Fuzzers for gdk-pixbuf and potential OSS-Fuzz integration

Hello gdk-pixbuf developers and contributors,

I am a Software Engineering Intern at Google, working with the Third Party Security (TPS) team. As part of my internship I am working on fuzzing GNOME libraries and gdk-pixbuf is one of the libraries that we have picked for this work.

In a nutshell, fuzzing (or fuzz testing) is an automated software testing technique that involves passing invalid, unexpected or random inputs to a program and monitoring the behavior of the program for exceptions, failing assertions or potential memory leaks/overflows. Fuzzers are a reasonable complement to classical software testing techniques as they (1) are easy to write, (2) can test small parts of code, and (3) can look for new bugs and vulnerabilities.

This MR includes fuzzers (fuzzing) that cover most of the functions that are tested by the existing test suite of this project. It also comes with a corpus directory (seed_corpus) that contains a set of inputs that serve as starting points for the fuzzers.

We would like to integrate these fuzzers with OSS-Fuzz as well. OSS-Fuzz is a free fuzzing infrastructure you can use to identify security vulnerabilities and stability bugs in your project. My host in Google has previously reached out to you about OSS-Fuzz integration - you can find more information about OSS-Fuzz here. The only thing we need from you is an email address to report the crashes to.

We are hoping to hear from you and looking forward to collaborating with you on this effort.

Thanks!

Ceyhun