Break some fuzzer targets out so oss-fuzz can use them

FuzzImageFilterDeserialize is already being used in oss-fuzz
but the target lived there and not here.  This moves it here.

Then we can turn on:
 - FuzzPathDeserialize
 - FuzzTextBlobDeserialize


Bug: skia:
Change-Id: I7baee8386fb7aeebc43a68abfff9a670ba16f82c
Reviewed-on: https://skia-review.googlesource.com/105763
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>

4 files changed, 127 insertions, 50 deletions

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 37029949ed..945518a3c3 100644
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -12,7 +12,6 @@
 #include "SkData.h"
 #include "SkImage.h"
 #include "SkImageEncoder.h"
-#include "SkImageFilter.h"
 #include "SkMallocPixelRef.h"
 #include "SkOSFile.h"
 #include "SkOSPath.h"
@@ -21,7 +20,6 @@
 #include "SkPicture.h"
 #include "SkPipe.h"
 #include "SkReadBuffer.h"
-#include "SkRegion.h"
 #include "SkStream.h"
 #include "SkSurface.h"
 #include "SkTextBlob.h"
@@ -513,18 +511,12 @@ static void fuzz_color_deserialize(sk_sp<SkData> bytes) {
     SkDebugf("[terminated] Success! deserialized Colorspace.\n");
 }
 
+void FuzzPathDeserialize(SkReadBuffer& buf);
+
 static void fuzz_path_deserialize(sk_sp<SkData> bytes) {
-    SkPath path;
     SkReadBuffer buf(bytes->data(), bytes->size());
-    buf.readPath(&path);
-    if (!buf.isValid()) {
-        SkDebugf("[terminated] Couldn't deserialize SkPath.\n");
-        return;
-    }
-
-    auto s = SkSurface::MakeRasterN32Premul(1024, 1024);
-    s->getCanvas()->drawPath(path, SkPaint());
-    SkDebugf("[terminated] Success! Initialized SkPath.\n");
+    FuzzPathDeserialize(buf);
+    SkDebugf("[terminated] path_deserialize didn't crash!\n");
 }
 
 bool FuzzRegionDeserialize(sk_sp<SkData> bytes);
@@ -537,17 +529,12 @@ static void fuzz_region_deserialize(sk_sp<SkData> bytes) {
     SkDebugf("[terminated] Success! Initialized SkRegion.\n");
 }
 
+void FuzzTextBlobDeserialize(SkReadBuffer& buf);
+
 static void fuzz_textblob_deserialize(sk_sp<SkData> bytes) {
     SkReadBuffer buf(bytes->data(), bytes->size());
-    auto tb = SkTextBlob::MakeFromBuffer(buf);
-    if (!buf.isValid()) {
-        SkDebugf("[terminated] Couldn't deserialize SkTextBlob.\n");
-        return;
-    }
-
-    auto s = SkSurface::MakeRasterN32Premul(512, 512);
-    s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint());
-    SkDebugf("[terminated] Success! Initialized SkTextBlob.\n");
+    FuzzTextBlobDeserialize(buf);
+    SkDebugf("[terminated] textblob didn't crash!\n");
 }
 
 void FuzzRegionSetPath(Fuzz* fuzz);
@@ -558,36 +545,11 @@ static void fuzz_region_set_path(sk_sp<SkData> bytes) {
     SkDebugf("[terminated] region_set_path didn't crash!\n");
 }
 
