Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / a839fc0b63bd68682dcf51abc77078bfea48c1a1^! / .
commita839fc0b63bd68682dcf51abc77078bfea48c1a1[log] [tgz]
authorHerb Derby <herb@google.com>Thu Mar 16 12:30:43 2017 -0400
committerSkia Commit-Bot <skia-commit-bot@chromium.org>Thu Mar 16 19:25:57 2017 +0000
tree6eaac467ec4f0cdf7fe9b5703bd19bc2e8021c62
parentfd47ca5cea3be4a3a8336a7c54e6e2775b041335 [diff]
Add Chromium's fuzz_fileter_fuzz to skia.

Move the fuzzer in
chromium/src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc
to Skia's fuzzer.

I recommend removing filter_fuzz_stub from chromium and only
using Skia's fuzzer.

BUG=chromium:700836

Change-Id: Ibab1a9b696e54a3042ee61f5524d196c12df2888
Reviewed-on: https://skia-review.googlesource.com/9802
Commit-Queue: Herb Derby <herb@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index ea385ad..d156680 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp

@@ -10,11 +10,14 @@
 #include "SkCodec.h"
 #include "SkCommandLineFlags.h"
 #include "SkData.h"
+#include "SkFlattenableSerialization.h"
 #include "SkImage.h"
 #include "SkImageEncoder.h"
+#include "SkImageFilter.h"
 #include "SkMallocPixelRef.h"
 #include "SkOSFile.h"
 #include "SkOSPath.h"
+#include "SkPaint.h"
 #include "SkPath.h"
 #include "SkPicture.h"
 #include "SkRegion.h"
@@ -55,6 +58,8 @@
 static void fuzz_path_deserialize(sk_sp<SkData>);
 static void fuzz_region_deserialize(sk_sp<SkData>);
 static void fuzz_skp(sk_sp<SkData>);
+static void fuzz_filter_fuzz(sk_sp<SkData>);
+
 #if SK_SUPPORT_GPU
 static void fuzz_sksl2glsl(sk_sp<SkData>);
 #endif
@@ -122,6 +127,10 @@
             fuzz_skp(bytes);
             return 0;
         }
+        if (0 == strcmp("filter_fuzz", FLAGS_type[0])) {
+            fuzz_filter_fuzz(bytes);
+            return 0;
+        }
 #if SK_SUPPORT_GPU
         if (0 == strcmp("sksl2glsl", FLAGS_type[0])) {
             fuzz_sksl2glsl(bytes);
@@ -512,6 +521,40 @@
     SkDebugf("[terminated] Success! Initialized SkRegion.\n");
 }
 
+static void fuzz_filter_fuzz(sk_sp<SkData> bytes) {
+
+    const int BitmapSize = 24;
+    SkBitmap bitmap;
+    bitmap.allocN32Pixels(BitmapSize, BitmapSize);
+    SkCanvas canvas(bitmap);
+    canvas.clear(0x00000000);
+
+    sk_sp<SkImageFilter> flattenable = SkValidatingDeserializeImageFilter(
+        bytes->data(), bytes->size());
+
+    // Adding some info, but the test passed if we got here without any trouble
+    if (flattenable != NULL) {
+        SkDebugf("Valid stream detected.\n");
+        // Let's see if using the filters can cause any trouble...
+        SkPaint paint;
+        paint.setImageFilter(flattenable);
+        canvas.save();
+        canvas.clipRect(SkRect::MakeXYWH(
+            0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize)));
+
+        // This call shouldn't crash or cause ASAN to flag any memory issues
+        // If nothing bad happens within this call, everything is fine
+        canvas.drawBitmap(bitmap, 0, 0, &paint);
+
+        SkDebugf("Filter DAG rendered successfully\n");
+        canvas.restore();
+    } else {
+        SkDebugf("Invalid stream detected.\n");
+    }
+
+    SkDebugf("[terminated] Done\n");
+}
+
 #if SK_SUPPORT_GPU
 static void fuzz_sksl2glsl(sk_sp<SkData> bytes) {
     SkSL::Compiler compiler;