Implement a fuzzer for skia paths.

skia/tools/path_fuzzer/path_fuzzer.cc

Index: skia/tools/path_fuzzer/path_fuzzer.cc
diff --git a/skia/tools/path_fuzzer/path_fuzzer.cc b/skia/tools/path_fuzzer/path_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..829b35073502c6e51633ac32c45fc265aa49456a
--- /dev/null
+++ b/skia/tools/path_fuzzer/path_fuzzer.cc
@@ -0,0 +1,119 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "third_party/skia/include/core/SkCanvas.h"
+#include "third_party/skia/include/core/SkPaint.h"
+#include "third_party/skia/include/core/SkPath.h"
+#include "third_party/skia/include/core/SkSurface.h"
+
+const int OPERATION_COUNT = 11;

[mmoroz, 2016/06/02 10:18:38]

Constant names are CamelCase with "k" prefix without underscores:
https://google.github.io/styleguide/cppguide.html#Constant_Names

[Martin Barbella, 2016/06/02 19:48:23]

Done.

+
+template <typename T>
+static bool read(uint8_t** data, size_t* size, T* value) {
+  if (*size < sizeof(value))

[mmoroz, 2016/06/02 10:05:22]

Shouldn't we use sizeof(T) here and below? sizeof(value) is a pointer size, not
size of a type.

[Martin Barbella, 2016/06/02 19:48:24]

Done.

+    return false;
+
+  *value = *reinterpret_cast<T*>(*data);
+  *data += sizeof(value);
+  *size -= sizeof(value);
+  return true;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {

[mmoroz, 2016/06/02 10:05:22]

We usually have "const uint8_t* data". I guess we don't change data bytes here
and can have "const" as well?

[Martin Barbella, 2016/06/02 19:48:23]

Done.

+  SkPath path, dst_path;
+  uint8_t operation;
+  SkScalar a, b, c, d, e, f;
+
+  bool aa;
+  if (!read<bool>(&data, &size, &aa))
+    return 1;

[mmoroz, 2016/06/02 10:05:22]

AFAIK, target function should always return 0 for now. Other values are reserved
for future usage.

[Martin Barbella, 2016/06/02 19:48:24]

Done.

+
+  SkPaint paint;
+  auto surface(SkSurface::MakeRasterN32Premul(16, 16));
+  paint.setAntiAlias(aa);
+
+  while (read<uint8_t>(&data, &size, &operation)) {
+    switch (operation % OPERATION_COUNT) {
+      // Path building.
+      case 0:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b))
+          return 1;
+        path.lineTo(a, b);
+        break;
+
+      case 1:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b) ||
+            !read<SkScalar>(&data, &size, &c) ||
+            !read<SkScalar>(&data, &size, &d))
+          return 1;
+        path.quadTo(a, b, c, d);
+        break;
+
+      case 2:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b) ||
+            !read<SkScalar>(&data, &size, &c) ||
+            !read<SkScalar>(&data, &size, &d) ||
+            !read<SkScalar>(&data, &size, &e))
+          return 1;
+        path.conicTo(a, b, c, d, e);
+        break;
+
+      case 3:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b) ||
+            !read<SkScalar>(&data, &size, &c) ||
+            !read<SkScalar>(&data, &size, &d) ||
+            !read<SkScalar>(&data, &size, &e) ||
+            !read<SkScalar>(&data, &size, &f))
+          return 1;
+        path.cubicTo(a, b, c, d, e, f);
+        break;
+
+      case 5:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b))
+          return 1;
+        path.moveTo(a, b);
+        break;
+
+      case 6:
+        path.close();
+        break;
+
+      // Potentially interesting calls using the current path.
+      case 7:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b))
+          return 1;
+        path.contains(a, b);
+        break;
+
+      case 8:
+        if (!read<SkScalar>(&data, &size, &a) ||
+            !read<SkScalar>(&data, &size, &b) ||
+            !read<SkScalar>(&data, &size, &c) ||
+            !read<SkScalar>(&data, &size, &d))
+          return 1;
+        path.conservativelyContainsRect(SkRect::MakeLTRB(a, b, c, d));
+        break;
+
+      case 9:
+        dst_path.reset();
+        paint.getFillPath(path, &dst_path, nullptr);
+        break;
+
+      case 10:
+        surface->getCanvas()->drawPath(path, paint);
+        break;
+    }
+  }
+
+  return 0;
+}