File: PngFuzzer.cpp

package info (click to toggle)
chromium-browser 57.0.2987.98-1~deb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 2,637,852 kB
  • ctags: 2,544,394
  • sloc: cpp: 12,815,961; ansic: 3,676,222; python: 1,147,112; asm: 526,608; java: 523,212; xml: 286,794; perl: 92,654; sh: 86,408; objc: 73,271; makefile: 27,698; cs: 18,487; yacc: 13,031; tcl: 12,957; pascal: 4,875; ml: 4,716; lex: 3,904; sql: 3,862; ruby: 1,982; lisp: 1,508; php: 1,368; exp: 404; awk: 325; csh: 117; jsp: 39; sed: 37
file content (65 lines) | stat: -rw-r--r-- 2,184 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// TODO (scroggo): Move this to
// third_party/WebKit/Source/platform/image-decoders ?

// Compile with:
// gn gen out/Fuzz '--args=use_libfuzzer=true is_asan=true
// is_debug=false is_ubsan_security=true' --check
// ninja -C out/Fuzz blink_png_decoder_fuzzer
//
// Run with:
// ./out/Fuzz/blink_png_decoder_fuzzer
// third_party/WebKit/LayoutTests/images/resources/pngfuzz
//
// Alternatively, it can be run with:
// ./out/Fuzz/blink_png_decoder_fuzzer ~/another_dir_to_store_corpus
// third_party/WebKit/LayoutTests/images/resources/pngfuzz
//
// so the fuzzer will read both directories passed, but all new generated
// testcases will go into ~/another_dir_to_store_corpus
//
// For more details, see
// https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/README.md

#include "platform/image-decoders/png/PNGImageDecoder.cpp"
#include "platform/testing/BlinkFuzzerTestSupport.h"

namespace blink {

std::unique_ptr<ImageDecoder> createDecoder(
    ImageDecoder::AlphaOption alphaOption) {
  return WTF::wrapUnique(new PNGImageDecoder(
      alphaOption, ColorBehavior::transformToTargetForTesting(),
      ImageDecoder::noDecodedImageByteLimit));
}

int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  auto buffer = SharedBuffer::create(data, size);
  // TODO (scroggo): Also test ImageDecoder::AlphaNotPremultiplied?
  auto decoder = createDecoder(ImageDecoder::AlphaPremultiplied);
  const bool allDataReceived = true;
  decoder->setData(buffer.get(), allDataReceived);
  decoder->frameCount();
  if (decoder->failed())
    return 0;
  for (size_t frame = 0; frame < decoder->frameCount(); frame++) {
    decoder->frameBufferAtIndex(frame);
    if (decoder->failed())
      return 0;
  }
  return 0;
}

}  // namespace blink

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  return blink::LLVMFuzzerTestOneInput(data, size);
}

extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
  blink::InitializeBlinkFuzzTest(argc, argv);
  return 0;
}