| Kevin Lubick | 2be14d3 | 2019-10-21 13:44:48 -0400 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2019 Google, LLC |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license that can be |
| 5 | * found in the LICENSE file. |
| 6 | */ |
| 7 | |
| 8 | #include "fuzz/Fuzz.h" |
| 9 | #include "src/core/SkDescriptor.h" |
| 10 | #include "src/core/SkScalerContext.h" |
| 11 | |
| 12 | DEF_FUZZ(SkDescriptor, fuzz) { |
| 13 | int32_t numEntries; |
| 14 | fuzz->next(&numEntries); |
| 15 | |
| 16 | // Limit this to keep the fuzz operations fast. |
| 17 | if (numEntries < 0 || numEntries > 300) { |
| 18 | return; |
| 19 | } |
| 20 | |
| 21 | size_t len = SkDescriptor::ComputeOverhead(numEntries); |
| 22 | auto desc = SkDescriptor::Alloc(len); |
| 23 | for (int32_t i = 0; i<numEntries && !fuzz->exhausted(); i++) { |
| 24 | uint32_t tag; |
| 25 | fuzz->next(&tag); |
| 26 | // Valid use of the API requires that tag is truthy and that |
| 27 | // the length is aligned to 4. If the fuzzed data doesn't conform, |
| 28 | // return to signal that this is "boring" data. |
| 29 | if (!tag) { |
| 30 | return; |
| 31 | } |
| 32 | size_t length; |
| 33 | fuzz->next(&length); |
| 34 | if (SkAlign4(length) != length) { |
| 35 | return; |
| 36 | } |
| 37 | |
| 38 | uint8_t choice; |
| 39 | fuzz->nextRange(&choice, 0, 2); |
| 40 | switch(choice) { |
| 41 | case 0: { // use nullptr |
| 42 | desc->addEntry(tag, length, nullptr); |
| 43 | break; |
| 44 | } |
| 45 | case 1: { // use SkScalerContextRec |
| 46 | SkScalerContextRec rec; |
| 47 | fuzz->next(&rec); |
| 48 | desc->addEntry(tag, sizeof(rec), &rec); |
| 49 | break; |
| 50 | } |
| 51 | case 2: { // use arbitrary data |
| 52 | if (fuzz->remaining() < length) { |
| 53 | // Can't initialize all that we requested, so bail out. |
| 54 | return; |
| 55 | } |
| 56 | uint8_t* bytes = new uint8_t[length]; |
| 57 | fuzz->nextN(bytes, length); |
| 58 | desc->addEntry(tag, length, bytes); |
| 59 | break; |
| 60 | } |
| 61 | default: { |
| 62 | SK_ABORT("Did you update the range in FuzzSkDescriptor?"); |
| 63 | } |
| 64 | } |
| 65 | } |
| 66 | |
| 67 | // Exercise the API to make sure we don't step out of bounds, etc. |
| 68 | |
| 69 | desc->computeChecksum(); |
| 70 | desc->isValid(); |
| 71 | |
| 72 | uint32_t tagToFind; |
| 73 | fuzz->next(&tagToFind); |
| 74 | |
| 75 | uint32_t ignore; |
| 76 | desc->findEntry(tagToFind, &ignore); |
| 77 | } |