diff options
author | Kevin Lubick <kjlubick@google.com> | 2018-05-03 16:26:10 -0400 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-05-04 13:05:12 +0000 |
commit | 9eeede2e710f0e5fab0f65e06e8d40a40cdaebcd (patch) | |
tree | 1194e042cbcb8958232c11b1f812425c3dc5f0c6 /fuzz | |
parent | 76c01c930ca4bea2fbfc78e1113ac2fd465f4129 (diff) |
Add Skottie fuzzer (via json input)
Bug: skia:
Change-Id: I97543b73755fca73f2ad014113ae8cd2c9227cf3
Reviewed-on: https://skia-review.googlesource.com/125820
Reviewed-by: Florin Malita <fmalita@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/fuzz.cpp | 22 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzSkottieJSON.cpp | 35 |
2 files changed, 53 insertions, 4 deletions
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index baaefd390d..c2a8ca0dc3 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -18,6 +18,7 @@ #include "SkPaint.h" #include "SkPath.h" #include "SkPicture.h" +#include "Skottie.h" #include "SkPipe.h" #include "SkReadBuffer.h" #include "SkStream.h" @@ -58,6 +59,7 @@ DEFINE_string2(type, t, "", "How to interpret --bytes, one of:\n" "region_set_path\n" "skp\n" "sksl2glsl\n" + "skottie_json\n" "textblob"); static int fuzz_file(SkString path, SkString type); @@ -74,6 +76,7 @@ static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp<SkData>); static void fuzz_region_deserialize(sk_sp<SkData>); static void fuzz_region_set_path(sk_sp<SkData>); +static void fuzz_skottie_json(sk_sp<SkData>); static void fuzz_skp(sk_sp<SkData>); static void fuzz_skpipe(sk_sp<SkData>); static void fuzz_textblob_deserialize(sk_sp<SkData>); @@ -158,6 +161,10 @@ static int fuzz_file(SkString path, SkString type) { fuzz_img(bytes, 0, option); return 0; } + if (type.equals("filter_fuzz")) { + fuzz_filter_fuzz(bytes); + return 0; + } if (type.equals("path_deserialize")) { fuzz_path_deserialize(bytes); return 0; @@ -174,12 +181,12 @@ static int fuzz_file(SkString path, SkString type) { fuzz_skpipe(bytes); return 0; } - if (type.equals("skp")) { - fuzz_skp(bytes); + if (type.equals("skottie_json")) { + fuzz_skottie_json(bytes); return 0; } - if (type.equals("filter_fuzz")) { - fuzz_filter_fuzz(bytes); + if (type.equals("skp")) { + fuzz_skp(bytes); return 0; } if (type.equals("textblob")) { @@ -257,6 +264,13 @@ static SkString try_auto_detect(SkString path, SkString* name) { return SkString(""); } +void FuzzSkottieJSON(sk_sp<SkData> bytes); + +static void fuzz_skottie_json(sk_sp<SkData> bytes){ + FuzzSkottieJSON(bytes); + SkDebugf("[terminated] Done animating!\n"); +} + // This adds up the first 1024 bytes and returns it as an 8 bit integer. This allows afl-fuzz to // deterministically excercise different paths, or *options* (such as different scaling sizes or // different image modes) without needing to introduce a parameter. This way we don't need a diff --git a/fuzz/oss_fuzz/FuzzSkottieJSON.cpp b/fuzz/oss_fuzz/FuzzSkottieJSON.cpp new file mode 100644 index 0000000000..e4f19ccad7 --- /dev/null +++ b/fuzz/oss_fuzz/FuzzSkottieJSON.cpp @@ -0,0 +1,35 @@ +/* + * Copyright 2018 Google, LLC + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkData.h" +#include "Skottie.h" +#include "SkStream.h" + +void FuzzSkottieJSON(sk_sp<SkData> bytes) { + // Always returns nullptr to any resource + class EmptyResourceProvider final : public skottie::ResourceProvider { + public: + std::unique_ptr<SkStream> openStream(const char resource[]) const override { + return nullptr; + } + }; + SkMemoryStream stream(bytes); + EmptyResourceProvider erp; + auto animation = skottie::Animation::Make(&stream, erp); + if (!animation) { + return; + } + animation->animationTick(1337); // A "nothing up my sleeve" number +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + auto bytes = SkData::MakeWithoutCopy(data, size); + FuzzSkottieJSON(bytes); + return 0; +} +#endif |