From 416b248312efe7556f980d390254df8503bbbad7 Mon Sep 17 00:00:00 2001
From: Kevin Lubick <kjlubick@google.com>
Date: Thu, 10 Nov 2016 16:17:49 -0500
Subject: Avoid platform-dependent function params in Fuzzer

We use this approach instead of T next() because different compilers
evaluate function parameters in different orders. If fuzz->next()
returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
By requiring params to be passed in, we avoid the temptation to call
next() in a way that does not consume fuzzed bytes in a single
platform-independent order.

BUG=skia:

GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4392

Change-Id: I35de849f82e8be45378f662a48100eb732fa8895
Reviewed-on: https://skia-review.googlesource.com/4392
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
---
 fuzz/FuzzPathop.cpp | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'fuzz/FuzzPathop.cpp')

diff --git a/fuzz/FuzzPathop.cpp b/fuzz/FuzzPathop.cpp
index a555cd6344..f20352436c 100644
--- a/fuzz/FuzzPathop.cpp
+++ b/fuzz/FuzzPathop.cpp
@@ -15,32 +15,36 @@ void BuildPath(Fuzz* fuzz,
                SkPath* path,
                int last_verb) {
   while (!fuzz->exhausted()) {
-    uint8_t operation = fuzz->next<uint8_t>();
+    // Use a uint8_t to conserve bytes.  This makes our "fuzzed bytes footprint"
+    // smaller, which leads to more efficient fuzzing.
+    uint8_t operation;
+    fuzz->next(&operation);
+    SkScalar a,b,c,d,e,f;
 
     switch (operation % (last_verb + 1)) {
       case SkPath::Verb::kMove_Verb:
-        path->moveTo(fuzz->next<SkScalar>(), fuzz->next<SkScalar>());
+        fuzz->next(&a, &b);
+        path->moveTo(a, b);
         break;
 
       case SkPath::Verb::kLine_Verb:
-        path->lineTo(fuzz->next<SkScalar>(), fuzz->next<SkScalar>());
+        fuzz->next(&a, &b);
+        path->lineTo(a, b);
         break;
 
       case SkPath::Verb::kQuad_Verb:
-        path->quadTo(fuzz->next<SkScalar>(), fuzz->next<SkScalar>(),
-                     fuzz->next<SkScalar>(), fuzz->next<SkScalar>());
+        fuzz->next(&a, &b, &c, &d);
+        path->quadTo(a, b, c, d);
         break;
 
       case SkPath::Verb::kConic_Verb:
-        path->conicTo(fuzz->next<SkScalar>(), fuzz->next<SkScalar>(),
-                      fuzz->next<SkScalar>(), fuzz->next<SkScalar>(),
-                      fuzz->next<SkScalar>());
+        fuzz->next(&a, &b, &c, &d, &e);
+        path->conicTo(a, b, c, d, e);
         break;
 
       case SkPath::Verb::kCubic_Verb:
-        path->cubicTo(fuzz->next<SkScalar>(), fuzz->next<SkScalar>(),
-                      fuzz->next<SkScalar>(), fuzz->next<SkScalar>(),
-                      fuzz->next<SkScalar>(), fuzz->next<SkScalar>());
+        fuzz->next(&a, &b, &c, &d, &e, &f);
+        path->cubicTo(a, b, c, d, e, f);
         break;
 
       case SkPath::Verb::kClose_Verb:
@@ -57,7 +61,8 @@ void BuildPath(Fuzz* fuzz,
 DEF_FUZZ(Pathop, fuzz) {
     SkOpBuilder builder;
 
-    uint8_t stragglerOp = fuzz->next<uint8_t>();
+    uint8_t stragglerOp;
+    fuzz->next(&stragglerOp);
     SkPath path;
 
     BuildPath(fuzz, &path, SkPath::Verb::kDone_Verb);
-- 
cgit v1.2.3