File: color_transform_fuzzer.cc

package info (click to toggle)
chromium-browser 70.0.3538.110-1~deb9u1
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 1,619,476 kB
  • sloc: cpp: 13,024,755; ansic: 1,349,823; python: 916,672; xml: 314,489; java: 280,047; asm: 276,936; perl: 75,771; objc: 66,634; sh: 45,860; cs: 28,354; php: 11,064; makefile: 10,911; yacc: 9,109; tcl: 8,403; ruby: 4,065; lex: 1,779; pascal: 1,411; lisp: 1,055; awk: 41; jsp: 39; sed: 17; sql: 3
file content (86 lines) | stat: -rw-r--r-- 2,668 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
// Copyright (c) 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <stddef.h>
#include <stdint.h>
#include <random>

#include "base/at_exit.h"
#include "ui/gfx/color_space.h"
#include "ui/gfx/color_transform.h"
#include "ui/gfx/icc_profile.h"

static constexpr size_t kPixels = 256;

static gfx::ColorTransform::TriStim pixels[kPixels];

static void GeneratePixels(size_t hash) {
  static std::uniform_real_distribution<float> uniform(-0.1f, 1.1f);

  std::mt19937_64 random(hash);
  for (size_t i = 0; i < kPixels; ++i)
    pixels[i].SetPoint(uniform(random), uniform(random), uniform(random));
}

static gfx::ColorSpace test;
static gfx::ColorSpace srgb;

static void ColorTransform(size_t hash) {
  const auto kIntent = static_cast<gfx::ColorTransform::Intent>(hash & 1);

  std::unique_ptr<gfx::ColorTransform> transform;
  if (hash & 2) {
    transform = gfx::ColorTransform::NewColorTransform(test, srgb, kIntent);
  } else {
    transform = gfx::ColorTransform::NewColorTransform(srgb, test, kIntent);
  }

  transform->Transform(pixels, kPixels);
}

static gfx::ColorSpace CreateRGBColorSpace(size_t hash) {
  auto primaries = static_cast<gfx::ColorSpace::PrimaryID>(
      1 + ((hash >> 0) % (size_t)gfx::ColorSpace::PrimaryID::LAST));
  auto transfer = static_cast<gfx::ColorSpace::TransferID>(
      1 + ((hash >> 8) % (size_t)gfx::ColorSpace::TransferID::LAST));
  auto matrix = static_cast<gfx::ColorSpace::MatrixID>(
      1 + ((hash >> 16) % (size_t)gfx::ColorSpace::MatrixID::LAST));
  auto range = static_cast<gfx::ColorSpace::RangeID>(
      1 + ((hash >> 24) % (size_t)gfx::ColorSpace::RangeID::LAST));

  return gfx::ColorSpace(primaries, transfer, matrix, range);
}

inline size_t Hash(const char* data, size_t size, size_t hash = ~0) {
  for (size_t i = 0; i < size; ++i)
    hash = hash * 131 + *data++;
  return hash;
}

struct Environment {
  Environment() { logging::SetMinLogLevel(logging::LOG_FATAL); }
};

Environment* environment = new Environment();

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  base::AtExitManager at_exit;

  constexpr size_t kSizeLimit = 4 * 1024 * 1024;
  if (size < 128 || size > kSizeLimit)
    return 0;

  gfx::ICCProfile profile =
      gfx::ICCProfile::FromData(reinterpret_cast<const char*>(data), size);
  if (!profile.GetColorSpace().IsValid())
    return 0;
  test = profile.GetColorSpace();

  const size_t hash = Hash(reinterpret_cast<const char*>(data), size);
  srgb = CreateRGBColorSpace(hash);
  GeneratePixels(hash);

  ColorTransform(hash);
  return 0;
}