summaryrefslogtreecommitdiffstats
path: root/gfx/qcms/fuzz
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /gfx/qcms/fuzz
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'gfx/qcms/fuzz')
-rw-r--r--gfx/qcms/fuzz/.gitignore4
-rw-r--r--gfx/qcms/fuzz/Cargo.lock47
-rw-r--r--gfx/qcms/fuzz/Cargo.toml28
-rw-r--r--gfx/qcms/fuzz/fuzz_targets/fuzz_target_qcms.rs95
-rw-r--r--gfx/qcms/fuzz/qcms_fuzzer.dict26
-rw-r--r--gfx/qcms/fuzz/samples/0220-ca351238d719fd07ef8607d326b398fe.iccbin0 -> 220 bytes
-rw-r--r--gfx/qcms/fuzz/samples/0316-eb3f97ab646cd7b66bee80bdfe6098ac.iccbin0 -> 316 bytes
-rw-r--r--gfx/qcms/fuzz/samples/0372-973178997787ee780b4b58ee47cad683.iccbin0 -> 372 bytes
-rw-r--r--gfx/qcms/fuzz/samples/0732-80707d91aea0f8e64ef0286cc7720e99.iccbin0 -> 732 bytes
-rw-r--r--gfx/qcms/fuzz/samples/0744-0a5faafe175e682b10c590b03d3f093b.iccbin0 -> 744 bytes
-rw-r--r--gfx/qcms/fuzz/samples/1809-2bd4b77651214ca6110fdbee2502671e.iccbin0 -> 1809 bytes
11 files changed, 200 insertions, 0 deletions
diff --git a/gfx/qcms/fuzz/.gitignore b/gfx/qcms/fuzz/.gitignore
new file mode 100644
index 0000000000..572e03bdf3
--- /dev/null
+++ b/gfx/qcms/fuzz/.gitignore
@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts
diff --git a/gfx/qcms/fuzz/Cargo.lock b/gfx/qcms/fuzz/Cargo.lock
new file mode 100644
index 0000000000..bfa42bbfaf
--- /dev/null
+++ b/gfx/qcms/fuzz/Cargo.lock
@@ -0,0 +1,47 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "arbitrary"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "698b65a961a9d730fb45b6b0327e20207810c9f61ee421b082b27ba003f49e2b"
+
+[[package]]
+name = "cc"
+version = "1.0.60"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef611cc68ff783f18535d77ddd080185275713d852c4f5cbb6122c462a7a825c"
+
+[[package]]
+name = "libc"
+version = "0.2.77"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f2f96b10ec2560088a8e76961b00d47107b3a625fecb76dedb29ee7ccbf98235"
+
+[[package]]
+name = "libfuzzer-sys"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86c975d637bc2a2f99440932b731491fc34c7f785d239e38af3addd3c2fd0e46"
+dependencies = [
+ "arbitrary",
+ "cc",
+]
+
+[[package]]
+name = "qcms"
+version = "0.2.0"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "qcms-fuzz"
+version = "0.0.0"
+dependencies = [
+ "libc",
+ "libfuzzer-sys",
+ "qcms",
+]
diff --git a/gfx/qcms/fuzz/Cargo.toml b/gfx/qcms/fuzz/Cargo.toml
new file mode 100644
index 0000000000..08b93e9e36
--- /dev/null
+++ b/gfx/qcms/fuzz/Cargo.toml
@@ -0,0 +1,28 @@
+
+[package]
+name = "qcms-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+libc = "0.2"
+
+[dependencies.qcms]
+path = ".."
+features = ["c_bindings"]
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_target_qcms"
+path = "fuzz_targets/fuzz_target_qcms.rs"
+test = false
+doc = false
diff --git a/gfx/qcms/fuzz/fuzz_targets/fuzz_target_qcms.rs b/gfx/qcms/fuzz/fuzz_targets/fuzz_target_qcms.rs
new file mode 100644
index 0000000000..57cd0e2dd8
--- /dev/null
+++ b/gfx/qcms/fuzz/fuzz_targets/fuzz_target_qcms.rs
@@ -0,0 +1,95 @@
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+extern crate qcms;
+extern crate libc;
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
+
+use qcms::c_bindings::{qcms_profile, icSigRgbData, icSigCmykData, icSigGrayData, qcms_profile_is_bogus};
+use qcms::c_bindings::{qcms_profile_get_color_space, qcms_profile_get_rendering_intent, qcms_profile_from_memory, qcms_profile_release, qcms_profile_sRGB, qcms_transform_create};
+use qcms::c_bindings::{qcms_profile_precache_output_transform, qcms_transform_data, qcms_transform_release, qcms_enable_iccv4};
+
+use qcms::DataType::*;
+
+ unsafe fn transform(src_profile: *const qcms_profile, dst_profile: *mut qcms_profile, size: usize)
+ {
+ // qcms supports GRAY and RGB profiles as input, and RGB as output.
+
+ let src_color_space = qcms_profile_get_color_space(&*src_profile);
+ let mut src_type = if (size & 1) != 0 { RGBA8 } else { RGB8 };
+ if src_color_space == icSigGrayData {
+ src_type = if (size & 1) != 0 { GrayA8 } else { Gray8 };
+ } else if src_color_space == icSigCmykData {
+ src_type = CMYK;
+ } else if src_color_space != icSigRgbData {
+ return;
+ }
+
+ let dst_color_space = qcms_profile_get_color_space(&*dst_profile);
+ if dst_color_space != icSigRgbData {
+ return;
+ }
+ let dst_type = if (size & 2) != 0 { RGBA8 } else { RGB8 };
+
+ let intent = qcms_profile_get_rendering_intent(&*src_profile);
+ // Firefox calls this on the display profile to increase performance.
+ // Skip with low probability to increase coverage.
