OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // TODO (scroggo): Move this to | |
6 // third_party/WebKit/Source/platform/image-decoders ? | |
7 | |
8 // Compile with: | |
9 // gn gen out/Fuzz '--args=use_libfuzzer=true is_asan=true | |
10 // is_debug=false is_ubsan_security=true' --check | |
11 // ninja -C out/Fuzz blink_png_decoder_fuzzer | |
12 // | |
13 // Run with: | |
14 // ./out/Fuzz/blink_png_decoder_fuzzer | |
15 // third_party/WebKit/LayoutTests/images/resources/pngfuzz | |
16 // | |
17 // Alternatively, it can be run with: | |
18 // ./out/Fuzz/blink_png_decoder_fuzzer ~/another_dir_to_store_corpus | |
19 // third_party/WebKit/LayoutTests/images/resources/pngfuzz | |
20 // | |
21 // so the fuzzer will read both directories passed, but all new generated | |
22 // testcases will go into | |
23 // `~/another_dir_to_store_corpus | |
mmoroz
2017/01/04 08:37:54
Looks like a typo: "`"
scroggo_chromium
2017/01/05 14:26:09
Done.
| |
24 // | |
25 // For more details, see | |
26 // https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/REA DME.md | |
27 | |
28 #include "platform/image-decoders/png/PNGImageDecoder.cpp" | |
29 #include "platform/testing/BlinkFuzzerTestSupport.h" | |
30 | |
31 namespace blink { | |
32 | |
33 std::unique_ptr<ImageDecoder> createDecoder( | |
34 ImageDecoder::AlphaOption alphaOption) { | |
35 return WTF::wrapUnique(new PNGImageDecoder( | |
36 alphaOption, ColorBehavior::transformToTargetForTesting(), | |
37 ImageDecoder::noDecodedImageByteLimit)); | |
38 } | |
39 | |
40 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | |
41 auto buffer = SharedBuffer::create(data, size); | |
42 // TODO (scroggo): Also test ImageDecoder::AlphaNotPremultiplied? | |
43 auto decoder = createDecoder(ImageDecoder::AlphaPremultiplied); | |
44 const bool allDataReceived = true; | |
45 decoder->setData(buffer.get(), allDataReceived); | |
46 decoder->frameCount(); | |
47 if (decoder->failed()) | |
48 return 0; | |
49 for (size_t frame = 0; frame < decoder->frameCount(); frame++) { | |
50 decoder->frameBufferAtIndex(frame); | |
51 if (decoder->failed()) | |
52 return 0; | |
53 } | |
54 return 0; | |
55 } | |
56 | |
57 } // namespace blink | |
58 | |
59 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | |
60 return blink::LLVMFuzzerTestOneInput(data, size); | |
61 } | |
62 | |
63 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { | |
64 blink::InitializeBlinkFuzzTest(argc, argv); | |
65 return 0; | |
66 } | |
OLD | NEW |