File: color_transform_fuzzer.cc

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (92 lines) | stat: -rw-r--r-- 2,808 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/354829279): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include <stddef.h>
#include <stdint.h>
#include <random>

#include "base/at_exit.h"
#include "base/logging.h"
#include "ui/gfx/color_space.h"
#include "ui/gfx/color_transform.h"
#include "ui/gfx/icc_profile.h"

static constexpr size_t kPixels = 256;

static gfx::ColorTransform::TriStim pixels[kPixels];

static void GeneratePixels(size_t hash) {
  static std::uniform_real_distribution<float> uniform(-0.1f, 1.1f);

  std::mt19937_64 random(hash);
  for (size_t i = 0; i < kPixels; ++i)
    pixels[i].SetPoint(uniform(random), uniform(random), uniform(random));
}

static gfx::ColorSpace test;
static gfx::ColorSpace srgb;

static void ColorTransform(size_t hash) {
  const gfx::ColorTransform::Options options;

  std::unique_ptr<gfx::ColorTransform> transform;
  if (hash & 2) {
    transform = gfx::ColorTransform::NewColorTransform(test, srgb, options);
  } else {
    transform = gfx::ColorTransform::NewColorTransform(srgb, test, options);
  }

  transform->Transform(pixels, kPixels);
}

static gfx::ColorSpace CreateRGBColorSpace(size_t hash) {
  auto primaries = static_cast<gfx::ColorSpace::PrimaryID>(
      1 + ((hash >> 0) % (size_t)gfx::ColorSpace::PrimaryID::kMaxValue));
  auto transfer = static_cast<gfx::ColorSpace::TransferID>(
      1 + ((hash >> 8) % (size_t)gfx::ColorSpace::TransferID::kMaxValue));
  auto matrix = static_cast<gfx::ColorSpace::MatrixID>(
      1 + ((hash >> 16) % (size_t)gfx::ColorSpace::MatrixID::kMaxValue));
  auto range = static_cast<gfx::ColorSpace::RangeID>(
      1 + ((hash >> 24) % (size_t)gfx::ColorSpace::RangeID::kMaxValue));

  return gfx::ColorSpace(primaries, transfer, matrix, range);
}

inline size_t Hash(const char* data, size_t size, size_t hash = ~0) {
  for (size_t i = 0; i < size; ++i)
    hash = hash * 131 + *data++;
  return hash;
}

struct Environment {
  Environment() { logging::SetMinLogLevel(logging::LOGGING_FATAL); }
};

Environment* environment = new Environment();

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  base::AtExitManager at_exit;

  constexpr size_t kSizeLimit = 4 * 1024 * 1024;
  if (size < 128 || size > kSizeLimit)
    return 0;

  gfx::ICCProfile profile =
      gfx::ICCProfile::FromData(reinterpret_cast<const char*>(data), size);
  if (!profile.GetColorSpace().IsValid())
    return 0;
  test = profile.GetColorSpace();

  const size_t hash = Hash(reinterpret_cast<const char*>(data), size);
  srgb = CreateRGBColorSpace(hash);
  GeneratePixels(hash);

  ColorTransform(hash);
  return 0;
}