mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2016 Google Inc. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license that can be |
| 5 | * found in the LICENSE file. |
| 6 | */ |
| 7 | |
| 8 | #include "Fuzz.h" |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 9 | #include "SkCanvas.h" |
| 10 | #include "SkCodec.h" |
mtklein | f5e9782 | 2016-01-15 06:19:53 -0800 | [diff] [blame] | 11 | #include "SkCommandLineFlags.h" |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 12 | #include "SkData.h" |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 13 | #include "SkImage.h" |
| 14 | #include "SkImageEncoder.h" |
| 15 | #include "SkMallocPixelRef.h" |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 16 | #include "SkOSFile.h" |
| 17 | #include "SkOSPath.h" |
Herb Derby | a839fc0 | 2017-03-16 12:30:43 -0400 | [diff] [blame] | 18 | #include "SkPaint.h" |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 19 | #include "SkPath.h" |
kjlubick | e565450 | 2016-07-19 16:50:03 -0700 | [diff] [blame] | 20 | #include "SkPicture.h" |
Kevin Lubick | 0d82566 | 2018-01-03 14:38:48 -0500 | [diff] [blame] | 21 | #include "SkPipe.h" |
Mike Reed | fadbfcd | 2017-12-06 16:09:20 -0500 | [diff] [blame] | 22 | #include "SkReadBuffer.h" |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 23 | #include "SkStream.h" |
| 24 | #include "SkSurface.h" |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 25 | #include "SkTextBlob.h" |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 26 | |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 27 | #if SK_SUPPORT_GPU |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 28 | #include "SkSLCompiler.h" |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 29 | #endif |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 30 | |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 31 | #include <iostream> |
mtklein | a115942 | 2016-01-15 05:46:54 -0800 | [diff] [blame] | 32 | #include <signal.h> |
Hal Canary | db68301 | 2016-11-23 08:55:18 -0700 | [diff] [blame] | 33 | #include "sk_tool_utils.h" |
| 34 | |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 35 | |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 36 | DEFINE_string2(bytes, b, "", "A path to a file or a directory. If a file, the " |
| 37 | "contents will be used as the fuzz bytes. If a directory, all files " |
| 38 | "in the directory will be used as fuzz bytes for the fuzzer, one at a " |
| 39 | "time."); |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 40 | DEFINE_string2(name, n, "", "If --type is 'api', fuzz the API with this name."); |
Hal Canary | 62176db | 2017-02-27 16:42:03 -0500 | [diff] [blame] | 41 | DEFINE_string2(dump, d, "", "If not empty, dump 'image*' or 'skp' types as a " |
| 42 | "PNG with this name."); |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 43 | DEFINE_bool2(verbose, v, false, "Print more information while fuzzing."); |
| 44 | DEFINE_string2(type, t, "", "How to interpret --bytes, one of:\n" |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 45 | "animated_image_decode\n" |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 46 | "api\n" |
| 47 | "color_deserialize\n" |
| 48 | "filter_fuzz (equivalent to Chrome's filter_fuzz_stub)\n" |
| 49 | "icc\n" |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 50 | "image_decode\n" |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 51 | "image_mode\n" |
| 52 | "image_scale\n" |
| 53 | "path_deserialize\n" |
| 54 | "pipe\n" |
| 55 | "region_deserialize\n" |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 56 | "region_set_path\n" |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 57 | "skp\n" |
| 58 | "sksl2glsl\n" |
| 59 | "textblob"); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 60 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 61 | static int fuzz_file(const char* path); |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 62 | static uint8_t calculate_option(SkData*); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 63 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 64 | static void fuzz_api(sk_sp<SkData>); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 65 | static void fuzz_color_deserialize(sk_sp<SkData>); |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 66 | static void fuzz_filter_fuzz(sk_sp<SkData>); |
Kevin Lubick | 0168e04 | 2017-02-14 13:12:37 -0500 | [diff] [blame] | 67 | static void fuzz_icc(sk_sp<SkData>); |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 68 | static void fuzz_img2(sk_sp<SkData>); |
| 69 | static void fuzz_animated_img(sk_sp<SkData>); |
Kevin Lubick | 0168e04 | 2017-02-14 13:12:37 -0500 | [diff] [blame] | 70 | static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); |
Kevin Lubick | f04c50a | 2017-01-06 13:48:19 -0500 | [diff] [blame] | 71 | static void fuzz_path_deserialize(sk_sp<SkData>); |
Kevin Lubick | edee1ae | 2017-02-20 17:47:18 -0500 | [diff] [blame] | 72 | static void fuzz_region_deserialize(sk_sp<SkData>); |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 73 | static void fuzz_region_set_path(sk_sp<SkData>); |
Kevin Lubick | 0168e04 | 2017-02-14 13:12:37 -0500 | [diff] [blame] | 74 | static void fuzz_skp(sk_sp<SkData>); |
Kevin Lubick | 0d82566 | 2018-01-03 14:38:48 -0500 | [diff] [blame] | 75 | static void fuzz_skpipe(sk_sp<SkData>); |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 76 | static void fuzz_textblob_deserialize(sk_sp<SkData>); |
Herb Derby | a839fc0 | 2017-03-16 12:30:43 -0400 | [diff] [blame] | 77 | |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 78 | #if SK_SUPPORT_GPU |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 79 | static void fuzz_sksl2glsl(sk_sp<SkData>); |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 80 | #endif |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 81 | |
| 82 | int main(int argc, char** argv) { |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 83 | SkCommandLineFlags::SetUsage("Usage: fuzz -t <type> -b <path/to/file> [-n api-to-fuzz]\n" |
| 84 | "--help lists the valid types\n"); |
mtklein | f5e9782 | 2016-01-15 06:19:53 -0800 | [diff] [blame] | 85 | SkCommandLineFlags::Parse(argc, argv); |
| 86 | |
mtklein | d0b8234 | 2016-01-15 07:56:20 -0800 | [diff] [blame] | 87 | const char* path = FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]; |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 88 | |
| 89 | if (!sk_isdir(path)) { |
| 90 | return fuzz_file(path); |
| 91 | } |
| 92 | |
| 93 | SkOSFile::Iter it(path); |
| 94 | for (SkString file; it.next(&file); ) { |
| 95 | SkString p = SkOSPath::Join(path, file.c_str()); |
| 96 | SkDebugf("Fuzzing %s\n", p.c_str()); |
| 97 | int rv = fuzz_file(p.c_str()); |
| 98 | if (rv != 0) { |
| 99 | return rv; |
| 100 | } |
| 101 | } |
| 102 | return 0; |
| 103 | } |
| 104 | |
| 105 | static int fuzz_file(const char* path) { |
bungeman | 38d909e | 2016-08-02 14:40:46 -0700 | [diff] [blame] | 106 | sk_sp<SkData> bytes(SkData::MakeFromFileName(path)); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 107 | if (!bytes) { |
| 108 | SkDebugf("Could not read %s\n", path); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 109 | return 1; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 110 | } |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 111 | |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 112 | if (!FLAGS_type.isEmpty()) { |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 113 | if (0 == strcmp("animated_image_decode", FLAGS_type[0])) { |
| 114 | fuzz_animated_img(bytes); |
| 115 | return 0; |
| 116 | } |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 117 | if (0 == strcmp("api", FLAGS_type[0])) { |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 118 | fuzz_api(bytes); |
| 119 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 120 | } |
| 121 | if (0 == strcmp("color_deserialize", FLAGS_type[0])) { |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 122 | fuzz_color_deserialize(bytes); |
| 123 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 124 | } |
| 125 | if (0 == strcmp("icc", FLAGS_type[0])) { |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 126 | fuzz_icc(bytes); |
| 127 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 128 | } |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 129 | if (0 == strcmp("image_decode", FLAGS_type[0])) { |
| 130 | fuzz_img2(bytes); |
| 131 | return 0; |
| 132 | } |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 133 | if (0 == strcmp("image_scale", FLAGS_type[0])) { |
Kevin Lubick | c9d2829 | 2017-11-09 08:12:56 -0500 | [diff] [blame] | 134 | uint8_t option = calculate_option(bytes.get()); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 135 | fuzz_img(bytes, option, 0); |
| 136 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 137 | } |
| 138 | if (0 == strcmp("image_mode", FLAGS_type[0])) { |
Kevin Lubick | c9d2829 | 2017-11-09 08:12:56 -0500 | [diff] [blame] | 139 | uint8_t option = calculate_option(bytes.get()); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 140 | fuzz_img(bytes, 0, option); |