+ if (size % 15) != 0 {
+ qcms_profile_precache_output_transform(&mut *dst_profile);
+ }
+
+ let transform =
+ qcms_transform_create(&*src_profile, src_type, &*dst_profile, dst_type, intent);
+ if transform == std::ptr::null_mut() {
+ return;
+ }
+
+ const SRC_SIZE: usize = 36;
+ let src:[u8; SRC_SIZE] = [
+ 0x7F, 0x7F, 0x7F, 0x00, 0x00, 0x7F, 0x7F, 0xFF, 0x7F, 0x10, 0x20, 0x30,
+ 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xB0, 0xBF, 0xEF, 0x6F,
+ 0x3F, 0xC0, 0x9F, 0xE0, 0x90, 0xCF, 0x40, 0xAF, 0x0F, 0x01, 0x60, 0xF0,
+ ];
+ let mut dst: [u8; 36 * 4] = [0; 144]; // 4x in case of GRAY to RGBA
+
+ qcms_transform_data(&*transform, src.as_ptr() as *const libc::c_void, dst.as_mut_ptr() as *mut libc::c_void, (SRC_SIZE / src_type.bytes_per_pixel()) as usize);
+ qcms_transform_release(transform);
+ }
+
+ unsafe fn do_fuzz(data: &[u8])
+ {
+ let size = data.len();
+ qcms_enable_iccv4();
+
+ let profile = qcms_profile_from_memory(data.as_ptr() as *const libc::c_void, size);
+ if profile == std::ptr::null_mut() {
+ return;
+ }
+
+ let srgb_profile = qcms_profile_sRGB();
+ if srgb_profile == std::ptr::null_mut() {
+ qcms_profile_release(profile);
+ return;
+ }
+
+ transform(profile, srgb_profile, size);
+
+ // Firefox only checks the display (destination) profile.
+ if !qcms_profile_is_bogus(&mut *profile) {
+
+ transform(srgb_profile, profile, size);
+ let identity = qcms::Profile::new_XYZD50();
+ transform(&*identity, profile, size);
+ }
+ qcms_profile_release(profile);
+ qcms_profile_release(srgb_profile);
+
+ return;
+ }
+
+
+
+fuzz_target!(|data: &[u8]| {
+ unsafe { do_fuzz(data) }
+});
diff --git a/gfx/qcms/fuzz/qcms_fuzzer.dict b/gfx/qcms/fuzz/qcms_fuzzer.dict
new file mode 100644
index 0000000000..213193c7d1
--- /dev/null
+++ b/gfx/qcms/fuzz/qcms_fuzzer.dict
@@ -0,0 +1,26 @@
+# v2
+0x41324230="A2B0"
+0x42324130="B2A0"
+0x47524159="GRAY"
+0x4C616220="Lab "
+0x52474220="RGB "
+0x58595a20="XYZ "
+0x62545243="bTRC"
+0x6258595a="bXYZ"
+0x63686164="chad"
+0x63757276="curv"
+0x67545243="gTRC"
+0x6758595a="gXYZ"
+0x6D667431="mft1"
+0x6D667432="mft2"
+0x6b545243="kTRC"
+0x6d6e7472="mntr"
+0x72545243="rTRC"
+0x7258595a="rXYZ"
+0x73636e72="scnr"
+0x73663332="sf32"
+
+# v4
+0x6D414220="mAB "
+0x6D424120="mBA "
+0x70617261="para"
diff --git a/gfx/qcms/fuzz/samples/0220-ca351238d719fd07ef8607d326b398fe.icc b/gfx/qcms/fuzz/samples/0220-ca351238d719fd07ef8607d326b398fe.icc
new file mode 100644
index 0000000000..6dcf942ac1
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/0220-ca351238d719fd07ef8607d326b398fe.icc
Binary files differ
diff --git a/gfx/qcms/fuzz/samples/0316-eb3f97ab646cd7b66bee80bdfe6098ac.icc b/gfx/qcms/fuzz/samples/0316-eb3f97ab646cd7b66bee80bdfe6098ac.icc
new file mode 100644
index 0000000000..12b096cac0
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/0316-eb3f97ab646cd7b66bee80bdfe6098ac.icc
Binary files differ
diff --git a/gfx/qcms/fuzz/samples/0372-973178997787ee780b4b58ee47cad683.icc b/gfx/qcms/fuzz/samples/0372-973178997787ee780b4b58ee47cad683.icc
new file mode 100644
index 0000000000..2d8efe536b
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/0372-973178997787ee780b4b58ee47cad683.icc
Binary files differ
diff --git a/gfx/qcms/fuzz/samples/0732-80707d91aea0f8e64ef0286cc7720e99.icc b/gfx/qcms/fuzz/samples/0732-80707d91aea0f8e64ef0286cc7720e99.icc
new file mode 100644
index 0000000000..1626458464
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/0732-80707d91aea0f8e64ef0286cc7720e99.icc
Binary files differ
diff --git a/gfx/qcms/fuzz/samples/0744-0a5faafe175e682b10c590b03d3f093b.icc b/gfx/qcms/fuzz/samples/0744-0a5faafe175e682b10c590b03d3f093b.icc
new file mode 100644
index 0000000000..2db6991c23
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/0744-0a5faafe175e682b10c590b03d3f093b.icc
Binary files differ
diff --git a/gfx/qcms/fuzz/samples/1809-2bd4b77651214ca6110fdbee2502671e.icc b/gfx/qcms/fuzz/samples/1809-2bd4b77651214ca6110fdbee2502671e.icc
new file mode 100644
index 0000000000..c13db9b200
--- /dev/null
+++ b/gfx/qcms/fuzz/samples/1809-2bd4b77651214ca6110fdbee2502671e.icc
Binary files differ