Add ICC fuzzer
BUG=skia:5404
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=2047353003
Review-Url: https://codereview.chromium.org/2047353003
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 326b942..853b5e0 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -23,7 +23,7 @@
DEFINE_string2(bytes, b, "", "A path to a file. This can be the fuzz bytes or a binary to parse.");
DEFINE_string2(name, n, "", "If --type is 'api', fuzz the API with this name.");
-DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', or 'api'.");
+DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', 'icc', or 'api'.");
DEFINE_string2(dump, d, "", "If not empty, dump 'image*' or 'skp' types as a PNG with this name.");
static int printUsage(const char* name) {
@@ -35,6 +35,7 @@
static int fuzz_api(SkData*);
static int fuzz_img(SkData*, uint8_t, uint8_t);
static int fuzz_skp(SkData*);
+static int fuzz_icc(SkData*);
int main(int argc, char** argv) {
SkCommandLineFlags::Parse(argc, argv);
@@ -53,6 +54,9 @@
case 'a': return fuzz_api(bytes);
case 'i':
+ if (FLAGS_type[0][1] == 'c') { //icc
+ return fuzz_icc(bytes);
+ }
// We only allow one degree of freedom to avoid a search space explosion for afl-fuzz.
if (FLAGS_type[0][6] == 's') { // image_scale
return fuzz_img(bytes, option, 0);
@@ -372,6 +376,16 @@
return 0;
}
+int fuzz_icc(SkData* bytes) {
+ sk_sp<SkColorSpace> space(SkColorSpace::NewICC(bytes->data(), bytes->size()));
+ if (!space) {
+ SkDebugf("[terminated] Couldn't decode ICC.\n");
+ return 1;
+ }
+ SkDebugf("[terminated] Success! Decoded ICC.\n");
+ return 0;
+}
+
Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {}
void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }