Google Git
Sign in
chromium / chromium / src / 3e5db1a4df4d71d754e8a008cd831766b43bc425
commit3e5db1a4df4d71d754e8a008cd831766b43bc425[log] [tgz]
authorCéline O'Neil <celineo@google.com>Fri Mar 01 21:43:22 2019
committerCommit Bot <commit-bot@chromium.org>Fri Mar 01 21:43:22 2019
treebbc3b1ea6c2afe9061e6860820459233e088d59e
parentba1a0e92ca00f16d6c48e8977cd2f95b908053b4 [diff]
Fuzz multiple quads and SharedQuadState in CompositorFrame.

This CL adds the possibility of multiple SolidColorDrawQuads in the
fuzzed CompositorFrame RenderPass, and also introduces simple fuzzing
for the SharedQuadState associated with each quad.

One thing in particular to watch out for here is that a non-invertible
SharedQuadState Transform will get through message deserialization, but
likely cause DCHECKs to fail when drawing the RenderPass. I expect that
ClusterFuzz will find a few ways of triggering these checks with
different interesting values of |scale_x| and |scale_y|.

R=kylechar@chromium.org, riajiang@chromium.org

Bug: 923088
Change-Id: Ie51340c45c406d235047f6baabf24f947a51722b
Reviewed-on: https://chromium-review.googlesource.com/c/1496096
Reviewed-by: Ria Jiang <riajiang@chromium.org>
Reviewed-by: kylechar <kylechar@chromium.org>
Commit-Queue: Céline O'Neil <celineo@google.com>
Cr-Commit-Position: refs/heads/master@{#636965}
5 files changed
tree: bbc3b1ea6c2afe9061e6860820459233e088d59e
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chrome_elf/
  11. chromecast/
  12. chromeos/
  13. cloud_print/
  14. components/
  15. content/
  16. courgette/
  17. crypto/
  18. dbus/
  19. device/
  20. docs/
  21. extensions/
  22. fuchsia/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. jingle/
  32. media/
  33. mojo/
  34. native_client_sdk/
  35. net/
  36. pdf/
  37. ppapi/
  38. printing/
  39. remoting/
  40. rlz/
  41. sandbox/
  42. services/
  43. skia/
  44. sql/
  45. storage/
  46. styleguide/
  47. testing/
  48. third_party/
  49. tools/
  50. ui/
  51. url/
  52. .clang-format
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .vpython
  59. AUTHORS
  60. BUILD.gn
  61. CODE_OF_CONDUCT.md
  62. codereview.settings
  63. DEPS
  64. ENG_REVIEW_OWNERS
  65. LICENSE
  66. LICENSE.chromium_os
  67. OWNERS
  68. PRESUBMIT.py
  69. PRESUBMIT_test.py
  70. PRESUBMIT_test_mocks.py
  71. README.md
  72. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .