diff options
| author |  Herb Derby <herb@google.com> | 2017-03-16 12:30:43 -0400 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2017-03-16 19:25:57 +0000 |
| commit | a839fc0b63bd68682dcf51abc77078bfea48c1a1 (patch) | |
| tree | 6eaac467ec4f0cdf7fe9b5703bd19bc2e8021c62 /fuzz | |
| parent | fd47ca5cea3be4a3a8336a7c54e6e2775b041335 (diff) | |
Add Chromium's fuzz_fileter_fuzz to skia.
Move the fuzzer in
chromium/src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc
to Skia's fuzzer.
I recommend removing filter_fuzz_stub from chromium and only
using Skia's fuzzer.
BUG=chromium:700836
Change-Id: Ibab1a9b696e54a3042ee61f5524d196c12df2888
Reviewed-on: https://skia-review.googlesource.com/9802
Commit-Queue: Herb Derby <herb@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/fuzz.cpp | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index ea385adb3b..d156680718 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -10,11 +10,14 @@ #include "SkCodec.h" #include "SkCommandLineFlags.h" #include "SkData.h" +#include "SkFlattenableSerialization.h" #include "SkImage.h" #include "SkImageEncoder.h" +#include "SkImageFilter.h" #include "SkMallocPixelRef.h" #include "SkOSFile.h" #include "SkOSPath.h" +#include "SkPaint.h" #include "SkPath.h" #include "SkPicture.h" #include "SkRegion.h" @@ -55,6 +58,8 @@ static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp<SkData>); static void fuzz_region_deserialize(sk_sp<SkData>); static void fuzz_skp(sk_sp<SkData>); +static void fuzz_filter_fuzz(sk_sp<SkData>); + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp<SkData>); #endif @@ -122,6 +127,10 @@ static int fuzz_file(const char* path) { fuzz_skp(bytes); return 0; } + if (0 == strcmp("filter_fuzz", FLAGS_type[0])) { + fuzz_filter_fuzz(bytes); + return 0; + } #if SK_SUPPORT_GPU if (0 == strcmp("sksl2glsl", FLAGS_type[0])) { fuzz_sksl2glsl(bytes); @@ -512,6 +521,40 @@ static void fuzz_region_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Initialized SkRegion.\n"); } +static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { + + const int BitmapSize = 24; + SkBitmap bitmap; + bitmap.allocN32Pixels(BitmapSize, BitmapSize); + SkCanvas canvas(bitmap); + canvas.clear(0x00000000); + + sk_sp<SkImageFilter> flattenable = SkValidatingDeserializeImageFilter( + bytes->data(), bytes->size()); + + // Adding some info, but the test passed if we got here without any trouble + if (flattenable != NULL) { + SkDebugf("Valid stream detected.\n"); + // Let's see if using the filters can cause any trouble... + SkPaint paint; + paint.setImageFilter(flattenable); + canvas.save(); + canvas.clipRect(SkRect::MakeXYWH( + 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); + + // This call shouldn't crash or cause ASAN to flag any memory issues + // If nothing bad happens within this call, everything is fine + canvas.drawBitmap(bitmap, 0, 0, &paint); + + SkDebugf("Filter DAG rendered successfully\n"); + canvas.restore(); + } else { + SkDebugf("Invalid stream detected.\n"); + } + + SkDebugf("[terminated] Done\n"); +} + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp<SkData> bytes) { SkSL::Compiler compiler; |