| 141 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 142 | } |
Kevin Lubick | f04c50a | 2017-01-06 13:48:19 -0500 | [diff] [blame] | 143 | if (0 == strcmp("path_deserialize", FLAGS_type[0])) { |
| 144 | fuzz_path_deserialize(bytes); |
| 145 | return 0; |
| 146 | } |
Kevin Lubick | edee1ae | 2017-02-20 17:47:18 -0500 | [diff] [blame] | 147 | if (0 == strcmp("region_deserialize", FLAGS_type[0])) { |
| 148 | fuzz_region_deserialize(bytes); |
| 149 | return 0; |
| 150 | } |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 151 | if (0 == strcmp("region_set_path", FLAGS_type[0])) { |
| 152 | fuzz_region_set_path(bytes); |
| 153 | return 0; |
| 154 | } |
Kevin Lubick | 0d82566 | 2018-01-03 14:38:48 -0500 | [diff] [blame] | 155 | if (0 == strcmp("pipe", FLAGS_type[0])) { |
| 156 | fuzz_skpipe(bytes); |
| 157 | return 0; |
| 158 | } |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 159 | if (0 == strcmp("skp", FLAGS_type[0])) { |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 160 | fuzz_skp(bytes); |
| 161 | return 0; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 162 | } |
Herb Derby | a839fc0 | 2017-03-16 12:30:43 -0400 | [diff] [blame] | 163 | if (0 == strcmp("filter_fuzz", FLAGS_type[0])) { |
| 164 | fuzz_filter_fuzz(bytes); |
| 165 | return 0; |
| 166 | } |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 167 | if (0 == strcmp("textblob", FLAGS_type[0])) { |
| 168 | fuzz_textblob_deserialize(bytes); |
| 169 | return 0; |
| 170 | } |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 171 | #if SK_SUPPORT_GPU |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 172 | if (0 == strcmp("sksl2glsl", FLAGS_type[0])) { |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 173 | fuzz_sksl2glsl(bytes); |
| 174 | return 0; |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 175 | } |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 176 | #endif |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 177 | } |
Kevin Lubick | 9ff5dc9 | 2018-01-09 12:47:33 -0500 | [diff] [blame] | 178 | SkCommandLineFlags::PrintUsage(); |
| 179 | return 1; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 180 | } |
| 181 | |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 182 | // This adds up the first 1024 bytes and returns it as an 8 bit integer. This allows afl-fuzz to |
| 183 | // deterministically excercise different paths, or *options* (such as different scaling sizes or |
| 184 | // different image modes) without needing to introduce a parameter. This way we don't need a |
| 185 | // image_scale1, image_scale2, image_scale4, etc fuzzer, we can just have a image_scale fuzzer. |
| 186 | // Clients are expected to transform this number into a different range, e.g. with modulo (%). |
| 187 | static uint8_t calculate_option(SkData* bytes) { |
| 188 | uint8_t total = 0; |
| 189 | const uint8_t* data = bytes->bytes(); |
| 190 | for (size_t i = 0; i < 1024 && i < bytes->size(); i++) { |
| 191 | total += data[i]; |
| 192 | } |
| 193 | return total; |
| 194 | } |
| 195 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 196 | static void fuzz_api(sk_sp<SkData> bytes) { |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 197 | const char* name = FLAGS_name.isEmpty() ? "" : FLAGS_name[0]; |
| 198 | |
Mike Reed | ab273fa | 2017-01-11 13:58:55 -0500 | [diff] [blame] | 199 | for (auto r = sk_tools::Registry<Fuzzable>::Head(); r; r = r->next()) { |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 200 | auto fuzzable = r->factory(); |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 201 | if (0 == strcmp(name, fuzzable.name)) { |
mtklein | f5e9782 | 2016-01-15 06:19:53 -0800 | [diff] [blame] | 202 | SkDebugf("Fuzzing %s...\n", fuzzable.name); |
Kevin Lubick | 1ac8fd2 | 2017-03-01 10:42:45 -0500 | [diff] [blame] | 203 | Fuzz fuzz(std::move(bytes)); |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 204 | fuzzable.fn(&fuzz); |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 205 | SkDebugf("[terminated] Success!\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 206 | return; |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 207 | } |
| 208 | } |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 209 | |
| 210 | SkDebugf("When using --type api, please choose an API to fuzz with --name/-n:\n"); |
Mike Reed | ab273fa | 2017-01-11 13:58:55 -0500 | [diff] [blame] | 211 | for (auto r = sk_tools::Registry<Fuzzable>::Head(); r; r = r->next()) { |
