From 2541edf0c6f9dc6897853efe546b5c215034ad49 Mon Sep 17 00:00:00 2001
From: Kevin Lubick <kjlubick@google.com>
Date: Thu, 11 Jan 2018 10:27:14 -0500
Subject: Add in Region SetPath Fuzzer

Also refactor a few things to make it easier to use oss-fuzz.

Bug: skia:
Change-Id: Ie518a6cfc7d57a347b5d09089379f986d33f8b7f
Reviewed-on: https://skia-review.googlesource.com/41740
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
---
 fuzz/oss_fuzz/FuzzRegionDeserialize.cpp | 39 ++++++++++++++++++++++++++++
 fuzz/oss_fuzz/FuzzRegionSetPath.cpp     | 46 +++++++++++++++++++++++++++++++++
 2 files changed, 85 insertions(+)
 create mode 100644 fuzz/oss_fuzz/FuzzRegionDeserialize.cpp
 create mode 100644 fuzz/oss_fuzz/FuzzRegionSetPath.cpp

(limited to 'fuzz/oss_fuzz')

diff --git a/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp b/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp
new file mode 100644
index 0000000000..c5b37cb68e
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+
+#include "SkCanvas.h"
+#include "SkPaint.h"
+#include "SkRegion.h"
+#include "SkSurface.h"
+
+bool FuzzRegionDeserialize(sk_sp<SkData> bytes) {
+    SkRegion region;
+    if (!region.readFromMemory(bytes->data(), bytes->size())) {
+        return false;
+    }
+    region.computeRegionComplexity();
+    region.isComplex();
+    SkRegion r2;
+    if (region == r2) {
+        region.contains(0,0);
+    } else {
+        region.contains(1,1);
+    }
+    auto s = SkSurface::MakeRasterN32Premul(1024, 1024);
+    s->getCanvas()->drawRegion(region, SkPaint());
+    SkDEBUGCODE(region.validate());
+    return true;
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    auto bytes = SkData::MakeWithoutCopy(data, size);
+    FuzzRegionDeserialize(bytes);
+    return 0;
+}
+#endif
diff --git a/fuzz/oss_fuzz/FuzzRegionSetPath.cpp b/fuzz/oss_fuzz/FuzzRegionSetPath.cpp
new file mode 100644
index 0000000000..e51a4c03f0
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzRegionSetPath.cpp
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 Google Inc.
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "../Fuzz.h"
+#include "../FuzzCommon.h"
+#include "SkData.h"
+#include "SkPath.h"
+#include "SkRegion.h"
+
+
+void FuzzRegionSetPath(Fuzz* fuzz) {
+    SkPath p;
+    fuzz_path(fuzz, &p, 1000);
+    SkRegion r1;
+    bool initR1;
+    fuzz->next(&initR1);
+    if (initR1) {
+        fuzz->next(&r1);
+    }
+    SkRegion r2;
+    fuzz->next(&r2);
+
+    r1.setPath(p, r2);
+
+    // Do some follow on computations to make sure region is well-formed.
+    r1.computeRegionComplexity();
+    r1.isComplex();
+    if (r1 == r2) {
+        r1.contains(0,0);
+    } else {
+        r1.contains(1,1);
+    }
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    sk_sp<SkData> bytes(SkData::MakeWithoutCopy(data, size));
+    Fuzz fuzz(bytes);
+    FuzzRegionSetPath(&fuzz);
+    return 0;
+}
+#endif
-- 
cgit v1.2.3