From f63c349053b491f46ed8883684329353c6255194 Mon Sep 17 00:00:00 2001 From: Leon Scroggins III Date: Wed, 13 Jan 2021 14:32:59 -0500 Subject: Improve AImageDecoder fuzzer Bug: 169137236 Bug: 169139756 Test: this (fuzzer) Extend the fuzzer to test animations. Also test a lossless webp, left out of Ib227639bf8da75f0e8e31e216bc6d1371e24cb75. Change-Id: I81d35d6fa7d560b33b6a2b5d6c1992cbdd77bc87 --- .../jni/corpus/webp-color-profile-lossless.webp | Bin 0 -> 43866 bytes native/graphics/jni/fuzz_imagedecoder.cpp | 8 +++++++- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 native/graphics/jni/corpus/webp-color-profile-lossless.webp (limited to 'native/graphics') diff --git a/native/graphics/jni/corpus/webp-color-profile-lossless.webp b/native/graphics/jni/corpus/webp-color-profile-lossless.webp new file mode 100644 index 000000000000..4fd63d5794ff Binary files /dev/null and b/native/graphics/jni/corpus/webp-color-profile-lossless.webp differ diff --git a/native/graphics/jni/fuzz_imagedecoder.cpp b/native/graphics/jni/fuzz_imagedecoder.cpp index f2cd1a8f4eb9..015aca70e4e0 100644 --- a/native/graphics/jni/fuzz_imagedecoder.cpp +++ b/native/graphics/jni/fuzz_imagedecoder.cpp @@ -73,6 +73,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } - AImageDecoder_decodeImage(decoder.get(), pixels.get(), stride, pixelSize); + while (true) { + int result = AImageDecoder_decodeImage(decoder.get(), pixels.get(), stride, pixelSize); + if (result != ANDROID_IMAGE_DECODER_SUCCESS) break; + + result = AImageDecoder_advanceFrame(decoder.get()); + if (result != ANDROID_IMAGE_DECODER_SUCCESS) break; + } return 0; } -- cgit v1.2.3-59-g8ed1b