mtklein | d4387ea | 2016-01-21 06:13:52 -0800 | [diff] [blame] | 212 | auto fuzzable = r->factory(); |
| 213 | SkDebugf("\t%s\n", fuzzable.name); |
| 214 | } |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 215 | } |
| 216 | |
| 217 | static void dump_png(SkBitmap bitmap) { |
| 218 | if (!FLAGS_dump.isEmpty()) { |
Hal Canary | db68301 | 2016-11-23 08:55:18 -0700 | [diff] [blame] | 219 | sk_tool_utils::EncodeImageToFile(FLAGS_dump[0], bitmap, SkEncodedImageFormat::kPNG, 100); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 220 | SkDebugf("Dumped to %s\n", FLAGS_dump[0]); |
| 221 | } |
| 222 | } |
| 223 | |
Kevin Lubick | 2416f96 | 2018-02-12 08:26:39 -0500 | [diff] [blame] | 224 | void FuzzAnimatedImage(sk_sp<SkData> bytes); |
| 225 | |
| 226 | static void fuzz_animated_img(sk_sp<SkData> bytes) { |
| 227 | FuzzAnimatedImage(bytes); |
| 228 | SkDebugf("[terminated] Didn't crash while decoding/drawing animated image!\n"); |
| 229 | } |
| 230 | |
| 231 | void FuzzImage(sk_sp<SkData> bytes); |
| 232 | |
| 233 | static void fuzz_img2(sk_sp<SkData> bytes) { |
| 234 | FuzzImage(bytes); |
| 235 | SkDebugf("[terminated] Didn't crash while decoding/drawing image!\n"); |
| 236 | } |
| 237 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 238 | static void fuzz_img(sk_sp<SkData> bytes, uint8_t scale, uint8_t mode) { |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 239 | // We can scale 1x, 2x, 4x, 8x, 16x |
| 240 | scale = scale % 5; |
kjlubick | 5bd98a2 | 2016-02-18 06:27:38 -0800 | [diff] [blame] | 241 | float fscale = (float)pow(2.0f, scale); |
| 242 | SkDebugf("Scaling factor: %f\n", fscale); |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 243 | |
Leon Scroggins III | c5a8366 | 2016-12-08 09:07:56 -0500 | [diff] [blame] | 244 | // We have 5 different modes of decoding. |
| 245 | mode = mode % 5; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 246 | SkDebugf("Mode: %d\n", mode); |
| 247 | |
| 248 | // This is mostly copied from DMSrcSink's CodecSrc::draw method. |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 249 | SkDebugf("Decoding\n"); |
Mike Reed | ede7bac | 2017-07-23 15:30:02 -0400 | [diff] [blame] | 250 | std::unique_ptr<SkCodec> codec(SkCodec::MakeFromData(bytes)); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 251 | if (nullptr == codec.get()) { |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 252 | SkDebugf("[terminated] Couldn't create codec.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 253 | return; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 254 | } |
| 255 | |
| 256 | SkImageInfo decodeInfo = codec->getInfo(); |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 257 | SkISize size = codec->getScaledDimensions(fscale); |
| 258 | decodeInfo = decodeInfo.makeWH(size.width(), size.height()); |
| 259 | |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 260 | SkBitmap bitmap; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 261 | SkCodec::Options options; |
| 262 | options.fZeroInitialized = SkCodec::kYes_ZeroInitialized; |
| 263 | |
Mike Reed | 086a427 | 2017-07-18 10:53:11 -0400 | [diff] [blame] | 264 | if (!bitmap.tryAllocPixelsFlags(decodeInfo, SkBitmap::kZeroPixels_AllocFlag)) { |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 265 | SkDebugf("[terminated] Could not allocate memory. Image might be too large (%d x %d)", |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 266 | decodeInfo.width(), decodeInfo.height()); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 267 | return; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 268 | } |
| 269 | |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 270 | switch (mode) { |
| 271 | case 0: {//kCodecZeroInit_Mode, kCodec_Mode |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 272 | switch (codec->getPixels(decodeInfo, bitmap.getPixels(), bitmap.rowBytes(), &options)) { |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 273 | case SkCodec::kSuccess: |
| 274 | SkDebugf("[terminated] Success!\n"); |
| 275 | break; |
| 276 | case SkCodec::kIncompleteInput: |
| 277 | SkDebugf("[terminated] Partial Success\n"); |
| 278 | break; |
Leon Scroggins III | 674a184 | 2017-07-06 12:26:09 -0400 | [diff] [blame] | 279 | case SkCodec::kErrorInInput: |
| 280 | SkDebugf("[terminated] Partial Success with error\n"); |
| 281 | break; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 282 | case SkCodec::kInvalidConversion: |
| 283 | SkDebugf("Incompatible colortype conversion\n"); |
| 284 | // Crash to allow afl-fuzz to know this was a bug. |
| 285 | raise(SIGSEGV); |
