diff options
author | Kevin Lubick <kjlubick@google.com> | 2018-02-08 14:31:24 -0500 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-02-09 14:37:41 +0000 |
commit | f034d118597dc346bfe7f327ea10a950a7c1e35d (patch) | |
tree | 20b045b8f381e29d2039f15bccecb33703f0cf52 /fuzz/oss_fuzz | |
parent | 67f8584b6f899876ca4187dba4f449ce5489f9c8 (diff) |
Break some fuzzer targets out so oss-fuzz can use them
FuzzImageFilterDeserialize is already being used in oss-fuzz
but the target lived there and not here. This moves it here.
Then we can turn on:
- FuzzPathDeserialize
- FuzzTextBlobDeserialize
Bug: skia:
Change-Id: I7baee8386fb7aeebc43a68abfff9a670ba16f82c
Reviewed-on: https://skia-review.googlesource.com/105763
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Diffstat (limited to 'fuzz/oss_fuzz')
-rw-r--r-- | fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp | 46 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzPathDeserialize.cpp | 35 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp | 34 |
3 files changed, 115 insertions, 0 deletions
diff --git a/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp new file mode 100644 index 0000000000..f9d9598892 --- /dev/null +++ b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp @@ -0,0 +1,46 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + + +#include "SkBitmap.h" +#include "SkCanvas.h" +#include "SkData.h" +#include "SkImageFilter.h" +#include "SkPaint.h" + +void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) { + const int BitmapSize = 24; + SkBitmap bitmap; + bitmap.allocN32Pixels(BitmapSize, BitmapSize); + SkCanvas canvas(bitmap); + canvas.clear(0x00000000); + + auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size()); + + if (flattenable != nullptr) { + // Let's see if using the filters can cause any trouble... + SkPaint paint; + paint.setImageFilter(flattenable); + canvas.save(); + canvas.clipRect(SkRect::MakeXYWH( + 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); + + // This call shouldn't crash or cause ASAN to flag any memory issues + // If nothing bad happens within this call, everything is fine + canvas.drawBitmap(bitmap, 0, 0, &paint); + + canvas.restore(); + } +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + auto bytes = SkData::MakeWithoutCopy(data, size); + FuzzImageFilterDeserialize(bytes); + return 0; +} +#endif diff --git a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp new file mode 100644 index 0000000000..b18f719f4f --- /dev/null +++ b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp @@ -0,0 +1,35 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkCanvas.h" +#include "SkPaint.h" +#include "SkPath.h" +#include "SkReadBuffer.h" +#include "SkSurface.h" + +void FuzzPathDeserialize(SkReadBuffer& buf) { + SkPath path; + buf.readPath(&path); + if (!buf.isValid()) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + s->getCanvas()->drawPath(path, SkPaint()); +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + SkReadBuffer buf(data, size); + FuzzPathDeserialize(buf); + return 0; +} +#endif diff --git a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp new file mode 100644 index 0000000000..36c7057dbc --- /dev/null +++ b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp @@ -0,0 +1,34 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkCanvas.h" +#include "SkPaint.h" +#include "SkReadBuffer.h" +#include "SkSurface.h" +#include "SkTextBlob.h" + +void FuzzTextBlobDeserialize(SkReadBuffer& buf) { + auto tb = SkTextBlob::MakeFromBuffer(buf); + if (!buf.isValid()) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint()); +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + SkReadBuffer buf(data, size); + FuzzTextBlobDeserialize(buf); + return 0; +} +#endif |