Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(575)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: testing/libfuzzer/fuzzers/skia_path_fuzzer.cc

Issue 2036523002: Implement a fuzzer for skia paths. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move to testing/libfuzzer Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « testing/libfuzzer/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: testing/libfuzzer/fuzzers/skia_path_fuzzer.cc
diff --git a/testing/libfuzzer/fuzzers/skia_path_fuzzer.cc b/testing/libfuzzer/fuzzers/skia_path_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..110ea46bcd26e1919874426df632d668669757e6
--- /dev/null
+++ b/testing/libfuzzer/fuzzers/skia_path_fuzzer.cc
@@ -0,0 +1,135 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "third_party/skia/include/core/SkCanvas.h"
+#include "third_party/skia/include/core/SkPaint.h"
+#include "third_party/skia/include/core/SkPath.h"
+#include "third_party/skia/include/core/SkSurface.h"
+
+// We specifically don't want to include kDone_Verb.
+const int kLastVerb = SkPath::Verb::kClose_Verb;
+
+template <typename T>
+static bool read(const uint8_t** data, size_t* size, T* value) {
+ if (*size < sizeof(T))
+ return false;
+
+ *value = *reinterpret_cast<const T*>(*data);
+ *data += sizeof(T);
+ *size -= sizeof(T);
+ return true;
+}
+
+void BuildPath(const uint8_t* data, size_t size, SkPath* path) {
+ uint8_t operation;
+ SkScalar a, b, c, d, e, f;
+ while (read<uint8_t>(&data, &size, &operation)) {
+ switch (operation % (kLastVerb + 1)) {
+ case SkPath::Verb::kMove_Verb:
+ if (!read<SkScalar>(&data, &size, &a) ||
+ !read<SkScalar>(&data, &size, &b))
+ return;
+ path->moveTo(a, b);
+ break;
+
+ case SkPath::Verb::kLine_Verb:
+ if (!read<SkScalar>(&data, &size, &a) ||
+ !read<SkScalar>(&data, &size, &b))
+ return;
+ path->lineTo(a, b);
+ break;
+
+ case SkPath::Verb::kQuad_Verb:
+ if (!read<SkScalar>(&data, &size, &a) ||
+ !read<SkScalar>(&data, &size, &b) ||
+ !read<SkScalar>(&data, &size, &c) ||
+ !read<SkScalar>(&data, &size, &d))
+ return;
+ path->quadTo(a, b, c, d);
+ break;
+
+ case SkPath::Verb::kConic_Verb:
+ if (!read<SkScalar>(&data, &size, &a) ||
+ !read<SkScalar>(&data, &size, &b) ||
+ !read<SkScalar>(&data, &size, &c) ||
+ !read<SkScalar>(&data, &size, &d) ||
+ !read<SkScalar>(&data, &size, &e))
+ return;
+ path->conicTo(a, b, c, d, e);
+ break;
+
+ case SkPath::Verb::kCubic_Verb:
+ if (!read<SkScalar>(&data, &size, &a) ||
+ !read<SkScalar>(&data, &size, &b) ||
+ !read<SkScalar>(&data, &size, &c) ||
+ !read<SkScalar>(&data, &size, &d) ||
+ !read<SkScalar>(&data, &size, &e) ||
+ !read<SkScalar>(&data, &size, &f))
+ return;
+ path->cubicTo(a, b, c, d, e, f);
+ break;
+
+ case SkPath::Verb::kClose_Verb:
+ path->close();
+ break;
+ }
+ }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ uint8_t w, h, anti_alias;
+ if (!read<uint8_t>(&data, &size, &w))
+ return 0;
+ if (!read<uint8_t>(&data, &size, &h))
+ return 0;
+ if (!read<uint8_t>(&data, &size, &anti_alias))
+ return 0;
+
+ SkScalar a, b, c, d;
+ if (!read<SkScalar>(&data, &size, &a))
+ return 0;
+ if (!read<SkScalar>(&data, &size, &b))
+ return 0;
+ if (!read<SkScalar>(&data, &size, &c))
+ return 0;
+ if (!read<SkScalar>(&data, &size, &d))
+ return 0;
+
+ // SkPath::readFromMemory does not seem to be able to handle arbitrary input.
+ SkPath path;
+ BuildPath(data, size, &path);
+
+ // Try a few potentially interesting things with our path.
+ path.contains(a, b);
+ path.conservativelyContainsRect(SkRect::MakeLTRB(a, b, c, d));
+
+ SkPaint paint_fill;
+ paint_fill.setStyle(SkPaint::Style::kFill_Style);
+ paint_fill.setAntiAlias(anti_alias & 1);
+
+ SkPaint paint_stroke;
+ paint_stroke.setStyle(SkPaint::Style::kStroke_Style);
+ paint_stroke.setStrokeWidth(1);
+ paint_stroke.setAntiAlias(anti_alias & 1);
+
+ SkPaint paint_stroke_and_fill;
+ paint_stroke_and_fill.setStyle(SkPaint::Style::kStrokeAndFill_Style);
+ paint_stroke_and_fill.setStrokeWidth(1);
+ paint_stroke_and_fill.setAntiAlias(anti_alias & 1);
+
+ SkPath dst_path;
+ paint_stroke.getFillPath(path, &dst_path, nullptr);
+
+ // Width and height should never be 0.
+ auto surface(SkSurface::MakeRasterN32Premul(w ? w : 1, h ? h : 1));
+
+ surface->getCanvas()->drawPath(path, paint_fill);
+ surface->getCanvas()->drawPath(path, paint_stroke);
+ surface->getCanvas()->drawPath(path, paint_stroke_and_fill);
+
+ return 0;
+}
« no previous file with comments | « testing/libfuzzer/fuzzers/BUILD.gn ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698