| 286 | default: |
| 287 | SkDebugf("[terminated] Couldn't getPixels.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 288 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 289 | } |
| 290 | break; |
| 291 | } |
| 292 | case 1: {//kScanline_Mode |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 293 | if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)) { |
| 294 | SkDebugf("[terminated] Could not start scanline decoder\n"); |
| 295 | return; |
| 296 | } |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 297 | |
| 298 | void* dst = bitmap.getAddr(0, 0); |
| 299 | size_t rowBytes = bitmap.rowBytes(); |
| 300 | uint32_t height = decodeInfo.height(); |
| 301 | switch (codec->getScanlineOrder()) { |
| 302 | case SkCodec::kTopDown_SkScanlineOrder: |
| 303 | case SkCodec::kBottomUp_SkScanlineOrder: |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 304 | // We do not need to check the return value. On an incomplete |
| 305 | // image, memory will be filled with a default value. |
| 306 | codec->getScanlines(dst, height, rowBytes); |
| 307 | break; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 308 | } |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 309 | SkDebugf("[terminated] Success!\n"); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 310 | break; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 311 | } |
| 312 | case 2: { //kStripe_Mode |
| 313 | const int height = decodeInfo.height(); |
| 314 | // This value is chosen arbitrarily. We exercise more cases by choosing a value that |
| 315 | // does not align with image blocks. |
| 316 | const int stripeHeight = 37; |
| 317 | const int numStripes = (height + stripeHeight - 1) / stripeHeight; |
| 318 | |
| 319 | // Decode odd stripes |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 320 | if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo) |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 321 | || SkCodec::kTopDown_SkScanlineOrder != codec->getScanlineOrder()) { |
| 322 | // This mode was designed to test the new skip scanlines API in libjpeg-turbo. |
| 323 | // Jpegs have kTopDown_SkScanlineOrder, and at this time, it is not interesting |
| 324 | // to run this test for image types that do not have this scanline ordering. |
| 325 | SkDebugf("[terminated] Could not start top-down scanline decoder\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 326 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 327 | } |
| 328 | |
| 329 | for (int i = 0; i < numStripes; i += 2) { |
| 330 | // Skip a stripe |
| 331 | const int linesToSkip = SkTMin(stripeHeight, height - i * stripeHeight); |
| 332 | codec->skipScanlines(linesToSkip); |
| 333 | |
| 334 | // Read a stripe |
| 335 | const int startY = (i + 1) * stripeHeight; |
| 336 | const int linesToRead = SkTMin(stripeHeight, height - startY); |
| 337 | if (linesToRead > 0) { |
| 338 | codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes()); |
| 339 | } |
| 340 | } |
| 341 | |
| 342 | // Decode even stripes |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 343 | const SkCodec::Result startResult = codec->startScanlineDecode(decodeInfo); |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 344 | if (SkCodec::kSuccess != startResult) { |
| 345 | SkDebugf("[terminated] Failed to restart scanline decoder with same parameters.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 346 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 347 | } |
| 348 | for (int i = 0; i < numStripes; i += 2) { |
| 349 | // Read a stripe |
| 350 | const int startY = i * stripeHeight; |
| 351 | const int linesToRead = SkTMin(stripeHeight, height - startY); |
| 352 | codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes()); |
| 353 | |
| 354 | // Skip a stripe |
| 355 | const int linesToSkip = SkTMin(stripeHeight, height - (i + 1) * stripeHeight); |
| 356 | if (linesToSkip > 0) { |
| 357 | codec->skipScanlines(linesToSkip); |
| 358 | } |
| 359 | } |
| 360 | SkDebugf("[terminated] Success!\n"); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 361 | break; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 362 | } |
| 363 | case 3: { //kSubset_Mode |
| 364 | // Arbitrarily choose a divisor. |
| 365 | int divisor = 2; |
| 366 | // Total width/height of the image. |
| 367 | const int W = codec->getInfo().width(); |
| 368 | const int H = codec->getInfo().height(); |
| 369 | if (divisor > W || divisor > H) { |
| 370 | SkDebugf("[terminated] Cannot codec subset: divisor %d is too big " |
