| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2016 Google Inc. | 2 * Copyright 2016 Google Inc. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license that can be | 4 * Use of this source code is governed by a BSD-style license that can be |
| 5 * found in the LICENSE file. | 5 * found in the LICENSE file. |
| 6 */ | 6 */ |
| 7 | 7 |
| 8 #include "Fuzz.h" | 8 #include "Fuzz.h" |
| 9 #include "SkCanvas.h" | 9 #include "SkCanvas.h" |
| 10 #include "SkCodec.h" | 10 #include "SkCodec.h" |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 static int printUsage(const char* name) { | 29 static int printUsage(const char* name) { |
| 30 SkDebugf("Usage: %s -t <type> -b <path/to/file> [-n api-to-fuzz]\n", name); | 30 SkDebugf("Usage: %s -t <type> -b <path/to/file> [-n api-to-fuzz]\n", name); |
| 31 return 1; | 31 return 1; |
| 32 } | 32 } |
| 33 static uint8_t calculate_option(SkData*); | 33 static uint8_t calculate_option(SkData*); |
| 34 | 34 |
| 35 static int fuzz_api(SkData*); | 35 static int fuzz_api(SkData*); |
| 36 static int fuzz_img(SkData*, uint8_t, uint8_t); | 36 static int fuzz_img(SkData*, uint8_t, uint8_t); |
| 37 static int fuzz_skp(SkData*); | 37 static int fuzz_skp(SkData*); |
| 38 static int fuzz_icc(SkData*); | 38 static int fuzz_icc(SkData*); |
| 39 static int fuzz_color_deserialize(SkData*); |
| 39 | 40 |
| 40 int main(int argc, char** argv) { | 41 int main(int argc, char** argv) { |
| 41 SkCommandLineFlags::Parse(argc, argv); | 42 SkCommandLineFlags::Parse(argc, argv); |
| 42 | 43 |
| 43 const char* path = FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]; | 44 const char* path = FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]; |
| 44 SkAutoTUnref<SkData> bytes(SkData::NewFromFileName(path)); | 45 SkAutoTUnref<SkData> bytes(SkData::NewFromFileName(path)); |
| 45 if (!bytes) { | 46 if (!bytes) { |
| 46 SkDebugf("Could not read %s\n", path); | 47 SkDebugf("Could not read %s\n", path); |
| 47 return 2; | 48 return 2; |
| 48 } | 49 } |
| 49 | 50 |
| 50 uint8_t option = calculate_option(bytes); | 51 uint8_t option = calculate_option(bytes); |
| 51 | 52 |
| 52 if (!FLAGS_type.isEmpty()) { | 53 if (!FLAGS_type.isEmpty()) { |
| 53 switch (FLAGS_type[0][0]) { | 54 switch (FLAGS_type[0][0]) { |
| 54 case 'a': return fuzz_api(bytes); | 55 case 'a': return fuzz_api(bytes); |
| 55 | 56 |
| 57 case 'c': return fuzz_color_deserialize(bytes); |
| 58 |
| 56 case 'i': | 59 case 'i': |
| 57 if (FLAGS_type[0][1] == 'c') { //icc | 60 if (FLAGS_type[0][1] == 'c') { //icc |
| 58 return fuzz_icc(bytes); | 61 return fuzz_icc(bytes); |
| 59 } | 62 } |
| 60 // We only allow one degree of freedom to avoid a search space e
xplosion for afl-fuzz. | 63 // We only allow one degree of freedom to avoid a search space e
xplosion for afl-fuzz. |
| 61 if (FLAGS_type[0][6] == 's') { // image_scale | 64 if (FLAGS_type[0][6] == 's') { // image_scale |
| 62 return fuzz_img(bytes, option, 0); | 65 return fuzz_img(bytes, option, 0); |
| 63 } | 66 } |
| 64 // image_mode | 67 // image_mode |
| 65 return fuzz_img(bytes, 0, option); | 68 return fuzz_img(bytes, 0, option); |
| (...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 int fuzz_icc(SkData* bytes) { | 382 int fuzz_icc(SkData* bytes) { |
| 380 sk_sp<SkColorSpace> space(SkColorSpace::NewICC(bytes->data(), bytes->size())
); | 383 sk_sp<SkColorSpace> space(SkColorSpace::NewICC(bytes->data(), bytes->size())
); |
| 381 if (!space) { | 384 if (!space) { |
| 382 SkDebugf("[terminated] Couldn't decode ICC.\n"); | 385 SkDebugf("[terminated] Couldn't decode ICC.\n"); |
| 383 return 1; | 386 return 1; |
| 384 } | 387 } |
| 385 SkDebugf("[terminated] Success! Decoded ICC.\n"); | 388 SkDebugf("[terminated] Success! Decoded ICC.\n"); |
| 386 return 0; | 389 return 0; |
| 387 } | 390 } |
| 388 | 391 |
| 392 int fuzz_color_deserialize(SkData* bytes) { |
| 393 sk_sp<SkColorSpace> space(SkColorSpace::Deserialize(bytes->data(), bytes->si
ze())); |
| 394 if (!space) { |
| 395 SkDebugf("[terminated] Couldn't deserialize Colorspace.\n"); |
| 396 return 1; |
| 397 } |
| 398 SkDebugf("[terminated] Success! deserialized Colorspace.\n"); |
| 399 return 0; |
| 400 } |
| 401 |
| 389 Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {} | 402 Fuzz::Fuzz(SkData* bytes) : fBytes(SkSafeRef(bytes)), fNextByte(0) {} |
| 390 | 403 |
| 391 void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); } | 404 void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); } |
| 392 void Fuzz::signalBoring() { SkDebugf("Signal boring\n"); exit(0); } | 405 void Fuzz::signalBoring() { SkDebugf("Signal boring\n"); exit(0); } |
| 393 | 406 |
| 394 template <typename T> | 407 template <typename T> |
| 395 T Fuzz::nextT() { | 408 T Fuzz::nextT() { |
| 396 if (fNextByte + sizeof(T) > fBytes->size()) { | 409 if (fNextByte + sizeof(T) > fBytes->size()) { |
| 397 this->signalBoring(); | 410 this->signalBoring(); |
| 398 } | 411 } |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 431 if (min > max) { | 444 if (min > max) { |
| 432 SkDebugf("Check mins and maxes (%f, %f)\n", min, max); | 445 SkDebugf("Check mins and maxes (%f, %f)\n", min, max); |
| 433 this->signalBoring(); | 446 this->signalBoring(); |
| 434 } | 447 } |
| 435 float f = std::abs(this->nextF()); | 448 float f = std::abs(this->nextF()); |
| 436 if (!std::isnormal(f) && f != 0.0) { | 449 if (!std::isnormal(f) && f != 0.0) { |
| 437 this->signalBoring(); | 450 this->signalBoring(); |
| 438 } | 451 } |
| 439 return min + fmod(f, (max - min + 1)); | 452 return min + fmod(f, (max - min + 1)); |
| 440 } | 453 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2089783003:
Add deserialize color space entry point for fuzzing (Closed)
Base URL: https://skia.googlesource.com/skia@master