diff options
| author |  Kevin Lubick <kjlubick@google.com> | 2018-02-12 08:26:39 -0500 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-02-12 15:25:59 +0000 |
| commit | 2416f968a69ff71f83eb17e97d1cb6448c916a69 (patch) | |
| tree | 91e1846328cae9f649f0768b9401faea7ab11885 /fuzz/oss_fuzz | |
| parent | 77295347c229fa4353e09d97961546ce3c9391e5 (diff) | |
Add 2 fuzz targets for image decoding (oss-fuzz)
This also adds in a few small guards to prevent libfuzzer from frequently
running out of memory when an image claims to have billions of pixels.
Bug: skia:
Change-Id: I47a9daac832c4d85a42000698482b61721c38880
Reviewed-on: https://skia-review.googlesource.com/106264
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
Diffstat (limited to 'fuzz/oss_fuzz')
| -rw-r--r-- | fuzz/oss_fuzz/FuzzAnimatedImage.cpp | 47 | ||||
| -rw-r--r-- | fuzz/oss_fuzz/FuzzImage.cpp | 37 |
2 files changed, 84 insertions, 0 deletions
diff --git a/fuzz/oss_fuzz/FuzzAnimatedImage.cpp b/fuzz/oss_fuzz/FuzzAnimatedImage.cpp new file mode 100644 index 0000000000..af433348c5 --- /dev/null +++ b/fuzz/oss_fuzz/FuzzAnimatedImage.cpp @@ -0,0 +1,47 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkAndroidCodec.h" +#include "SkAnimatedImage.h" +#include "SkPaint.h" +#include "SkCanvas.h" +#include "SkData.h" +#include "SkSurface.h" + +void FuzzAnimatedImage(sk_sp<SkData> bytes) { + auto codec = SkAndroidCodec::MakeFromData(bytes); + if (nullptr == codec) { + return; + } + auto aImg = SkAnimatedImage::Make(std::move(codec)); + if (nullptr == aImg) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + + SkPaint p; + int escape = 0; + while (!aImg->isFinished() && escape < 100) { + aImg->draw(s->getCanvas()); + escape++; + aImg->decodeNextFrame(); + } + +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + auto bytes = SkData::MakeWithoutCopy(data, size); + FuzzAnimatedImage(bytes); + return 0; +} +#endif diff --git a/fuzz/oss_fuzz/FuzzImage.cpp b/fuzz/oss_fuzz/FuzzImage.cpp new file mode 100644 index 0000000000..0f0f6f5a43 --- /dev/null +++ b/fuzz/oss_fuzz/FuzzImage.cpp @@ -0,0 +1,37 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkImage.h" +#include "SkPaint.h" +#include "SkCanvas.h" +#include "SkData.h" +#include "SkSurface.h" + +void FuzzImage(sk_sp<SkData> bytes) { + auto img = SkImage::MakeFromEncoded(bytes); + if (nullptr == img.get()) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + + SkPaint p; + s->getCanvas()->drawImage(img, 0, 0, &p); + +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + auto bytes = SkData::MakeWithoutCopy(data, size); + FuzzImage(bytes); + return 0; +} +#endif |