Improve color_transform_fuzzer coverage |
||||
Issue descriptioncolor_transform_fuzzer needs more coverage: we could add a dict, provide a color profile corpus, etc to gain more coverage.
,
Oct 20 2017
,
Oct 20 2017
,
Oct 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/dda204753ddbe089e2abfc839ed3bff88dfef577 commit dda204753ddbe089e2abfc839ed3bff88dfef577 Author: Noel Gordon <noel@chromium.org> Date: Fri Oct 20 04:58:55 2017 color_transform_fuzzer: Add a fuzzer dict Add ICC profile fuzzer dictionary. Also increase the maximum profile size to 4M to match our other color space fuzzers [1]. [1] https://cs.chromium.org/search/?q=qcms_color_space_fuzzer https://cs.chromium.org/search/?q=skia_color_space_fuzzer Bug: 776604 Change-Id: Ifd8ad31633d003d357fc536045cd696f10ec81d6 Reviewed-on: https://chromium-review.googlesource.com/729602 Commit-Queue: Noel Gordon <noel@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#510344} [modify] https://crrev.com/dda204753ddbe089e2abfc839ed3bff88dfef577/ui/gfx/BUILD.gn
,
Oct 23 2017
Uploaded https://chromium-review.googlesource.com/c/chromium/src/+/730033 to increase color_transform_fuzzer transform coverage.
,
Oct 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/679aa7511d9a69e3cfe32e111ed75dc007c9970a commit 679aa7511d9a69e3cfe32e111ed75dc007c9970a Author: Noel Gordon <noel@chromium.org> Date: Mon Oct 23 00:19:32 2017 Increase color_transform_fuzzer transform coverage - increase the input size to 4M to match other color fuzzers - add a struct Environment to remove logging from the fuzzer - create a test profile from the data; bail if it's invalid - use the fuzz hash to choose the "other" color profile - use the test and "other" profile as either a color transform input or output color space, based on the fuzz hash - apply the color transform to a random buffer of pixels Tbr: hubbe@chromium.org Bug: 776604 Change-Id: I6b5163ef6bf735d9023d805b923bd58c30ba2472 Reviewed-on: https://chromium-review.googlesource.com/730033 Commit-Queue: Noel Gordon <noel@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Cr-Commit-Position: refs/heads/master@{#510716} [modify] https://crrev.com/679aa7511d9a69e3cfe32e111ed75dc007c9970a/ui/gfx/color_transform_fuzzer.cc
,
Oct 23 2017
Final step is to add seed color profiles to the GCE corpus. I have about 1500 color profiles and will upload those ...
,
Oct 23 2017
Actually, 3221 seed color profiles but who's counting.
,
Oct 23 2017
Uploaded seeds to libfuzzer/color_transform_fuzzer/profiles (I assume the fuzzer will read from the profiles sub-directory).
,
Oct 23 2017
,
Oct 23 2017
Nice! The proper way to upload seed corpus is to put it into color_transform_fuzzer_static directory (https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/efficient_fuzzer.md#seed-corpus) Also, it's better to minimize seed corpus before uploading (this piece is missing in the doc, I'll add it right now). I minimized the profiles you've uploaded: ./color_transform_fuzzer -merge=1 ./color_profiles_minimized ./color_profiles It produced 449 files giving the same coverage as the initial ~3K files. I uploaded those to gs://clusterfuzz-corpus/libfuzzer/color_transform_fuzzer_static/profiles/
,
Oct 24 2017
Thanks for these tips and for updating the docs. I created static directories for our other color space fuzzers https://cs.chromium.org/search/?q=qcms_color_space_fuzzer https://cs.chromium.org/search/?q=skia_color_space_fuzzer and copied the minimized color profile corpus to their /profile directory gs://clusterfuzz-corpus/libfuzzer/qcms_color_space_fuzzer_static/profiles gs://clusterfuzz-corpus/libfuzzer/skia_color_space_fuzzer_static/profiles
,
Oct 24 2017
Coverage was 8% percent when filing this issue. It has climbed to 19% with the change herein.
,
Oct 26 2017
Awesome! |
||||
►
Sign in to add a comment |
||||
Comment 1 by noel@chromium.org
, Oct 20 2017