aboutsummaryrefslogtreecommitdiffhomepage
path: root/fuzz/oss_fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/oss_fuzz')
-rw-r--r--fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp46
-rw-r--r--fuzz/oss_fuzz/FuzzPathDeserialize.cpp35
-rw-r--r--fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp34
3 files changed, 115 insertions, 0 deletions
diff --git a/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp
new file mode 100644
index 0000000000..f9d9598892
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+
+#include "SkBitmap.h"
+#include "SkCanvas.h"
+#include "SkData.h"
+#include "SkImageFilter.h"
+#include "SkPaint.h"
+
+void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) {
+ const int BitmapSize = 24;
+ SkBitmap bitmap;
+ bitmap.allocN32Pixels(BitmapSize, BitmapSize);
+ SkCanvas canvas(bitmap);
+ canvas.clear(0x00000000);
+
+ auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size());
+
+ if (flattenable != nullptr) {
+ // Let's see if using the filters can cause any trouble...
+ SkPaint paint;
+ paint.setImageFilter(flattenable);
+ canvas.save();
+ canvas.clipRect(SkRect::MakeXYWH(
+ 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize)));
+
+ // This call shouldn't crash or cause ASAN to flag any memory issues
+ // If nothing bad happens within this call, everything is fine
+ canvas.drawBitmap(bitmap, 0, 0, &paint);
+
+ canvas.restore();
+ }
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ auto bytes = SkData::MakeWithoutCopy(data, size);
+ FuzzImageFilterDeserialize(bytes);
+ return 0;
+}
+#endif
diff --git a/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
new file mode 100644
index 0000000000..b18f719f4f
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "SkCanvas.h"
+#include "SkPaint.h"
+#include "SkPath.h"
+#include "SkReadBuffer.h"
+#include "SkSurface.h"
+
+void FuzzPathDeserialize(SkReadBuffer& buf) {
+ SkPath path;
+ buf.readPath(&path);
+ if (!buf.isValid()) {
+ return;
+ }
+
+ auto s = SkSurface::MakeRasterN32Premul(128, 128);
+ if (!s) {
+ // May return nullptr in memory-constrained fuzzing environments
+ return;
+ }
+ s->getCanvas()->drawPath(path, SkPaint());
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ SkReadBuffer buf(data, size);
+ FuzzPathDeserialize(buf);
+ return 0;
+}
+#endif
diff --git a/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp
new file mode 100644
index 0000000000..36c7057dbc
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "SkCanvas.h"
+#include "SkPaint.h"
+#include "SkReadBuffer.h"
+#include "SkSurface.h"
+#include "SkTextBlob.h"
+
+void FuzzTextBlobDeserialize(SkReadBuffer& buf) {
+ auto tb = SkTextBlob::MakeFromBuffer(buf);
+ if (!buf.isValid()) {
+ return;
+ }
+
+ auto s = SkSurface::MakeRasterN32Premul(128, 128);
+ if (!s) {
+ // May return nullptr in memory-constrained fuzzing environments
+ return;
+ }
+ s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint());
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ SkReadBuffer buf(data, size);
+ FuzzTextBlobDeserialize(buf);
+ return 0;
+}
+#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-28 00:57:28 +0000