Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / skia / b60c8a2496d68ad016a6ff1f07dc26db88f409a1 / . / fuzz / FuzzSkDescriptor.cpp
blob: 4dbc14f607d3f17ba0ac2b947af297340723a7f5 [file] [log] [blame]
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]1/*
2 * Copyright 2019 Google, LLC
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8#include "fuzz/Fuzz.h"
9#include "src/core/SkDescriptor.h"
10#include "src/core/SkScalerContext.h"
11
12DEF_FUZZ(SkDescriptor, fuzz) {
13 int32_t numEntries;
14 fuzz->next(&numEntries);
15
16 // Limit this to keep the fuzz operations fast.
17 if (numEntries < 0 || numEntries > 300) {
18 return;
19 }
20
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]21 size_t overhead = SkDescriptor::ComputeOverhead(numEntries);
22 size_t data;
23 fuzz->nextRange(&data, 0, 500);
24 auto desc = SkDescriptor::Alloc(overhead + data);
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]25 for (int32_t i = 0; i<numEntries && !fuzz->exhausted(); i++) {
26 uint32_t tag;
27 fuzz->next(&tag);
28 // Valid use of the API requires that tag is truthy and that
29 // the length is aligned to 4. If the fuzzed data doesn't conform,
30 // return to signal that this is "boring" data.
31 if (!tag) {
32 return;
33 }
34 size_t length;
35 fuzz->next(&length);
36 if (SkAlign4(length) != length) {
37 return;
38 }
39
40 uint8_t choice;
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]41 fuzz->nextRange(&choice, 0, 1);
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]42 switch(choice) {
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]43 case 0: { // use SkScalerContextRec
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]44 SkScalerContextRec rec;
45 fuzz->next(&rec);
46 desc->addEntry(tag, sizeof(rec), &rec);
47 break;
48 }
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]49 case 1: { // use arbitrary data
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]50 if (fuzz->remaining() < length) {
51 // Can't initialize all that we requested, so bail out.
52 return;
53 }
54 uint8_t* bytes = new uint8_t[length];
55 fuzz->nextN(bytes, length);
56 desc->addEntry(tag, length, bytes);
Kevin Lubickf64e9582019-12-18 13:31:41 -0500[diff] [blame]57 delete[] bytes;
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]58 break;
59 }
60 default: {
61 SK_ABORT("Did you update the range in FuzzSkDescriptor?");
62 }
63 }
64 }
65
66 // Exercise the API to make sure we don't step out of bounds, etc.
67
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]68 if (desc->isValid()) {
69 desc->computeChecksum();
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]70
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]71 uint32_t tagToFind;
72 fuzz->next(&tagToFind);
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]73
Herb Derby35c64f62019-12-18 14:04:37 -0500[diff] [blame]74 uint32_t ignore;
75 desc->findEntry(tagToFind, &ignore);
76 }
Kevin Lubick2be14d32019-10-21 13:44:48 -0400[diff] [blame]77}