Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / ef74fa189b738e13295d6a96f86a6e10223505a8^! / . / samplecode / SampleFilterFuzz.cpp
commitef74fa189b738e13295d6a96f86a6e10223505a8[log] [tgz]
authorcommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>Tue Dec 17 20:49:46 2013 +0000
committercommit-bot@chromium.org <commit-bot@chromium.org@2bbb7eff-a529-9590-31e7-b0007b416f81>Tue Dec 17 20:49:46 2013 +0000
tree3434cb996555b725b71a520a93c8781923bc04ec
parent7d0b6131918c1b8d458a95f6b5e79f92f958b78f [diff] [blame]
Fixed more fuzzer issues

- Added the "isAvailable" function to check how much bytes are remaining in the stream before doing potentially large mallocs. That way, we can signal a bad stream instead of crashing.
- Added data validation in SkImageInfo.cpp
- Added NULL pointer check in displacement
- Modified the fuzzer for randomized bitmap types

BUG=328934,329254
R=senorblanco@google.com, senorblanco@chromium.org, reed@google.com, sugoi@google.com

Author: sugoi@chromium.org

Review URL: https://codereview.chromium.org/116773002

git-svn-id: http://skia.googlecode.com/svn/trunk@12723 2bbb7eff-a529-9590-31e7-b0007b416f81

diff --git a/samplecode/SampleFilterFuzz.cpp b/samplecode/SampleFilterFuzz.cpp
index 06e14f0..8fa147a 100644
--- a/samplecode/SampleFilterFuzz.cpp
+++ b/samplecode/SampleFilterFuzz.cpp

@@ -111,8 +111,10 @@
 }
 
 static void make_g_bitmap(SkBitmap& bitmap) {
-    bitmap.setConfig(SkBitmap::kARGB_8888_Config, kBitmapSize, kBitmapSize);
-    bitmap.allocPixels();
+    bitmap.setConfig((SkBitmap::Config)R(SkBitmap::kConfigCount), kBitmapSize, kBitmapSize);
+    while (!bitmap.allocPixels()) {
+        bitmap.setConfig((SkBitmap::Config)R(SkBitmap::kConfigCount), kBitmapSize, kBitmapSize);
+    }
     SkBitmapDevice device(bitmap);
     SkCanvas canvas(&device);
     canvas.clear(0x00000000);
@@ -126,8 +128,10 @@
 }
 
 static void make_checkerboard_bitmap(SkBitmap& bitmap) {
-    bitmap.setConfig(SkBitmap::kARGB_8888_Config, kBitmapSize, kBitmapSize);
-    bitmap.allocPixels();
+    bitmap.setConfig((SkBitmap::Config)R(SkBitmap::kConfigCount), kBitmapSize, kBitmapSize);
+    while (!bitmap.allocPixels()) {
+        bitmap.setConfig((SkBitmap::Config)R(SkBitmap::kConfigCount), kBitmapSize, kBitmapSize);
+    }
     SkBitmapDevice device(bitmap);
     SkCanvas canvas(&device);
     canvas.clear(0x00000000);
@@ -312,18 +316,24 @@
 }
 
 static void do_fuzz(SkCanvas* canvas) {
+    SkImageFilter* filter = make_serialized_image_filter();
+
 #ifdef SK_FUZZER_IS_VERBOSE
-    static uint32_t filterId = 0;
-    if (0 == filterId) {
+    static uint32_t numFilters = 0;
+    static uint32_t numValidFilters = 0;
+    if (0 == numFilters) {
         printf("Fuzzing with %u\n", kSeed);
     }
-    printf("Filter no %u\r", filterId);
+    numFilters++;
+    if (NULL != filter) {
+        numValidFilters++;
+    }
+    printf("Filter no : %u. Valid filters so far : %u\r", numFilters, numValidFilters);
     fflush(stdout);
-    filterId++;
 #endif
 
     SkPaint paint;
-    SkSafeUnref(paint.setImageFilter(make_serialized_image_filter()));
+    SkSafeUnref(paint.setImageFilter(filter));
     drawClippedBitmap(canvas, 0, 0, paint);
 }