diff options
author | Kevin Lubick <kjlubick@google.com> | 2018-02-08 14:31:24 -0500 |
---|---|---|
committer | Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-02-09 14:37:41 +0000 |
commit | f034d118597dc346bfe7f327ea10a950a7c1e35d (patch) | |
tree | 20b045b8f381e29d2039f15bccecb33703f0cf52 /fuzz | |
parent | 67f8584b6f899876ca4187dba4f449ce5489f9c8 (diff) |
Break some fuzzer targets out so oss-fuzz can use them
FuzzImageFilterDeserialize is already being used in oss-fuzz
but the target lived there and not here. This moves it here.
Then we can turn on:
- FuzzPathDeserialize
- FuzzTextBlobDeserialize
Bug: skia:
Change-Id: I7baee8386fb7aeebc43a68abfff9a670ba16f82c
Reviewed-on: https://skia-review.googlesource.com/105763
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/fuzz.cpp | 62 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp | 46 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzPathDeserialize.cpp | 35 | ||||
-rw-r--r-- | fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp | 34 |
4 files changed, 127 insertions, 50 deletions
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 37029949ed..945518a3c3 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -12,7 +12,6 @@ #include "SkData.h" #include "SkImage.h" #include "SkImageEncoder.h" -#include "SkImageFilter.h" #include "SkMallocPixelRef.h" #include "SkOSFile.h" #include "SkOSPath.h" @@ -21,7 +20,6 @@ #include "SkPicture.h" #include "SkPipe.h" #include "SkReadBuffer.h" -#include "SkRegion.h" #include "SkStream.h" #include "SkSurface.h" #include "SkTextBlob.h" @@ -513,18 +511,12 @@ static void fuzz_color_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! deserialized Colorspace.\n"); } +void FuzzPathDeserialize(SkReadBuffer& buf); + static void fuzz_path_deserialize(sk_sp<SkData> bytes) { - SkPath path; SkReadBuffer buf(bytes->data(), bytes->size()); - buf.readPath(&path); - if (!buf.isValid()) { - SkDebugf("[terminated] Couldn't deserialize SkPath.\n"); - return; - } - - auto s = SkSurface::MakeRasterN32Premul(1024, 1024); - s->getCanvas()->drawPath(path, SkPaint()); - SkDebugf("[terminated] Success! Initialized SkPath.\n"); + FuzzPathDeserialize(buf); + SkDebugf("[terminated] path_deserialize didn't crash!\n"); } bool FuzzRegionDeserialize(sk_sp<SkData> bytes); @@ -537,17 +529,12 @@ static void fuzz_region_deserialize(sk_sp<SkData> bytes) { SkDebugf("[terminated] Success! Initialized SkRegion.\n"); } +void FuzzTextBlobDeserialize(SkReadBuffer& buf); + static void fuzz_textblob_deserialize(sk_sp<SkData> bytes) { SkReadBuffer buf(bytes->data(), bytes->size()); - auto tb = SkTextBlob::MakeFromBuffer(buf); - if (!buf.isValid()) { - SkDebugf("[terminated] Couldn't deserialize SkTextBlob.\n"); - return; - } - - auto s = SkSurface::MakeRasterN32Premul(512, 512); - s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint()); - SkDebugf("[terminated] Success! Initialized SkTextBlob.\n"); + FuzzTextBlobDeserialize(buf); + SkDebugf("[terminated] textblob didn't crash!\n"); } void FuzzRegionSetPath(Fuzz* fuzz); @@ -558,36 +545,11 @@ static void fuzz_region_set_path(sk_sp<SkData> bytes) { SkDebugf("[terminated] region_set_path didn't crash!\n"); } -static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { - const int BitmapSize = 24; - SkBitmap bitmap; - bitmap.allocN32Pixels(BitmapSize, BitmapSize); - SkCanvas canvas(bitmap); - canvas.clear(0x00000000); - - auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size()); - - // Adding some info, but the test passed if we got here without any trouble - if (flattenable != nullptr) { - SkDebugf("Valid stream detected.\n"); - // Let's see if using the filters can cause any trouble... - SkPaint paint; - paint.setImageFilter(flattenable); - canvas.save(); - canvas.clipRect(SkRect::MakeXYWH( - 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); - - // This call shouldn't crash or cause ASAN to flag any memory issues - // If nothing bad happens within this call, everything is fine - canvas.drawBitmap(bitmap, 0, 0, &paint); - - SkDebugf("Filter DAG rendered successfully\n"); - canvas.restore(); - } else { - SkDebugf("Invalid stream detected.\n"); - } +void FuzzImageFilterDeserialize(sk_sp<SkData> bytes); - SkDebugf("[terminated] Done\n"); +static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { + FuzzImageFilterDeserialize(bytes); + SkDebugf("[terminated] filter_fuzz didn't crash!\n"); } #if SK_SUPPORT_GPU diff --git a/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp new file mode 100644 index 0000000000..f9d9598892 --- /dev/null +++ b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp @@ -0,0 +1,46 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + + +#include "SkBitmap.h" +#include "SkCanvas.h" +#include "SkData.h" +#include "SkImageFilter.h" +#include "SkPaint.h" + +void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) { + const int BitmapSize = 24; + SkBitmap bitmap; + bitmap.allocN32Pixels(BitmapSize, BitmapSize); + SkCanvas canvas(bitmap); + canvas.clear(0x00000000); + + auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size()); + + if (flattenable != nullptr) { + // Let's see if using the filters can cause any trouble... + SkPaint paint; + paint.setImageFilter(flattenable); + canvas.save(); + canvas.clipRect(SkRect::MakeXYWH( + 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); + + // This call shouldn't crash or cause ASAN to flag any memory issues + // If nothing bad happens within this call, everything is fine + canvas.drawBitmap(bitmap, 0, 0, &paint); + + canvas.restore(); + } +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + auto bytes = SkData::MakeWithoutCopy(data, size); + FuzzImageFilterDeserialize(bytes); + return 0; +} +#endif diff --git a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp new file mode 100644 index 0000000000..b18f719f4f --- /dev/null +++ b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp @@ -0,0 +1,35 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkCanvas.h" +#include "SkPaint.h" +#include "SkPath.h" +#include "SkReadBuffer.h" +#include "SkSurface.h" + +void FuzzPathDeserialize(SkReadBuffer& buf) { + SkPath path; + buf.readPath(&path); + if (!buf.isValid()) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + s->getCanvas()->drawPath(path, SkPaint()); +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + SkReadBuffer buf(data, size); + FuzzPathDeserialize(buf); + return 0; +} +#endif diff --git a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp new file mode 100644 index 0000000000..36c7057dbc --- /dev/null +++ b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp @@ -0,0 +1,34 @@ +/* + * Copyright 2018 Google Inc. + * + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "SkCanvas.h" +#include "SkPaint.h" +#include "SkReadBuffer.h" +#include "SkSurface.h" +#include "SkTextBlob.h" + +void FuzzTextBlobDeserialize(SkReadBuffer& buf) { + auto tb = SkTextBlob::MakeFromBuffer(buf); + if (!buf.isValid()) { + return; + } + + auto s = SkSurface::MakeRasterN32Premul(128, 128); + if (!s) { + // May return nullptr in memory-constrained fuzzing environments + return; + } + s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint()); +} + +#if defined(IS_FUZZING_WITH_LIBFUZZER) +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + SkReadBuffer buf(data, size); + FuzzTextBlobDeserialize(buf); + return 0; +} +#endif |