-static void fuzz_filter_fuzz(sk_sp<SkData> bytes) {
-    const int BitmapSize = 24;
-    SkBitmap bitmap;
-    bitmap.allocN32Pixels(BitmapSize, BitmapSize);
-    SkCanvas canvas(bitmap);
-    canvas.clear(0x00000000);
-
-    auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size());
-
-    // Adding some info, but the test passed if we got here without any trouble
-    if (flattenable != nullptr) {
-        SkDebugf("Valid stream detected.\n");
-        // Let's see if using the filters can cause any trouble...
-        SkPaint paint;
-        paint.setImageFilter(flattenable);
-        canvas.save();
-        canvas.clipRect(SkRect::MakeXYWH(
-            0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize)));
-
-        // This call shouldn't crash or cause ASAN to flag any memory issues
-        // If nothing bad happens within this call, everything is fine
-        canvas.drawBitmap(bitmap, 0, 0, &paint);
-
-        SkDebugf("Filter DAG rendered successfully\n");
-        canvas.restore();
-    } else {
-        SkDebugf("Invalid stream detected.\n");
-    }
+void FuzzImageFilterDeserialize(sk_sp<SkData> bytes);
 
-    SkDebugf("[terminated] Done\n");
+static void fuzz_filter_fuzz(sk_sp<SkData> bytes) {
+    FuzzImageFilterDeserialize(bytes);
+    SkDebugf("[terminated] filter_fuzz didn't crash!\n");
 }
 
 #if SK_SUPPORT_GPU
diff --git a/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp
new file mode 100644
index 0000000000..f9d9598892
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+
+#include "SkBitmap.h"
+#include "SkCanvas.h"
+#include "SkData.h"
+#include "SkImageFilter.h"
+#include "SkPaint.h"
+
+void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) {
+    const int BitmapSize = 24;
+    SkBitmap bitmap;
+    bitmap.allocN32Pixels(BitmapSize, BitmapSize);
+    SkCanvas canvas(bitmap);
+    canvas.clear(0x00000000);
+
+    auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size());
+
+    if (flattenable != nullptr) {
+        // Let's see if using the filters can cause any trouble...
+        SkPaint paint;
+        paint.setImageFilter(flattenable);
+        canvas.save();
+        canvas.clipRect(SkRect::MakeXYWH(
+            0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize)));
+
+        // This call shouldn't crash or cause ASAN to flag any memory issues
+        // If nothing bad happens within this call, everything is fine
+        canvas.drawBitmap(bitmap, 0, 0, &paint);
+
+        canvas.restore();
+    }
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    auto bytes = SkData::MakeWithoutCopy(data, size);
+    FuzzImageFilterDeserialize(bytes);
+    return 0;
+}
+#endif
diff --git a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
new file mode 100644
index 0000000000..b18f719f4f
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "SkCanvas.h"
+#include "SkPaint.h"
+#include "SkPath.h"
+#include "SkReadBuffer.h"
+#include "SkSurface.h"
+
+void FuzzPathDeserialize(SkReadBuffer& buf) {
+    SkPath path;
+    buf.readPath(&path);
+    if (!buf.isValid()) {
+        return;
+    }
+
+    auto s = SkSurface::MakeRasterN32Premul(128, 128);
+    if (!s) {
+        // May return nullptr in memory-constrained fuzzing environments
+        return;
+    }
+    s->getCanvas()->drawPath(path, SkPaint());
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    SkReadBuffer buf(data, size);
+    FuzzPathDeserialize(buf);
+    return 0;
+}
+#endif
diff --git a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp
new file mode 100644
index 0000000000..36c7057dbc
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "SkCanvas.h"
+#include "SkPaint.h"
+#include "SkReadBuffer.h"
+#include "SkSurface.h"
+#include "SkTextBlob.h"
+
+void FuzzTextBlobDeserialize(SkReadBuffer& buf) {
+    auto tb = SkTextBlob::MakeFromBuffer(buf);
+    if (!buf.isValid()) {
+        return;
+    }
+
+    auto s = SkSurface::MakeRasterN32Premul(128, 128);
+    if (!s) {
+        // May return nullptr in memory-constrained fuzzing environments
+        return;
+    }
+    s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint());
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    SkReadBuffer buf(data, size);
+    FuzzTextBlobDeserialize(buf);
+    return 0;
+}
+#endif