diff options
-rw-r--r-- | fuzz/fuzz.cpp | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 326b942bbe..853b5e0411 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -23,7 +23,7 @@ DEFINE_string2(bytes, b, "", "A path to a file. This can be the fuzz bytes or a binary to parse."); DEFINE_string2(name, n, "", "If --type is 'api', fuzz the API with this name."); -DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', or 'api'."); +DEFINE_string2(type, t, "api", "How to interpret --bytes, either 'image_scale', 'image_mode', 'skp', 'icc', or 'api'."); DEFINE_string2(dump, d, "", "If not empty, dump 'image*' or 'skp' types as a PNG with this name."); static int printUsage(const char* name) { @@ -35,6 +35,7 @@ static uint8_t calculate_option(SkData*); static int fuzz_api(SkData*); static int fuzz_img(SkData*, uint8_t, uint8_t); static int fuzz_skp(SkData*); +static int fuzz_icc(SkData*); int main(int argc, char** argv) { SkCommandLineFlags::Parse(argc, argv); @@ -53,6 +54,9 @@ int main(int argc, char** argv) { case 'a': return fuzz_api(bytes); case 'i': + if (FLAGS_type[0][1] == 'c') { //icc + return fuzz_icc(bytes); + } // We only allow one degree of freedom to avoid a search space explosion for afl-fuzz. if (FLAGS_type[0][6] == 's') { // image_scale return fuzz_img(bytes, option, 0); @@ -372,6 +376,16 @@ int fuzz_skp(SkData* bytes) { return 0; } +int fuzz_icc(SkData* bytes) { + sk_sp<SkColorSpace> space(SkColorSpace::NewICC(bytes->data(), bytes->size())); + if (!space) { + SkDebugf("[terminated] Couldn't decode ICC.\n"); + return 1; + } + SkDebugf("[terminated] Success! Decoded ICC.\n"); + return 0; +} + Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {} void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); } |