projects/skia/skia.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244

diff --git a/fuzz/FuzzPathMeasure.cpp b/fuzz/FuzzPathMeasure.cpp
index 310735611f..cfde48022d 100644
--- a/fuzz/FuzzPathMeasure.cpp
+++ b/fuzz/FuzzPathMeasure.cpp
@@ -22,6 +22,9 @@ DEF_FUZZ(PathMeasure, fuzz) {
     FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
     SkRect bounds = path.getBounds();
     SkScalar maxDim = std::max(bounds.width(), bounds.height());
+    if (maxDim > 10000000) {
+        return;
+    }
     SkScalar resScale = maxDim / 1000;
     SkPathMeasure measure(path, bits & 1, resScale);
     SkPoint position;
diff --git a/src/core/SkAAClip.cpp b/src/core/SkAAClip.cpp
index 22fd36ce1b..8a6025f641 100644
--- a/src/core/SkAAClip.cpp
+++ b/src/core/SkAAClip.cpp
@@ -1547,6 +1547,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A,
     int topB = iterB.top();
     int botB = iterB.bottom();
 
+#if defined(IS_FUZZING)
+    if ((botA - topA) > 100000 || (botB - topB) > 100000) {
+        return;
+    }
+#endif
+
     do {
         const uint8_t* rowA = nullptr;
         const uint8_t* rowB = nullptr;
diff --git a/src/core/SkDraw.cpp b/src/core/SkDraw.cpp
index 48858d1c9b..8fe7057a26 100644
--- a/src/core/SkDraw.cpp
+++ b/src/core/SkDraw.cpp
@@ -958,6 +958,12 @@ void SkDraw::drawPath(const SkPath& origSrcPath, const SkPaint& origPaint,
     // transform the path into device space
     pathPtr->transform(matrixProvider->localToDevice(), devPathPtr);
 
+#if defined(IS_FUZZING)
+    if (devPathPtr->countPoints() > 1000) {
+        return;
+    }
+#endif
+
     this->drawDevPath(*devPathPtr, *paint, drawCoverage, customBlitter, doFill);
 }
 
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
index 11bbd36693..f5fb7247af 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
@@ -174,6 +174,12 @@ bool SkImageFilter_Base::Common::unflatten(SkReadBuffer& buffer, int expectedCou
         return false;
     }
 
+#if defined(IS_FUZZING)
+    if (count > 4) {
+        return false;
+    }
+#endif
+
     SkASSERT(fInputs.empty());
     for (int i = 0; i < count; i++) {
         fInputs.push_back(buffer.readBool() ? buffer.readImageFilter() : nullptr);
diff --git a/src/core/SkMallocPixelRef.cpp b/src/core/SkMallocPixelRef.cpp
index 02fd9c4580..7a23974b85 100644
--- a/src/core/SkMallocPixelRef.cpp
+++ b/src/core/SkMallocPixelRef.cpp
@@ -34,6 +34,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeAllocate(const SkImageInfo& info, size_t
     if (SkImageInfo::ByteSizeOverflowed(size)) {
         return nullptr;
     }
+#if defined(IS_FUZZING)
+    if (size > 100000) {
+        return nullptr;
+    }
+#endif
     void* addr = sk_calloc_canfail(size);
     if (nullptr == addr) {
         return nullptr;
diff --git a/src/core/SkMaskFilter.cpp b/src/core/SkMaskFilter.cpp
index 222a5943e1..466307e9b3 100644
--- a/src/core/SkMaskFilter.cpp
+++ b/src/core/SkMaskFilter.cpp
@@ -262,6 +262,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix,
 
     SkMask  srcM, dstM;
 
+#if defined(IS_FUZZING)
+    if (devPath.countVerbs() > 1000 || devPath.countPoints() > 1000) {
+        return false;
+    }
+#endif
     if (!SkDraw::DrawToMask(devPath, &clip.getBounds(), this, &matrix, &srcM,
                             SkMask::kComputeBoundsAndRenderImage_CreateMode,
                             style)) {
diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp
index 001fa39338..f0b2bcd684 100644
--- a/src/core/SkPaint.cpp
+++ b/src/core/SkPaint.cpp
@@ -333,6 +333,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect
 
     SkStrokeRec rec(*this, resScale);
 
+#if defined(IS_FUZZING)
+    // Prevent lines with small widths from timing out.
+    if (rec.getStyle() == SkStrokeRec::Style::kStroke_Style && rec.getWidth() < 0.001) {
+        return false;
+    }
+#endif
+
     const SkPath* srcPtr = &src;
     SkPath tmpPath;
 
diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp
index 0122601937..8c46011fe3 100644
--- a/src/core/SkPath.cpp
+++ b/src/core/SkPath.cpp
@@ -3182,7 +3182,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st
                                    SkScalar sweepAngle, bool useCenter, bool isFillNoPathEffect) {
     SkASSERT(!oval.isEmpty());
     SkASSERT(sweepAngle);
-
+#if defined(IS_FUZZING)
+    if (sweepAngle > 3600.0f || sweepAngle < -3600.0f) {
+        return;
+    }
+#endif
     path->reset();
     path->setIsVolatile(true);
     path->setFillType(SkPathFillType::kWinding);
diff --git a/src/core/SkScan_Hairline.cpp b/src/core/SkScan_Hairline.cpp
index eeea9e78f0..4c8d2a8f3f 100644
--- a/src/core/SkScan_Hairline.cpp
+++ b/src/core/SkScan_Hairline.cpp
@@ -122,7 +122,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
             if (ix0 == ix1) {// too short to draw
                 continue;
             }
-
+#if defined(IS_FUZZING)
+            if ((ix1 - ix0) > 100000 || (ix1 - ix0) < 0) {
+                continue; // too big to draw
+            }
+#endif
             SkFixed slope = SkFixedDiv(dy, dx);
             SkFixed startY = SkFDot6ToFixed(y0) + (slope * ((32 - x0) & 63) >> 6);
 
@@ -138,7 +142,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
             if (iy0 == iy1) { // too short to draw
                 continue;
             }
-
+#if defined(IS_FUZZING)
+            if ((iy1 - iy0) > 100000 || (iy1 - iy0) < 0) {
+                continue; // too big to draw
+            }
+#endif
             SkFixed slope = SkFixedDiv(dx, dy);
             SkFixed startX = SkFDot6ToFixed(x0) + (slope * ((32 - y0) & 63) >> 6);
 
diff --git a/src/effects/Sk1DPathEffect.cpp b/src/effects/Sk1DPathEffect.cpp
index 16dee4a90b..a306585b20 100644
--- a/src/effects/Sk1DPathEffect.cpp
+++ b/src/effects/Sk1DPathEffect.cpp
@@ -19,6 +19,11 @@
 bool Sk1DPathEffect::onFilterPath(SkPath* dst, const SkPath& src,
                                   SkStrokeRec*, const SkRect*) const {
     SkPathMeasure   meas(src, false);
+#if defined(IS_FUZZING)
+    if (meas.getLength() < 0 || meas.getLength() > 100) {
+        return false;
+    }
+#endif
     do {
         int governor = MAX_REASONABLE_ITERATIONS;
         SkScalar    length = meas.getLength();
diff --git a/src/effects/Sk2DPathEffect.cpp b/src/effects/Sk2DPathEffect.cpp
index fa19bb96b8..005daff13b 100644
--- a/src/effects/Sk2DPathEffect.cpp
+++ b/src/effects/Sk2DPathEffect.cpp
@@ -51,6 +51,11 @@ void Sk2DPathEffect::nextSpan(int x, int y, int count, SkPath* path) const {
     if (!fMatrixIsInvertible) {
         return;
     }
+#if defined(IS_FUZZING)
+    if (count > 100) {
+        return;
+    }
+#endif
 
     const SkMatrix& mat = this->getMatrix();
     SkPoint src, dst;
diff --git a/src/effects/SkDiscretePathEffect.cpp b/src/effects/SkDiscretePathEffect.cpp
index 4ad1165b0f..a79526a909 100644
--- a/src/effects/SkDiscretePathEffect.cpp
+++ b/src/effects/SkDiscretePathEffect.cpp
@@ -97,6 +97,11 @@ bool SkDiscretePathEffect::onFilterPath(SkPath* dst, const SkPath& src,
 
     do {
         SkScalar    length = meas.getLength();
+#if defined(IS_FUZZING)
+        if (length > 1000) {
+            return false;
+        }
+#endif
 
         if (fSegLength * (2 + doFill) > length) {
             meas.getSegment(0, length, dst, true);  // to short for us to mangle
diff --git a/src/effects/SkLayerDrawLooper.cpp b/src/effects/SkLayerDrawLooper.cpp
index 42592211a9..3b46f632cf 100644
--- a/src/effects/SkLayerDrawLooper.cpp
+++ b/src/effects/SkLayerDrawLooper.cpp
@@ -213,6 +213,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const {
 sk_sp<SkFlattenable> SkLayerDrawLooper::CreateProc(SkReadBuffer& buffer) {
     int count = buffer.readInt();
 
+#if defined(IS_FUZZING)
+    if (count > 100) {
+        count = 100;
+    }
+#endif
     Builder builder;
     for (int i = 0; i < count; i++) {
         LayerInfo info;
diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp
index 1bba63cc0a..e569514902 100644
--- a/src/ports/SkDebug_stdio.cpp
+++ b/src/ports/SkDebug_stdio.cpp
@@ -12,9 +12,13 @@
 #include <stdio.h>
 
 void SkDebugf(const char format[], ...) {
+#if !defined(IS_FUZZING_WITH_LIBFUZZER)
     va_list args;
     va_start(args, format);
     vfprintf(stderr, format, args);
     va_end(args);
+#else
+    (void) format;
+#endif
 }
 #endif//!defined(SK_BUILD_FOR_WIN) && !defined(SK_BUILD_FOR_ANDROID)