I have a data set of color profiles (~1500).  Analysis of them provides a dict of token terms we can use for guiding LLVM fuzzing.

https://codereview.chromium.org/2788393003

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7e5e257471e768f38f03163d6e0e3780e7c11211

commit 7e5e257471e768f38f03163d6e0e3780e7c11211
Author: noel <noel@chromium.org>
Date: Tue Apr 04 01:31:29 2017

Add color profile testing/libfuzzer/fuzzers/dicts/icc.dict

Add a dictionary of token symbols for ICC color profiles to be
used to guide LLVM fuzzing of profiles and transforms.

BUG= 708016 

Review-Url: https://codereview.chromium.org/2788393003
Cr-Commit-Position: refs/heads/master@{#461603}

[add] https://crrev.com/7e5e257471e768f38f03163d6e0e3780e7c11211/testing/libfuzzer/fuzzers/dicts/icc.dict

First target is Skia. created a directory in the Clusterfuzz Corpus GCS Bucket [1] and upload 100 seed ICC color profiles there.

[1] clusterfuzz-corpus/libfuzzer/skia_color_space_fuzzer

#3 is done.  Next add an LLVM fuzzer for Skia color spaces and color transforms, patch uploaded https://codereview.chromium.org/2797473003

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/373b1ecb464977173aa74566bb6f672be10df687

commit 373b1ecb464977173aa74566bb6f672be10df687
Author: noel <noel@chromium.org>
Date: Mon Apr 10 00:24:20 2017

Add LLVM fuzzer: Skia color space and color transform

Add common color profile data file color_space_data.h, which
is a separate file so it can be included in other fuzzers.

Add fuzzer that reads test input and creates a color profile
from it (or bails if not). Given that profile |test|, create
another profile |srgb| used to transform colors to/from when
running the color transform fuzzer test stage.

Speed: achieves ~1100 execs/s on Mac Air and 1900 execs/s on
my Mac Pro. Seed corpus of ICC color profiles for the fuzzer
uploaded to the skia_color_space_fuzzer GCS bucket.

Set max_len to 4Meg (color profiles can be large and this is
the limit that Chrome accepts), and use the ICC profile dict
added in http://crrev.com/461603

BUG= 708016 

Review-Url: https://codereview.chromium.org/2797473003
Cr-Commit-Position: refs/heads/master@{#463156}

[modify] https://crrev.com/373b1ecb464977173aa74566bb6f672be10df687/testing/libfuzzer/fuzzers/BUILD.gn
[add] https://crrev.com/373b1ecb464977173aa74566bb6f672be10df687/testing/libfuzzer/fuzzers/color_space_data.h
[add] https://crrev.com/373b1ecb464977173aa74566bb6f672be10df687/testing/libfuzzer/fuzzers/skia_color_space_fuzzer.cc

Next target is QCMS: created a directory in the Clusterfuzz Corpus GCS Bucket [1] and uploaded 100 seed ICC color profiles there.

[1] clusterfuzz-corpus/libfuzzer/qcms_color_space_fuzzer

See also  issue 708145  and  issue 708143 .

#6 is done.  Next add an LLVM fuzzer for QCMS color spaces and color transforms, patch uploaded https://codereview.chromium.org/2807083002/

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6997c5c92f9e46e7834fa539b360991ac71e2e01

commit 6997c5c92f9e46e7834fa539b360991ac71e2e01
Author: noel <noel@chromium.org>
Date: Thu Apr 13 14:12:18 2017

Add LLVM fuzzer: QCMS color space and color transform

Add fuzzer that reads test input and creates a color profile
from it (or bails if not). Given that profile |test|, create
another profile |srgb| used to transform colors to/from when
running the color transform fuzzer test stage.

Test ICC version 2 profiles only since ICC version 4 support
in QCMS is not enabled in Chrome.

Add third_party/qcms/DEPS: allows qcms_color_space_fuzzer to
use //base and //testing code.

Speed: achieves ~2300 execs/s on Mac Air. Seed corpus of ICC
profiles uploaded to qcms_color_space_fuzzer GCS bucket.

Set max_len to 4Meg (color profiles can be large and this is
the limit that Chrome accepts), and use the ICC profile dict
added in http://crrev.com/461603

TBR=inferno@chromium.org
BUG= 708016 

Review-Url: https://codereview.chromium.org/2807083002
Cr-Commit-Position: refs/heads/master@{#464398}

[modify] https://crrev.com/6997c5c92f9e46e7834fa539b360991ac71e2e01/BUILD.gn
[modify] https://crrev.com/6997c5c92f9e46e7834fa539b360991ac71e2e01/third_party/qcms/BUILD.gn
[add] https://crrev.com/6997c5c92f9e46e7834fa539b360991ac71e2e01/third_party/qcms/DEPS
[add] https://crrev.com/6997c5c92f9e46e7834fa539b360991ac71e2e01/third_party/qcms/qcms_color_space_fuzzer.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cc0dfe7a79eb32d54260237cc3b3bec48ef769da

commit cc0dfe7a79eb32d54260237cc3b3bec48ef769da
Author: noel <noel@chromium.org>
Date: Wed Apr 19 02:57:10 2017

Skia color space fuzzer: use a locally defined Hash function

Following http://crrev.com/464398, define an in-situ hash to
remove the dependency on base::StringPieceHash.

BUG= 708016 

Review-Url: https://codereview.chromium.org/2827573003
Cr-Commit-Position: refs/heads/master@{#465477}

[modify] https://crrev.com/cc0dfe7a79eb32d54260237cc3b3bec48ef769da/testing/libfuzzer/fuzzers/skia_color_space_fuzzer.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f9e2b22cbc43317c3a84bb84d3c312543e8493f1

commit f9e2b22cbc43317c3a84bb84d3c312543e8493f1
Author: Noel Gordon <noel@chromium.org>
Date: Mon Jul 17 05:34:39 2017

Skia color space fuzzer: mix input and output color transform formats

The fuzzer color transform had the same input and output pixel color
format in each run. In this change, create a mix of input and output
color formats to add extra fuzz.

Tbr: mmoroz@chromium.org
Bug:  708016 
Change-Id: I520eafad1959ae2d8688b156e24006718aaf4b0c
Reviewed-on: https://chromium-review.googlesource.com/572890
Reviewed-by: Noel Gordon <noel@chromium.org>
Commit-Queue: Noel Gordon <noel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487026}
[modify] https://crrev.com/f9e2b22cbc43317c3a84bb84d3c312543e8493f1/testing/libfuzzer/fuzzers/skia_color_space_fuzzer.cc