Don't allow WebCodecs fuzzers to fuzz if creation aborts.

A review of similar Blink classes shows we should be returning nullptr
during the ::Create() method if there are exceptions. I've updated the
fuzzers to handle a null return value here now.

Fixed: 1167511, 1167532, 1167534
Change-Id: Idbbfaeac2e93eb1f4b8f02ad880724ac5454eac4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2638397
Commit-Queue: Dale Curtis <dalecurtis@chromium.org>
Auto-Submit: Dale Curtis <dalecurtis@chromium.org>
Reviewed-by: Dan Sanders <sandersd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#844991}

third_party/blink/renderer/modules/webcodecs/audio_decoder.cc

@@ -100,8 +100,9 @@ int AudioDecoderTraits::GetMaxDecodeRequests(const MediaDecoderType& decoder) {
 AudioDecoder* AudioDecoder::Create(ScriptState* script_state,
                                    const AudioDecoderInit* init,
                                    ExceptionState& exception_state) {
-  return MakeGarbageCollected<AudioDecoder>(script_state, init,
-                                            exception_state);
+  auto* result =
+      MakeGarbageCollected<AudioDecoder>(script_state, init, exception_state);
+  return exception_state.HadException() ? nullptr : result;
 }
 
 // static

third_party/blink/renderer/modules/webcodecs/audio_decoder_fuzzer.cc

@@ -70,6 +70,7 @@ DEFINE_TEXT_PROTO_FUZZER(
     Persistent<AudioDecoder> audio_decoder = AudioDecoder::Create(
         script_state, audio_decoder_init, IGNORE_EXCEPTION_FOR_TESTING);
 
+    if (audio_decoder) {
       for (auto& invocation : proto.invocations()) {
         switch (invocation.Api_case()) {
           case wc_fuzzer::AudioDecoderApiInvocation::kConfigure:
@@ -102,6 +103,7 @@ DEFINE_TEXT_PROTO_FUZZER(
         base::RunLoop().RunUntilIdle();
       }
     }
+  }
 
   // Request a V8 GC. Oilpan will be invoked by the GC epilogue.
   //

third_party/blink/renderer/modules/webcodecs/audio_encoder.cc

@@ -23,8 +23,9 @@ const char* AudioEncoderTraits::GetNameForDevTools() {
 AudioEncoder* AudioEncoder::Create(ScriptState* script_state,
                                    const AudioEncoderInit* init,
                                    ExceptionState& exception_state) {
-  return MakeGarbageCollected<AudioEncoder>(script_state, init,
-                                            exception_state);
+  auto* result =
+      MakeGarbageCollected<AudioEncoder>(script_state, init, exception_state);
+  return exception_state.HadException() ? nullptr : result;
 }
 
 AudioEncoder::AudioEncoder(ScriptState* script_state,

third_party/blink/renderer/modules/webcodecs/image_decoder_external.cc

@@ -33,8 +33,9 @@ ImageDecoderExternal* ImageDecoderExternal::Create(
     ScriptState* script_state,
     const ImageDecoderInit* init,
     ExceptionState& exception_state) {
-  return MakeGarbageCollected<ImageDecoderExternal>(script_state, init,
+  auto* result = MakeGarbageCollected<ImageDecoderExternal>(script_state, init,
                                                             exception_state);
+  return exception_state.HadException() ? nullptr : result;
 }
 
 ImageDecoderExternal::DecodeRequest::DecodeRequest(

third_party/blink/renderer/modules/webcodecs/image_decoder_external_test.cc

@@ -89,7 +89,7 @@ TEST_F(ImageDecoderTest, DecodeEmpty) {
       DOMArrayBuffer::Create(SharedBuffer::Create())));
   auto* decoder = ImageDecoderExternal::Create(v8_scope.GetScriptState(), init,
                                                v8_scope.GetExceptionState());
-  EXPECT_TRUE(decoder);
+  EXPECT_FALSE(decoder);
   EXPECT_TRUE(v8_scope.GetExceptionState().HadException());
 }
 
@@ -108,7 +108,7 @@ TEST_F(ImageDecoderTest, DecodeNeuteredAtConstruction) {
 
   auto* decoder = ImageDecoderExternal::Create(v8_scope.GetScriptState(), init,
                                                v8_scope.GetExceptionState());
-  EXPECT_TRUE(decoder);
+  EXPECT_FALSE(decoder);
   EXPECT_TRUE(v8_scope.GetExceptionState().HadException());
 }
 
