-
Dale Curtis authored
This fuzzer works similarly to the other WebCodecs fuzzers except for corpus generation. The gist is that a protobuf structure for a sequence of ImageDecoder operations is defined and the fuzzer mutates both the number and contents of each operation. Corpus generation differs from the static corpus used by the other WebCodecs fuzzers. The image decoder fuzzer takes a base textproto with unfilled "type" and "data" fields, then fills in those fields using test data files from web_tests/images/resources. Since these are somewhat large image files, the corpus is written out in binary proto form. The generated corpus is ~12mb. Generating the corpus in this way ensures that the interaction of the API with various image types and lengths is well covered by the capabilities accessible to the fuzzer. Bug: 1166925 Test: Locally fuzzer runs fine with the corpus. Change-Id: Ie3d18911d235b184256dec6eac48e64fdd69c9c4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2630590 Commit-Queue: Dale Curtis <dalecurtis@chromium.org> Reviewed-by:
Jeremy Roman <jbroman@chromium.org> Reviewed-by:
Jonathan Metzman <metzman@chromium.org> Reviewed-by:
Chrome Cunningham <chcunningham@chromium.org> Cr-Commit-Position: refs/heads/master@{#844241}
027e4e40
