Index: fuzz/fuzz.cpp |
diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp |
index 929ba7a4cf54dd4d7243d968cb7bfc9182ad7c1c..55f6046f6ebde515d36ebef34073ff5db1e10d1b 100644 |
--- a/fuzz/fuzz.cpp |
+++ b/fuzz/fuzz.cpp |
@@ -6,9 +6,14 @@ |
*/ |
#include "Fuzz.h" |
+#include <stdlib.h> |
+#include <signal.h> |
int main(int argc, char** argv) { |
- ASSERT(argc > 2); |
+ if (argc < 3) { |
+ SkDebugf("Usage: %s <fuzz name> <path/to/fuzzed.data>\n", argv[0]); |
+ return 1; |
+ } |
const char* name = argv[1]; |
const char* path = argv[2]; |
@@ -18,6 +23,7 @@ int main(int argc, char** argv) { |
for (auto r = SkTRegistry<Fuzzable>::Head(); r; r = r->next()) { |
auto fuzzable = r->factory(); |
if (0 == strcmp(name, fuzzable.name)) { |
+ SkDebugf("Running %s\n", fuzzable.name); |
fuzzable.fn(&fuzz); |
return 0; |
} |
@@ -28,19 +34,22 @@ int main(int argc, char** argv) { |
Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {} |
+void Fuzz::signalBug () { raise(SIGSEGV); } |
+void Fuzz::signalBoring() { exit(0); } |
+ |
template <typename T> |
-static T read(const SkData* data, int* next) { |
- ASSERT(sizeof(T) <= data->size()); |
- if (*next + sizeof(T) > data->size()) { |
- *next = 0; |
+T Fuzz::nextT() { |
+ if (fNextByte + sizeof(T) > fBytes->size()) { |
+ this->signalBoring(); |
} |
+ |
T val; |
- memcpy(&val, data->bytes() + *next, sizeof(T)); |
- *next += sizeof(T); |
+ memcpy(&val, fBytes->bytes() + fNextByte, sizeof(T)); |
+ fNextByte += sizeof(T); |
return val; |
} |
-uint8_t Fuzz::nextB() { return read<uint8_t >(fBytes, &fNextByte); } |
-uint32_t Fuzz::nextU() { return read<uint32_t>(fBytes, &fNextByte); } |
-float Fuzz::nextF() { return read<float >(fBytes, &fNextByte); } |
+uint8_t Fuzz::nextB() { return this->nextT<uint8_t >(); } |
+uint32_t Fuzz::nextU() { return this->nextT<uint32_t>(); } |
+float Fuzz::nextF() { return this->nextT<float >(); } |