diff --git a/projects/qcms/Dockerfile b/projects/qcms/Dockerfile index 67e7a15dd..dac61a33d 100644 --- a/projects/qcms/Dockerfile +++ b/projects/qcms/Dockerfile @@ -16,8 +16,8 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER pdknsk@gmail.com -RUN apt-get update && apt-get install -y mercurial wget -RUN hg clone https://hg.mozilla.org/mozilla-central/ firefox -RUN wget -q http://cdn.pwmon.org/oss-fuzz/qcms/fuzz_seed_corpus.zip -COPY build.sh fuzz.cc fuzz.dict $SRC/ -WORKDIR firefox/gfx/qcms +RUN apt-get update && apt-get install -y mercurial +RUN hg clone https://hg.mozilla.org/mozilla-central/ +ADD http://cdn.pwmon.org/oss-fuzz/qcms/fuzz_seed_corpus.zip $SRC/ +COPY build.sh fuzz.dict $SRC/ +WORKDIR mozilla-central/gfx/qcms diff --git a/projects/qcms/build.sh b/projects/qcms/build.sh index 33e4ce1e4..fef676baa 100644 --- a/projects/qcms/build.sh +++ b/projects/qcms/build.sh @@ -16,9 +16,8 @@ ################################################################################ # moz.build -$CC $CFLAGS \ - -DNDEBUG -msse2 -Wno-missing-field-initializers \ - -c \ +$CC $CFLAGS -c \ + -DNDEBUG -msse -msse2 -Wno-missing-field-initializers \ chain.c \ iccread.c \ matrix.c \ @@ -29,7 +28,8 @@ $CC $CFLAGS \ $CXX $CXXFLAGS -std=c++11 \ -I. *.o \ + -DBUILD_FOR_OSSFUZZ \ -lFuzzingEngine \ - $SRC/fuzz.cc -o $OUT/fuzz + fuzztest/qcms_fuzzer.cpp -o $OUT/fuzz cp $SRC/fuzz.dict $SRC/fuzz_seed_corpus.zip $OUT diff --git a/projects/qcms/fuzz.cc b/projects/qcms/fuzz.cc deleted file mode 100644 index 752dae6ad..000000000 --- a/projects/qcms/fuzz.cc +++ /dev/null @@ -1,74 +0,0 @@ -#include - -#include "qcms.h" - -static void transform(qcms_profile* src_profile, qcms_profile* dst_profile, - size_t size) { - // qcms supports GRAY and RGB profiles as input, and RGB as output. - - uint32_t src_color_space = qcms_profile_get_color_space(src_profile); - qcms_data_type src_type = size & 1 ? QCMS_DATA_RGBA_8 : QCMS_DATA_RGB_8; - if (src_color_space == icSigGrayData) - src_type = size & 1 ? QCMS_DATA_GRAYA_8 : QCMS_DATA_GRAY_8; - else if (src_color_space != icSigRgbData) - return; - - uint32_t dst_color_space = qcms_profile_get_color_space(dst_profile); - if (dst_color_space != icSigRgbData) - return; - qcms_data_type dst_type = size & 2 ? QCMS_DATA_RGBA_8 : QCMS_DATA_RGB_8; - - qcms_intent intent = qcms_profile_get_rendering_intent(src_profile); - // Firefox calls this on the display profile to increase performance. - // Skip with low probability to increase coverage. - if (size % 0x10) - qcms_profile_precache_output_transform(dst_profile); - - qcms_transform* transform = qcms_transform_create( - src_profile, src_type, dst_profile, dst_type, intent); - if (!transform) - return; - - static uint8_t src[] = { - 0x7F, 0x7F, 0x7F, 0x00, 0x00, 0x7F, 0x7F, 0xFF, 0x7F, 0x10, 0x20, 0x30, - }; - static uint8_t dst[sizeof(src) * 4]; // 4x in case of GRAY to RGBA - - int src_bytes_per_pixel = 4; // QCMS_DATA_RGBA_8 - if (src_type == QCMS_DATA_RGB_8) - src_bytes_per_pixel = 3; - else if (src_type == QCMS_DATA_GRAYA_8) - src_bytes_per_pixel = 2; - else if (src_type == QCMS_DATA_GRAY_8) - src_bytes_per_pixel = 1; - - qcms_transform_data(transform, src, dst, sizeof(src) / src_bytes_per_pixel); - qcms_transform_release(transform); -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - qcms_enable_iccv4(); - - qcms_profile* profile = qcms_profile_from_memory(data, size); - if (!profile) - return 0; - - // Firefox respects this check, but ignoring it gives slightly higher - // coverage. It only checks part of the profile for reasonable values, - // to not render output caused by likely broken profiles. - if (qcms_profile_is_bogus(profile)) {}; - - qcms_profile* srgb_profile = qcms_profile_sRGB(); - if (!srgb_profile) { - qcms_profile_release(profile); - return 0; - } - - transform(profile, srgb_profile, size); - transform(srgb_profile, profile, size); - - qcms_profile_release(profile); - qcms_profile_release(srgb_profile); - - return 0; -}