tests/fuzzer: add picture_gaps_fuzzer#17
Closed
jortles wants to merge 1 commit into
Closed
Conversation
Adds a FuzzTest harness covering API surfaces not exercised by the
existing fuzzers in this directory:
- WebPPictureView (sub-rectangle view + encode of the view)
- WebPPictureCrop (in-place crop with caller dimensions)
- WebPPictureRescale (arbitrary target dimensions)
- WebPPictureImport{RGB,RGBA,RGBX,BGR,BGRA,BGRX} with caller-supplied
stride (over-aligned + tight strides)
- WebPDecode with output.is_external_memory = 1 (caller-supplied
output buffer + stride)
- SharpYuvConvert (libsharpyuv standalone, all bit-depth and matrix
combinations)
The existing enc_fuzzer / enc_dec_fuzzer only call WebPPictureInit /
Free; the WebPPicture* manipulation chain and the libsharpyuv standalone
API are otherwise untested. advanced_api_fuzzer always uses internal
output memory; the is_external_memory=1 decode path is also new
coverage.
Each surface is a separate FUZZ_TEST entry that takes a string_view
and parses parameters internally, mirroring huffman_fuzzer's pattern.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
tests/fuzzer: add picture_gaps_fuzzer
Adds
tests/fuzzer/picture_gaps_fuzzer.cc, a FuzzTest-style harness that targets six API surfaces not exercised by the existing fuzzers in this directory.Surfaces covered (with rationale)
WebPPictureViewenc_fuzzer.ccandenc_dec_fuzzer.cconly callWebPPictureInit/FreeWebPPictureCropWebPPictureRescaleWebPPictureImport{RGB,RGBA,RGBX,BGR,BGRA,BGRX}w/ caller strideWebPDecodew/output.is_external_memory = 1advanced_api_fuzzeralways uses internal memorySharpYuvConvert(libsharpyuv standalone)The dispatch is six independent
FUZZ_TESTentries, each accepting astd::string_viewand parsing parameters internally — same pattern ashuffman_fuzzer'sFUZZ_TEST(Huffman, HuffmanTest).WithDomains(fuzztest::String()).Files changed
tests/fuzzer/picture_gaps_fuzzer.cc— new file, ~250 lines, Apache 2.0 header (matches sibling fuzzers)tests/fuzzer/CMakeLists.txt— oneadd_webp_fuzztestline wiring the new target with thesharpyuvextra-link dependencyCoverage
Locally with AFL++ (instrumented build, ASAN),
picture_gaps_fuzzerreaches edges inWebPPicture*,SharpYuvConvert, and theis_external_memory=1decode path that the other fuzzers never hit. The fuzzer reaches steady-state coverage (≈4,700 instrumented edges) within the first hour from a 60-seed minimized corpus.Notes
webp/{decode,encode}.h,sharpyuv/sharpyuv*.h, andfuzztest/fuzztest.halready used by sibling fuzzers.FUZZ_TESTs parse parameters defensively and bound outputs withkMaxOutputBytes/kMaxDimto keep timeouts at parity with the existing fuzzers.SharpYuvTestmode exercises 8/10-bit RGB and 8/10-bit YUV combinations, including the higher-bit-depth path where the input pixel range can exceed1 << bit_depth.