diff options
author | Kevin Lubick <kjlubick@google.com> | 2018-01-11 10:27:14 -0500 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-01-11 19:42:53 +0000 |
commit | 2541edf0c6f9dc6897853efe546b5c215034ad49 (patch) | |
tree | ed23f1aadc624f27fde4e2f53c6960488152b42f /fuzz/fuzz.cpp | |
parent | b5ef1f9b13e36a427dd6350986d41db208b2df1b (diff) |
Add in Region SetPath Fuzzer
Also refactor a few things to make it easier to use oss-fuzz.
Bug: skia:
Change-Id: Ie518a6cfc7d57a347b5d09089379f986d33f8b7f
Reviewed-on: https://skia-review.googlesource.com/41740
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Diffstat (limited to 'fuzz/fuzz.cpp')
-rw-r--r-- | fuzz/fuzz.cpp | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 45298ca871..c4de6c49f3 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -35,6 +35,7 @@ #include <signal.h> #include "sk_tool_utils.h" + DEFINE_string2(bytes, b, "", "A path to a file or a directory. If a file, the " "contents will be used as the fuzz bytes. If a directory, all files " "in the directory will be used as fuzz bytes for the fuzzer, one at a " @@ -53,6 +54,7 @@ DEFINE_string2(type, t, "", "How to interpret --bytes, one of:\n" "path_deserialize\n" "pipe\n" "region_deserialize\n" + "region_set_path\n" "skp\n" "sksl2glsl\n" "textblob"); @@ -67,6 +69,7 @@ static void fuzz_icc(sk_sp<SkData>); static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp<SkData>); static void fuzz_region_deserialize(sk_sp<SkData>); +static void fuzz_region_set_path(sk_sp<SkData>); static void fuzz_skp(sk_sp<SkData>); static void fuzz_skpipe(sk_sp<SkData>); static void fuzz_textblob_deserialize(sk_sp<SkData>); @@ -136,6 +139,10 @@ static int fuzz_file(const char* path) { fuzz_region_deserialize(bytes); return 0; } + if (0 == strcmp("region_set_path", FLAGS_type[0])) { + fuzz_region_set_path(bytes); + return 0; + } if (0 == strcmp("pipe", FLAGS_type[0])) { fuzz_skpipe(bytes); return 0; @@ -521,23 +528,13 @@ static void fuzz_path_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Initialized SkPath.\n"); } +bool FuzzRegionDeserialize(sk_sp<SkData> bytes); + static void fuzz_region_deserialize(sk_sp<SkData> bytes) { - SkRegion region; - if (!region.readFromMemory(bytes->data(), bytes->size())) { + if (!FuzzRegionDeserialize(bytes)) { SkDebugf("[terminated] Couldn't initialize SkRegion.\n"); return; } - region.computeRegionComplexity(); - region.isComplex(); - SkRegion r2; - if (region == r2) { - region.contains(0,0); - } else { - region.contains(1,1); - } - auto s = SkSurface::MakeRasterN32Premul(1024, 1024); - s->getCanvas()->drawRegion(region, SkPaint()); - SkDEBUGCODE(region.validate()); SkDebugf("[terminated] Success! Initialized SkRegion.\n"); } @@ -554,6 +551,14 @@ static void fuzz_textblob_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Initialized SkTextBlob.\n"); } +void FuzzRegionSetPath(Fuzz* fuzz); + +static void fuzz_region_set_path(sk_sp<SkData> bytes) { + Fuzz fuzz(bytes); + FuzzRegionSetPath(&fuzz); + SkDebugf("[terminated] region_set_path didn't crash!\n"); +} + static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { const int BitmapSize = 24; SkBitmap bitmap; @@ -603,13 +608,3 @@ static void fuzz_sksl2glsl(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Compiled input.\n"); } #endif - -Fuzz::Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {} - -void Fuzz::signalBug() { SkDebugf("Signal bug\n"); raise(SIGSEGV); } - -size_t Fuzz::size() { return fBytes->size(); } - -bool Fuzz::exhausted() { - return fBytes->size() == fNextByte; -} |