From edee1ae9e3b87983ed0ff0ea55b3c49892901260 Mon Sep 17 00:00:00 2001 From: Kevin Lubick Date: Mon, 20 Feb 2017 17:47:18 -0500 Subject: Write SkRegion fuzzer BUG=688987 Change-Id: I2ad1c53ea01185a77b662d2d86b0c6d36fcb63c7 Reviewed-on: https://skia-review.googlesource.com/8499 Commit-Queue: Kevin Lubick Reviewed-by: Hal Canary --- BUILD.gn | 3 +++ fuzz/fuzz.cpp | 27 +++++++++++++++++++++++++++ gn/BUILDCONFIG.gn | 1 + src/ports/SkMemory_malloc.cpp | 11 +++++++++++ 4 files changed, 42 insertions(+) diff --git a/BUILD.gn b/BUILD.gn index 5d022e0afc..4834836de9 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -154,6 +154,9 @@ config("skia_private") { if (skia_enable_discrete_gpu) { defines += [ "SK_ENABLE_DISCRETE_GPU" ] } + if (is_fuzzing) { + defines += [ "IS_FUZZING" ] + } } # Any code that's linked into Skia-the-library should use this config via += skia_library_configs. diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index 67207543e7..cc26b2daca 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -14,6 +14,8 @@ #include "SkImageEncoder.h" #include "SkMallocPixelRef.h" #include "SkPath.h" +#include "SkRegion.h" +#include "SkSurface.h" #include "SkOSFile.h" #include "SkOSPath.h" #include "SkPicture.h" @@ -44,6 +46,7 @@ static void fuzz_color_deserialize(sk_sp); static void fuzz_icc(sk_sp); static void fuzz_img(sk_sp, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp); +static void fuzz_region_deserialize(sk_sp); static void fuzz_skp(sk_sp); #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp); @@ -104,6 +107,10 @@ static int fuzz_file(const char* path) { fuzz_path_deserialize(bytes); return 0; } + if (0 == strcmp("region_deserialize", FLAGS_type[0])) { + fuzz_region_deserialize(bytes); + return 0; + } if (0 == strcmp("skp", FLAGS_type[0])) { fuzz_skp(bytes); return 0; @@ -476,6 +483,26 @@ static void fuzz_path_deserialize(sk_sp bytes) { SkDebugf("[terminated] Success! Initialized SkPath.\n"); } +static void fuzz_region_deserialize(sk_sp bytes) { + SkRegion region; + if (!region.readFromMemory(bytes->data(), bytes->size())) { + SkDebugf("[terminated] Couldn't initialize SkRegion.\n"); + return; + } + region.computeRegionComplexity(); + region.isComplex(); + SkRegion r2; + if (region == r2) { + region.contains(0,0); + } else { + region.contains(1,1); + } + auto s = SkSurface::MakeRasterN32Premul(1024, 1024); + s->getCanvas()->drawRegion(region, SkPaint()); + SkDEBUGCODE(region.validate()); + SkDebugf("[terminated] Success! Initialized SkRegion.\n"); +} + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp bytes) { SkSL::Compiler compiler; diff --git a/gn/BUILDCONFIG.gn b/gn/BUILDCONFIG.gn index a89931b432..82e3e10181 100644 --- a/gn/BUILDCONFIG.gn +++ b/gn/BUILDCONFIG.gn @@ -17,6 +17,7 @@ declare_args() { ndk_api = 21 } sanitize = "" + is_fuzzing = false } declare_args() { is_debug = !is_official_build diff --git a/src/ports/SkMemory_malloc.cpp b/src/ports/SkMemory_malloc.cpp index f06dc35ea6..5574a8a0f2 100644 --- a/src/ports/SkMemory_malloc.cpp +++ b/src/ports/SkMemory_malloc.cpp @@ -15,7 +15,11 @@ static inline void sk_out_of_memory(size_t size) { SK_DEBUGFAILF("sk_out_of_memory (asked for " SK_SIZE_T_SPECIFIER " bytes)", size); +#if defined(IS_FUZZING) + exit(1); +#else abort(); +#endif } static inline void* throw_on_failure(size_t size, void* p) { @@ -33,6 +37,9 @@ void sk_abort_no_print() { #endif #if defined(SK_DEBUG) && defined(SK_BUILD_FOR_WIN) __debugbreak(); +#endif +#if defined(IS_FUZZING) + exit(1); #else abort(); #endif @@ -40,7 +47,11 @@ void sk_abort_no_print() { void sk_out_of_memory(void) { SkDEBUGFAIL("sk_out_of_memory"); +#if defined(IS_FUZZING) + exit(1); +#else abort(); +#endif } void* sk_malloc_throw(size_t size) { -- cgit v1.2.3