| 371 | "with dimensions (%d x %d)\n", divisor, W, H); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 372 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 373 | } |
| 374 | // subset dimensions |
| 375 | // SkWebpCodec, the only one that supports subsets, requires even top/left boundaries. |
| 376 | const int w = SkAlign2(W / divisor); |
| 377 | const int h = SkAlign2(H / divisor); |
| 378 | SkIRect subset; |
| 379 | SkCodec::Options opts; |
| 380 | opts.fSubset = ⊂ |
| 381 | SkBitmap subsetBm; |
| 382 | // We will reuse pixel memory from bitmap. |
| 383 | void* pixels = bitmap.getPixels(); |
| 384 | // Keep track of left and top (for drawing subsetBm into canvas). We could use |
| 385 | // fscale * x and fscale * y, but we want integers such that the next subset will start |
| 386 | // where the last one ended. So we'll add decodeInfo.width() and height(). |
| 387 | int left = 0; |
| 388 | for (int x = 0; x < W; x += w) { |
| 389 | int top = 0; |
| 390 | for (int y = 0; y < H; y+= h) { |
| 391 | // Do not make the subset go off the edge of the image. |
| 392 | const int preScaleW = SkTMin(w, W - x); |
| 393 | const int preScaleH = SkTMin(h, H - y); |
| 394 | subset.setXYWH(x, y, preScaleW, preScaleH); |
| 395 | // And fscale |
| 396 | // FIXME: Should we have a version of getScaledDimensions that takes a subset |
| 397 | // into account? |
| 398 | decodeInfo = decodeInfo.makeWH( |
| 399 | SkTMax(1, SkScalarRoundToInt(preScaleW * fscale)), |
| 400 | SkTMax(1, SkScalarRoundToInt(preScaleH * fscale))); |
| 401 | size_t rowBytes = decodeInfo.minRowBytes(); |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 402 | if (!subsetBm.installPixels(decodeInfo, pixels, rowBytes)) { |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 403 | SkDebugf("[terminated] Could not install pixels.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 404 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 405 | } |
| 406 | const SkCodec::Result result = codec->getPixels(decodeInfo, pixels, rowBytes, |
Leon Scroggins | 571b30f | 2017-07-11 17:35:31 +0000 | [diff] [blame] | 407 | &opts); |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 408 | switch (result) { |
| 409 | case SkCodec::kSuccess: |
| 410 | case SkCodec::kIncompleteInput: |
Leon Scroggins III | 674a184 | 2017-07-06 12:26:09 -0400 | [diff] [blame] | 411 | case SkCodec::kErrorInInput: |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 412 | SkDebugf("okay\n"); |
| 413 | break; |
| 414 | case SkCodec::kInvalidConversion: |
| 415 | if (0 == (x|y)) { |
| 416 | // First subset is okay to return unimplemented. |
| 417 | SkDebugf("[terminated] Incompatible colortype conversion\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 418 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 419 | } |
| 420 | // If the first subset succeeded, a later one should not fail. |
| 421 | // fall through to failure |
| 422 | case SkCodec::kUnimplemented: |
| 423 | if (0 == (x|y)) { |
| 424 | // First subset is okay to return unimplemented. |
| 425 | SkDebugf("[terminated] subset codec not supported\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 426 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 427 | } |
| 428 | // If the first subset succeeded, why would a later one fail? |
| 429 | // fall through to failure |
| 430 | default: |
| 431 | SkDebugf("[terminated] subset codec failed to decode (%d, %d, %d, %d) " |
| 432 | "with dimensions (%d x %d)\t error %d\n", |
| 433 | x, y, decodeInfo.width(), decodeInfo.height(), |
| 434 | W, H, result); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 435 | return; |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 436 | } |
| 437 | // translate by the scaled height. |
| 438 | top += decodeInfo.height(); |
| 439 | } |
| 440 | // translate by the scaled width. |
| 441 | left += decodeInfo.width(); |
| 442 | } |
| 443 | SkDebugf("[terminated] Success!\n"); |
| 444 | break; |
| 445 | } |
Leon Scroggins III | c5a8366 | 2016-12-08 09:07:56 -0500 | [diff] [blame] | 446 | case 4: { //kAnimated_Mode |
| 447 | std::vector<SkCodec::FrameInfo> frameInfos = codec->getFrameInfo(); |
| 448 | if (frameInfos.size() == 0) { |
| 449 | SkDebugf("[terminated] Not an animated image\n"); |
| 450 | break; |
| 451 | } |
| 452 | |
| 453 | for (size_t i = 0; i < frameInfos.size(); i++) { |
| 454 | options.fFrameIndex = i; |
| 455 | auto result = codec->startIncrementalDecode(decodeInfo, bitmap.getPixels(), |
| 456 | bitmap.rowBytes(), &options); |
| 457 | if (SkCodec::kSuccess != result) { |
