diff options
| author |  Kevin Lubick <kjlubick@google.com> | 2017-02-20 17:47:18 -0500 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2017-02-20 23:18:58 +0000 |
| commit | edee1ae9e3b87983ed0ff0ea55b3c49892901260 (patch) | |
| tree | 8eb808eecc90c8b432fa4673861e391aaab9df7c | |
| parent | 8e1c4e672553ecae2745168514240705f3516773 (diff) | |
Write SkRegion fuzzer
BUG=688987
Change-Id: I2ad1c53ea01185a77b662d2d86b0c6d36fcb63c7
Reviewed-on: https://skia-review.googlesource.com/8499
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Hal Canary <halcanary@google.com>
| -rw-r--r-- | BUILD.gn | 3 | ||||
| -rw-r--r-- | fuzz/fuzz.cpp | 27 | ||||
| -rw-r--r-- | gn/BUILDCONFIG.gn | 1 | ||||
| -rw-r--r-- | src/ports/SkMemory_malloc.cpp | 11 |
4 files changed, 42 insertions, 0 deletions
@@ -154,6 +154,9 @@ config("skia_private") { if (skia_enable_discrete_gpu) { defines += [ "SK_ENABLE_DISCRETE_GPU" ] } + if (is_fuzzing) { + defines += [ "IS_FUZZING" ] + } } # Any code that's linked into Skia-the-library should use this config via += skia_library_configs. diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 67207543e7..cc26b2daca 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -14,6 +14,8 @@ #include "SkImageEncoder.h" #include "SkMallocPixelRef.h" #include "SkPath.h" +#include "SkRegion.h" +#include "SkSurface.h" #include "SkOSFile.h" #include "SkOSPath.h" #include "SkPicture.h" @@ -44,6 +46,7 @@ static void fuzz_color_deserialize(sk_sp<SkData>); static void fuzz_icc(sk_sp<SkData>); static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp<SkData>); +static void fuzz_region_deserialize(sk_sp<SkData>); static void fuzz_skp(sk_sp<SkData>); #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp<SkData>); @@ -104,6 +107,10 @@ static int fuzz_file(const char* path) { fuzz_path_deserialize(bytes); return 0; } + if (0 == strcmp("region_deserialize", FLAGS_type[0])) { + fuzz_region_deserialize(bytes); + return 0; + } if (0 == strcmp("skp", FLAGS_type[0])) { fuzz_skp(bytes); return 0; @@ -476,6 +483,26 @@ static void fuzz_path_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Initialized SkPath.\n"); } +static void fuzz_region_deserialize(sk_sp<SkData> bytes) { + SkRegion region; + if (!region.readFromMemory(bytes->data(), bytes->size())) { + SkDebugf("[terminated] Couldn't initialize SkRegion.\n"); + return; + } + region.computeRegionComplexity(); + region.isComplex(); + SkRegion r2; + if (region == r2) { + region.contains(0,0); + } else { + region.contains(1,1); + } + auto s = SkSurface::MakeRasterN32Premul(1024, 1024); + s->getCanvas()->drawRegion(region, SkPaint()); + SkDEBUGCODE(region.validate()); + SkDebugf("[terminated] Success! Initialized SkRegion.\n"); +} + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp<SkData> bytes) { SkSL::Compiler compiler; diff --git a/gn/BUILDCONFIG.gn b/gn/BUILDCONFIG.gn index a89931b432..82e3e10181 100644 --- a/gn/BUILDCONFIG.gn +++ b/gn/BUILDCONFIG.gn @@ -17,6 +17,7 @@ declare_args() { ndk_api = 21 } sanitize = "" + is_fuzzing = false } declare_args() { is_debug = !is_official_build diff --git a/src/ports/SkMemory_malloc.cpp b/src/ports/SkMemory_malloc.cpp index f06dc35ea6..5574a8a0f2 100644 --- a/src/ports/SkMemory_malloc.cpp +++ b/src/ports/SkMemory_malloc.cpp @@ -15,7 +15,11 @@ static inline void sk_out_of_memory(size_t size) { SK_DEBUGFAILF("sk_out_of_memory (asked for " SK_SIZE_T_SPECIFIER " bytes)", size); +#if defined(IS_FUZZING) + exit(1); +#else abort(); +#endif } static inline void* throw_on_failure(size_t size, void* p) { @@ -33,6 +37,9 @@ void sk_abort_no_print() { #endif #if defined(SK_DEBUG) && defined(SK_BUILD_FOR_WIN) __debugbreak(); +#endif +#if defined(IS_FUZZING) + exit(1); #else abort(); #endif @@ -40,7 +47,11 @@ void sk_abort_no_print() { void sk_out_of_memory(void) { SkDEBUGFAIL("sk_out_of_memory"); +#if defined(IS_FUZZING) + exit(1); +#else abort(); +#endif } void* sk_malloc_throw(size_t size) { |