(location.hash.substr(1));
56
57 var loaded = 0;
58 var image_obj = [];
59
60 var msie_cleanup;
61
62 function check_results() {
63
64 var uniques = [];
65
66 clearTimeout(msie_cleanup);
67
68 ctx.clearRect(0, 0, 64, 64);
69
70 uniques.push(image_obj[0].imgdata);
71
72 for (var i = 1; i < USE_IMAGES; i++) {
73
74 if (!image_obj[i].imgdata) continue;
75
76 if (image_obj[0].imgdata != image_obj[i].imgdata) {
77
78 for (var j = 1; j < uniques.length; j++)
79 if (uniques[j] == image_obj[i].imgdata) break;
80
81 if (j == uniques.length) uniques.push(image_obj[i].imgdata);
82
83
84 }
85
86 }
87
88 if (uniques.length > 1) {
89
90 var str = '<li> Image ' + url_list[cur_image] + ' has ' + uniques.length + ' variants: ';
91
92 for (var i = 0; i < uniques.length; i++)
93 str += '<img src="' + uniques[i] + '">';
94
95 document.getElementById('output').innerHTML += str;
96
97 }
98
99 cur_image++;
100 set_images();
101 }
102
103
104 function count_image() {
105
106 if (!this.complete || this.counted) return;
107
108 this.counted = true;
109
110 loaded++;
111
112 ctx.clearRect(0, 0, 64, 64);
113
114 try {
115 ctx.drawImage(this, 0, 0, 64, 64);
116 } catch (e) { }
117
118 this.imgdata = c.toDataURL();
119
120 if (loaded == USE_IMAGES) check_results();
121 }
122
123
124 function set_images() {
125
126 loaded = 0;
127
128 document.getElementById('status').innerHTML = 'Now processing ' + cur_image + '...';
129 location.hash = '#' + cur_image;
130
131 if (url_list[cur_image] == null) {
132 alert('Done!');
133 return;
134 }
135
136 restart_images();
137
138 msie_cleanup = setTimeout(check_results, 5000);
139
140 for (var i = 0; i < USE_IMAGES; i++)
141 image_obj[i].src = url_list[cur_image] + '?' + Math.random();
142
143 }
144
145
146 function restart_images() {
147
148 for (var i = 0; i < USE_IMAGES; i++)
149 if (image_obj[i]) image_obj[i].counted = true;
150
151 document.getElementById('image_div').innerHTML = '';
152 image_obj = [];
153
154 for (var i = 0; i < USE_IMAGES; i++) {
155
156 image_obj[i] = new Image();
157 image_obj[i].height = 64;
158 image_obj[i].width = 64;
159 image_obj[i].onerror = count_image;
160 image_obj[i].onload = count_image;
161
162 document.getElementById('image_div').appendChild(image_obj[i]);
163
164 }
165
166 }
167
168 </script>
169
170 <iframe src='http://www.cnn.com/'></iframe>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698