BUG=skia:
Change-Id: Ie7d4fac3024b361a281f456fec2b3a837e2bfe43
Reviewed-on: https://skia-review.googlesource.com/6881
Commit-Queue: Mike Reed <reed@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
Make the fuzzRange not crash if min == max, just set n to be min.
BUG=skia:
Change-Id: I138cefbec9b408d3b35e4258d770e6b396af0e5f
Reviewed-on: https://skia-review.googlesource.com/5305
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
We use this approach instead of T next() because different compilers
evaluate function parameters in different orders. If fuzz->next()
returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
By requiring params to be passed in, we avoid the temptation to call
next() in a way that does not consume fuzzed bytes in a single
platform-independent order.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4392
Change-Id: I35de849f82e8be45378f662a48100eb732fa8895
Reviewed-on: https://skia-review.googlesource.com/4392
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
signalBoring() no longer exists. When the fuzzer runs out of randomness,
it just returns 0. Fuzzers should not go into infinite loops if this
happens. do while loops are particularly error-prone.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=3963
Change-Id: Iebcfc14cc6b0a19c5dd015cd39875c81fa44003e
Reviewed-on: https://skia-review.googlesource.com/3963
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@chromium.org>
With the move from SkData::NewXXX to SkData::MakeXXX most
SkAutoTUnref<SkData> were changed to sk_sp<SkData>. However,
there are still a few SkAutoTUnref<SkData> around, so clean
them up.
Review-Url: https://codereview.chromium.org/2212493002
Instead of a single ASSERT macro, this switches to two new methods:
- signalBug(): tell afl-fuzz there's a bug caused by its inputs (by crashing)
- signalBoring(): tell afl-fuzz these inputs are not worth testing (by exiting gracefully)
I'm not seeing any effect on fuzz/s when I just always log verbosely.
signalBug() now triggers SIGSEGV rather than SIGABRT. This should make it work with catchsegv more easily.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1585353002
Review URL: https://codereview.chromium.org/1585353002
Try to start faster:
- remove flags dependency
- print nothing
- strip unused symbols from the binary on Mac (smaller binary)
- only create one fuzz object
- only run one DEF_FUZZ
I am not sure if any of these things mattered, but I thought you may like to look.
Good stuff:
- make nextU() / nextF() work
- drop nextURange() / nextFRange() for now
- add nextB() for a single byte
As you may have guessed, I have figured out how to use afl-fuzz on my laptop.
Syntax to run becomes:
$ afl-fuzz ... out/Release/fuzz <DEF_FUZZ name> @@
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search2?unt=true&query=source_type%3Dgm&master=false&issue=1581203003
Review URL: https://codereview.chromium.org/1581203003