@@ -150,7 +150,7 @@ TEST_F(ImageDecoderTest, DecodeUnsupported) {
   EXPECT_FALSE(ImageDecoderExternal::canDecodeType(kImageType));
   auto* decoder =
       CreateDecoder(&v8_scope, "images/resources/test.svg", kImageType);
-  EXPECT_TRUE(decoder);
+  EXPECT_FALSE(decoder);
   EXPECT_TRUE(v8_scope.GetExceptionState().HadException());
 }
 

third_party/blink/renderer/modules/webcodecs/image_decoder_fuzzer.cc

@@ -125,6 +125,7 @@ DEFINE_BINARY_PROTO_FUZZER(
         ImageDecoderExternal::Create(script_state, image_decoder_init,
                                      IGNORE_EXCEPTION_FOR_TESTING);
 
+    if (image_decoder) {
       // Promises will be fulfilled synchronously since we're using an array
       // buffer based source.
       for (auto& invocation : proto.invocations()) {
@@ -147,11 +148,12 @@ DEFINE_BINARY_PROTO_FUZZER(
 
         // Give other tasks a chance to run (e.g. calling our output callback).
         base::RunLoop().RunUntilIdle();
+      }
+    }
 
     // TODO(crbug.com/1166925): Push the same image data incrementally into
     // the fuzzer via a ReadableSource.
   }
-  }
 
   // Request a V8 GC. Oilpan will be invoked by the GC epilogue.
   //

third_party/blink/renderer/modules/webcodecs/video_decoder.cc

@@ -213,8 +213,9 @@ int VideoDecoderTraits::GetMaxDecodeRequests(const MediaDecoderType& decoder) {
 VideoDecoder* VideoDecoder::Create(ScriptState* script_state,
                                    const VideoDecoderInit* init,
                                    ExceptionState& exception_state) {
-  return MakeGarbageCollected<VideoDecoder>(script_state, init,
-                                            exception_state);
+  auto* result =
+      MakeGarbageCollected<VideoDecoder>(script_state, init, exception_state);
+  return exception_state.HadException() ? nullptr : result;
 }
 
 // static

third_party/blink/renderer/modules/webcodecs/video_decoder_fuzzer.cc

@@ -70,6 +70,7 @@ DEFINE_TEXT_PROTO_FUZZER(
     Persistent<VideoDecoder> video_decoder = VideoDecoder::Create(
         script_state, video_decoder_init, IGNORE_EXCEPTION_FOR_TESTING);
 
+    if (video_decoder) {
       for (auto& invocation : proto.invocations()) {
         switch (invocation.Api_case()) {
           case wc_fuzzer::VideoDecoderApiInvocation::kConfigure:
@@ -102,6 +103,7 @@ DEFINE_TEXT_PROTO_FUZZER(
         base::RunLoop().RunUntilIdle();
       }
     }
+  }
 
   // Request a V8 GC. Oilpan will be invoked by the GC epilogue.
   //

third_party/blink/renderer/modules/webcodecs/video_encoder.cc

@@ -185,8 +185,9 @@ const char* VideoEncoderTraits::GetNameForDevTools() {
 VideoEncoder* VideoEncoder::Create(ScriptState* script_state,
                                    const VideoEncoderInit* init,
                                    ExceptionState& exception_state) {
-  return MakeGarbageCollected<VideoEncoder>(script_state, init,
-                                            exception_state);
+  auto* result =
+      MakeGarbageCollected<VideoEncoder>(script_state, init, exception_state);
+  return exception_state.HadException() ? nullptr : result;
 }
 
 VideoEncoder::VideoEncoder(ScriptState* script_state,

third_party/blink/renderer/modules/webcodecs/video_encoder_fuzzer.cc

@@ -77,6 +77,7 @@ DEFINE_TEXT_PROTO_FUZZER(
     Persistent<VideoEncoder> video_encoder = VideoEncoder::Create(
         script_state, video_encoder_init, IGNORE_EXCEPTION_FOR_TESTING);
 
+    if (video_encoder) {
       for (auto& invocation : proto.invocations()) {
         switch (invocation.Api_case()) {
           case wc_fuzzer::VideoEncoderApiInvocation::kConfigure:
@@ -118,6 +119,7 @@ DEFINE_TEXT_PROTO_FUZZER(
         base::RunLoop().RunUntilIdle();
       }
     }
+  }
 
   // Request a V8 GC. Oilpan will be invoked by the GC epilogue.
   //