diff options
author | Kevin Lubick <kjlubick@google.com> | 2016-11-10 16:17:49 -0500 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2016-11-10 22:52:03 +0000 |
commit | 416b248312efe7556f980d390254df8503bbbad7 (patch) | |
tree | 8867f718fad318040e6576aa94b3c2cefa6f5929 /fuzz/FuzzParsePath.cpp | |
parent | 2512db21f48ecda9215926b49436c5b534f5da82 (diff) |
Avoid platform-dependent function params in Fuzzer
We use this approach instead of T next() because different compilers
evaluate function parameters in different orders. If fuzz->next()
returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
By requiring params to be passed in, we avoid the temptation to call
next() in a way that does not consume fuzzed bytes in a single
platform-independent order.
BUG=skia:
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4392
Change-Id: I35de849f82e8be45378f662a48100eb732fa8895
Reviewed-on: https://skia-review.googlesource.com/4392
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Diffstat (limited to 'fuzz/FuzzParsePath.cpp')
-rw-r--r-- | fuzz/FuzzParsePath.cpp | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/fuzz/FuzzParsePath.cpp b/fuzz/FuzzParsePath.cpp index 1a597d87a0..90b99ca8e5 100644 --- a/fuzz/FuzzParsePath.cpp +++ b/fuzz/FuzzParsePath.cpp @@ -39,9 +39,13 @@ static void add_white(Fuzz* fuzz, SkString* atom) { atom->append(" "); return; } - int reps = fuzz->nextRange(0, 2); - for (int rep = 0; rep < reps; ++rep) { - int index = fuzz->nextRange(0, (int) SK_ARRAY_COUNT(gWhiteSpace) - 1); + // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint" + // smaller, which leads to more efficient fuzzing. + uint8_t reps; + fuzz->nextRange(&reps, 0, 2); + for (uint8_t rep = 0; rep < reps; ++rep) { + uint8_t index; + fuzz->nextRange(&index, 0, SK_ARRAY_COUNT(gWhiteSpace) - 1); if (gWhiteSpace[index]) { atom->append(&gWhiteSpace[index], 1); } @@ -60,7 +64,9 @@ static void add_comma(Fuzz* fuzz, SkString* atom) { return; } add_white(fuzz, atom); - if (fuzz->next<bool>()) { + bool b; + fuzz->next(&b); + if (b) { atom->append(","); } add_some_white(fuzz, atom); @@ -68,15 +74,20 @@ static void add_comma(Fuzz* fuzz, SkString* atom) { SkString MakeRandomParsePathPiece(Fuzz* fuzz) { SkString atom; - int index = fuzz->nextRange(0, (int) SK_ARRAY_COUNT(gLegal) - 1); + uint8_t index; + fuzz->nextRange(&index, 0, SK_ARRAY_COUNT(gLegal) - 1); const Legal& legal = gLegal[index]; gEasy ? atom.append("\n") : add_white(fuzz, &atom); - char symbol = legal.fSymbol | (fuzz->next<bool>() ? 0x20 : 0); + bool b; + fuzz->next(&b); + char symbol = legal.fSymbol | (b ? 0x20 : 0); atom.append(&symbol, 1); - int reps = fuzz->nextRange(1, 3); + uint8_t reps; + fuzz->nextRange(&reps, 1, 3); for (int rep = 0; rep < reps; ++rep) { for (int index = 0; index < legal.fScalars; ++index) { - SkScalar coord = fuzz->nextRange(0.0f, 100.0f); + SkScalar coord; + fuzz->nextRange(&coord, 0.0f, 100.0f); add_white(fuzz, &atom); atom.appendScalar(coord); if (rep < reps - 1 && index < legal.fScalars - 1) { @@ -85,11 +96,15 @@ SkString MakeRandomParsePathPiece(Fuzz* fuzz) { add_some_white(fuzz, &atom); } if ('A' == legal.fSymbol && 1 == index) { - atom.appendScalar(fuzz->nextRange(-720.0f, 720.0f)); + SkScalar s; + fuzz->nextRange(&s, -720.0f, 720.0f); + atom.appendScalar(s); add_comma(fuzz, &atom); - atom.appendU32(fuzz->nextRange(0, 1)); + fuzz->next(&b); + atom.appendU32(b); add_comma(fuzz, &atom); - atom.appendU32(fuzz->nextRange(0, 1)); + fuzz->next(&b); + atom.appendU32(b); add_comma(fuzz, &atom); } } @@ -100,8 +115,9 @@ SkString MakeRandomParsePathPiece(Fuzz* fuzz) { DEF_FUZZ(ParsePath, fuzz) { SkPath path; SkString spec; - uint32_t count = fuzz->nextRange(0, 40); - for (uint32_t i = 0; i < count; ++i) { + uint8_t count; + fuzz->nextRange(&count, 0, 40); + for (uint8_t i = 0; i < count; ++i) { spec.append(MakeRandomParsePathPiece(fuzz)); } SkDebugf("SkParsePath::FromSVGString(%s, &path);\n",spec.c_str()); |