File: video_frame_copy_to_fuzzer.cc

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (67 lines) | stat: -rw-r--r-- 2,787 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <string>

#include "testing/libfuzzer/proto/lpm_interface.h"
#include "third_party/blink/renderer/bindings/core/v8/v8_binding_for_core.h"
#include "third_party/blink/renderer/bindings/modules/v8/v8_plane_layout.h"
#include "third_party/blink/renderer/bindings/modules/v8/v8_video_frame_copy_to_options.h"
#include "third_party/blink/renderer/core/frame/local_frame.h"
#include "third_party/blink/renderer/core/frame/settings.h"
#include "third_party/blink/renderer/core/testing/dummy_page_holder.h"
#include "third_party/blink/renderer/modules/webcodecs/fuzzer_inputs.pb.h"
#include "third_party/blink/renderer/modules/webcodecs/fuzzer_utils.h"
#include "third_party/blink/renderer/platform/bindings/exception_state.h"
#include "third_party/blink/renderer/platform/bindings/script_state.h"
#include "third_party/blink/renderer/platform/heap/persistent.h"
#include "third_party/blink/renderer/platform/testing/blink_fuzzer_test_support.h"
#include "third_party/blink/renderer/platform/testing/task_environment.h"

namespace blink {

DEFINE_TEXT_PROTO_FUZZER(const wc_fuzzer::VideoFrameCopyToCase& proto) {
  static BlinkFuzzerTestSupport test_support = BlinkFuzzerTestSupport();

  test::TaskEnvironment task_environment;
  auto page_holder = std::make_unique<DummyPageHolder>();
  page_holder->GetFrame().GetSettings()->SetScriptEnabled(true);

  ScriptState* script_state =
      ToScriptStateForMainWorld(&page_holder->GetFrame());
  ScriptState::Scope scope(script_state);

  VideoFrame* video_frame = MakeVideoFrame(script_state, proto.video_frame());
  if (!video_frame)
    return;

  VideoFrameCopyToOptions* options = VideoFrameCopyToOptions::Create();
  if (proto.copy_to().has_options()) {
    const auto& options_proto = proto.copy_to().options();
    if (options_proto.has_rect())
      options->setRect(MakeDOMRectInit(options_proto.rect()));

    if (options_proto.layout_size()) {
      HeapVector<Member<PlaneLayout>> layout{};
      for (const auto& plane_proto : options_proto.layout())
        layout.push_back(MakePlaneLayout(plane_proto));
      options->setLayout(layout);
    }
  }

  // Check allocationSize().
  video_frame->allocationSize(options, IGNORE_EXCEPTION_FOR_TESTING);

  AllowSharedBufferSource* destination =
      MakeAllowSharedBufferSource(proto.copy_to().destination()).source;
  DCHECK(destination);

  // The returned promise will be fulfilled synchronously since the source frame
  // is memory-backed.
  // TODO(sandersd): Wait for promise resolution.
  video_frame->copyTo(script_state, destination, options,
                      IGNORE_EXCEPTION_FOR_TESTING);
}

}  // namespace blink