| 458 | SkDebugf("[terminated] failed to start incremental decode " |
| 459 | "in frame %d with error %d\n", i, result); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 460 | return; |
Leon Scroggins III | c5a8366 | 2016-12-08 09:07:56 -0500 | [diff] [blame] | 461 | } |
| 462 | |
| 463 | result = codec->incrementalDecode(); |
Leon Scroggins III | 674a184 | 2017-07-06 12:26:09 -0400 | [diff] [blame] | 464 | if (result == SkCodec::kIncompleteInput || result == SkCodec::kErrorInInput) { |
Leon Scroggins III | c5a8366 | 2016-12-08 09:07:56 -0500 | [diff] [blame] | 465 | SkDebugf("okay\n"); |
| 466 | // Frames beyond this one will not decode. |
| 467 | break; |
| 468 | } |
| 469 | if (result == SkCodec::kSuccess) { |
| 470 | SkDebugf("okay - decoded frame %d\n", i); |
| 471 | } else { |
| 472 | SkDebugf("[terminated] incremental decode failed with " |
| 473 | "error %d\n", result); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 474 | return; |
Leon Scroggins III | c5a8366 | 2016-12-08 09:07:56 -0500 | [diff] [blame] | 475 | } |
| 476 | } |
| 477 | SkDebugf("[terminated] Success!\n"); |
| 478 | break; |
| 479 | } |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 480 | default: |
kjlubick | 2a42f48 | 2016-02-16 16:14:23 -0800 | [diff] [blame] | 481 | SkDebugf("[terminated] Mode not implemented yet\n"); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 482 | } |
| 483 | |
| 484 | dump_png(bitmap); |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 485 | } |
| 486 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 487 | static void fuzz_skp(sk_sp<SkData> bytes) { |
Kevin Lubick | 09757b2 | 2017-12-12 12:52:39 -0500 | [diff] [blame] | 488 | SkReadBuffer buf(bytes->data(), bytes->size()); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 489 | SkDebugf("Decoding\n"); |
Kevin Lubick | 09757b2 | 2017-12-12 12:52:39 -0500 | [diff] [blame] | 490 | sk_sp<SkPicture> pic(SkPicture::MakeFromBuffer(buf)); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 491 | if (!pic) { |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 492 | SkDebugf("[terminated] Couldn't decode as a picture.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 493 | return; |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 494 | } |
| 495 | SkDebugf("Rendering\n"); |
| 496 | SkBitmap bitmap; |
| 497 | if (!FLAGS_dump.isEmpty()) { |
| 498 | SkIRect size = pic->cullRect().roundOut(); |
| 499 | bitmap.allocN32Pixels(size.width(), size.height()); |
| 500 | } |
| 501 | SkCanvas canvas(bitmap); |
| 502 | canvas.drawPicture(pic); |
kjlubick | 47d158e | 2016-02-01 08:23:50 -0800 | [diff] [blame] | 503 | SkDebugf("[terminated] Success! Decoded and rendered an SkPicture!\n"); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 504 | dump_png(bitmap); |
kjlubick | dba5734 | 2016-01-21 05:03:28 -0800 | [diff] [blame] | 505 | } |
mtklein | 65e5824 | 2016-01-13 12:57:57 -0800 | [diff] [blame] | 506 | |
Kevin Lubick | 0d82566 | 2018-01-03 14:38:48 -0500 | [diff] [blame] | 507 | static void fuzz_skpipe(sk_sp<SkData> bytes) { |
| 508 | SkPipeDeserializer d; |
| 509 | SkDebugf("Decoding\n"); |
| 510 | sk_sp<SkPicture> pic(d.readPicture(bytes.get())); |
| 511 | if (!pic) { |
| 512 | SkDebugf("[terminated] Couldn't decode picture via SkPipe.\n"); |
| 513 | return; |
| 514 | } |
| 515 | SkDebugf("Rendering\n"); |
| 516 | SkBitmap bitmap; |
| 517 | SkCanvas canvas(bitmap); |
| 518 | canvas.drawPicture(pic); |
| 519 | SkDebugf("[terminated] Success! Decoded and rendered an SkPicture from SkPipe!\n"); |
| 520 | } |
| 521 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 522 | static void fuzz_icc(sk_sp<SkData> bytes) { |
Brian Osman | 526972e | 2016-10-24 09:24:02 -0400 | [diff] [blame] | 523 | sk_sp<SkColorSpace> space(SkColorSpace::MakeICC(bytes->data(), bytes->size())); |
kjlubick | 897a8e3 | 2016-06-09 07:15:12 -0700 | [diff] [blame] | 524 | if (!space) { |
| 525 | SkDebugf("[terminated] Couldn't decode ICC.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 526 | return; |
kjlubick | 897a8e3 | 2016-06-09 07:15:12 -0700 | [diff] [blame] | 527 | } |
| 528 | SkDebugf("[terminated] Success! Decoded ICC.\n"); |
kjlubick | 897a8e3 | 2016-06-09 07:15:12 -0700 | [diff] [blame] | 529 | } |
| 530 | |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 531 | static void fuzz_color_deserialize(sk_sp<SkData> bytes) { |
kjlubick | 3e3c1a5 | 2016-06-23 10:49:27 -0700 | [diff] [blame] | 532 | sk_sp<SkColorSpace> space(SkColorSpace::Deserialize(bytes->data(), bytes->size())); |
| 533 | if (!space) { |
| 534 | SkDebugf("[terminated] Couldn't deserialize Colorspace.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 535 | return; |
kjlubick | 3e3c1a5 | 2016-06-23 10:49:27 -0700 | [diff] [blame] | 536 | } |
| 537 | SkDebugf("[terminated] Success! deserialized Colorspace.\n"); |
kjlubick | 3e3c1a5 | 2016-06-23 10:49:27 -0700 | [diff] [blame] | 538 | } |
| 539 | |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 540 | void FuzzPathDeserialize(SkReadBuffer& buf); |
Kevin Lubick | c9d2829 | 2017-11-09 08:12:56 -0500 | [diff] [blame] | 541 | |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 542 | static void fuzz_path_deserialize(sk_sp<SkData> bytes) { |
| 543 | SkReadBuffer buf(bytes->data(), bytes->size()); |
| 544 | FuzzPathDeserialize(buf); |
| 545 | SkDebugf("[terminated] path_deserialize didn't crash!\n"); |
Kevin Lubick | f04c50a | 2017-01-06 13:48:19 -0500 | [diff] [blame] | 546 | } |
| 547 | |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 548 | bool FuzzRegionDeserialize(sk_sp<SkData> bytes); |
| 549 | |
Kevin Lubick | edee1ae | 2017-02-20 17:47:18 -0500 | [diff] [blame] | 550 | static void fuzz_region_deserialize(sk_sp<SkData> bytes) { |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 551 | if (!FuzzRegionDeserialize(bytes)) { |
Kevin Lubick | edee1ae | 2017-02-20 17:47:18 -0500 | [diff] [blame] | 552 | SkDebugf("[terminated] Couldn't initialize SkRegion.\n"); |
| 553 | return; |
| 554 | } |
Kevin Lubick | edee1ae | 2017-02-20 17:47:18 -0500 | [diff] [blame] | 555 | SkDebugf("[terminated] Success! Initialized SkRegion.\n"); |
| 556 | } |
| 557 | |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 558 | void FuzzTextBlobDeserialize(SkReadBuffer& buf); |
| 559 | |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 560 | static void fuzz_textblob_deserialize(sk_sp<SkData> bytes) { |
Mike Reed | fadbfcd | 2017-12-06 16:09:20 -0500 | [diff] [blame] | 561 | SkReadBuffer buf(bytes->data(), bytes->size()); |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 562 | FuzzTextBlobDeserialize(buf); |
| 563 | SkDebugf("[terminated] textblob didn't crash!\n"); |
Kevin Lubick | d46e85f | 2017-11-21 17:13:35 -0500 | [diff] [blame] | 564 | } |
| 565 | |
Kevin Lubick | 2541edf | 2018-01-11 10:27:14 -0500 | [diff] [blame] | 566 | void FuzzRegionSetPath(Fuzz* fuzz); |
| 567 | |
| 568 | static void fuzz_region_set_path(sk_sp<SkData> bytes) { |
| 569 | Fuzz fuzz(bytes); |
| 570 | FuzzRegionSetPath(&fuzz); |
| 571 | SkDebugf("[terminated] region_set_path didn't crash!\n"); |
| 572 | } |
| 573 | |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 574 | void FuzzImageFilterDeserialize(sk_sp<SkData> bytes); |
| 575 | |
Herb Derby | a839fc0 | 2017-03-16 12:30:43 -0400 | [diff] [blame] | 576 | static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { |
Kevin Lubick | f034d11 | 2018-02-08 14:31:24 -0500 | [diff] [blame] | 577 | FuzzImageFilterDeserialize(bytes); |
| 578 | SkDebugf("[terminated] filter_fuzz didn't crash!\n"); |
Herb Derby | a839fc0 | 2017-03-16 12:30:43 -0400 | [diff] [blame] | 579 | } |
| 580 | |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 581 | #if SK_SUPPORT_GPU |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 582 | static void fuzz_sksl2glsl(sk_sp<SkData> bytes) { |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 583 | SkSL::Compiler compiler; |
Ethan Nicholas | 0df1b04 | 2017-03-31 13:56:23 -0400 | [diff] [blame] | 584 | SkSL::String output; |
Ethan Nicholas | 941e7e2 | 2016-12-12 15:33:30 -0500 | [diff] [blame] | 585 | SkSL::Program::Settings settings; |
| 586 | sk_sp<GrShaderCaps> caps = SkSL::ShaderCapsFactory::Default(); |
| 587 | settings.fCaps = caps.get(); |
| 588 | std::unique_ptr<SkSL::Program> program = compiler.convertProgram(SkSL::Program::kFragment_Kind, |
Brian Osman | 93ba0a4 | 2017-08-14 14:48:10 -0400 | [diff] [blame] | 589 | SkSL::String((const char*) bytes->data()), |
| 590 | settings); |
Ethan Nicholas | 941e7e2 | 2016-12-12 15:33:30 -0500 | [diff] [blame] | 591 | if (!program || !compiler.toGLSL(*program, &output)) { |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 592 | SkDebugf("[terminated] Couldn't compile input.\n"); |
Kevin Lubick | f80f115 | 2017-01-06 08:26:56 -0500 | [diff] [blame] | 593 | return; |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 594 | } |
| 595 | SkDebugf("[terminated] Success! Compiled input.\n"); |
kjlubick | e719577 | 2016-10-18 10:06:24 -0700 | [diff] [blame] | 596 | } |
Ethan Nicholas | 7ef4b74 | 2016-11-11 15:16:46 -0500 | [diff] [blame] | 597 | #endif |