| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 #include <stddef.h> | 4 #include <stddef.h> |
| 5 #include <stdint.h> | 5 #include <stdint.h> |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/at_exit.h" | 10 #include "base/at_exit.h" |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 | 131 |
| 132 ~CommandBufferSetup() { | 132 ~CommandBufferSetup() { |
| 133 sync_point_client_ = nullptr; | 133 sync_point_client_ = nullptr; |
| 134 if (sync_point_order_data_) { | 134 if (sync_point_order_data_) { |
| 135 sync_point_order_data_->Destroy(); | 135 sync_point_order_data_->Destroy(); |
| 136 sync_point_order_data_ = nullptr; | 136 sync_point_order_data_ = nullptr; |
| 137 } | 137 } |
| 138 } | 138 } |
| 139 | 139 |
| 140 void RunCommandBuffer(const uint8_t* data, size_t size) { | 140 void RunCommandBuffer(const uint8_t* data, size_t size) { |
| 141 InitDecoder(); | |
| 142 // The commands are flushed at a uint32_t granularity. If the data is not | 141 // The commands are flushed at a uint32_t granularity. If the data is not |
| 143 // a full command, we zero-pad it. | 142 // a full command, we zero-pad it. |
| 144 size_t padded_size = (size + 3) & ~3; | 143 size_t padded_size = (size + 3) & ~3; |
| 144 // crbug.com/638836 The -max_len argument is sometimes not respected, so the |
| 145 // fuzzer may give us too much data. Bail ASAP in that case. |
| 146 if (padded_size > kCommandBufferSize) |
| 147 return; |
| 148 |
| 149 InitDecoder(); |
| 145 size_t buffer_size = buffer_->size(); | 150 size_t buffer_size = buffer_->size(); |
| 146 CHECK_LE(padded_size, buffer_size); | 151 CHECK_LE(padded_size, buffer_size); |
| 147 command_buffer_->SetGetBuffer(buffer_id_); | 152 command_buffer_->SetGetBuffer(buffer_id_); |
| 148 auto* memory = static_cast<char*>(buffer_->memory()); | 153 auto* memory = static_cast<char*>(buffer_->memory()); |
| 149 memcpy(memory, data, size); | 154 memcpy(memory, data, size); |
| 150 if (size < buffer_size) | 155 if (size < buffer_size) |
| 151 memset(memory + size, 0, buffer_size - size); | 156 memset(memory + size, 0, buffer_size - size); |
| 152 command_buffer_->Flush(padded_size / 4); | 157 command_buffer_->Flush(padded_size / 4); |
| 153 ResetDecoder(); | 158 ResetDecoder(); |
| 154 } | 159 } |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 251 | 256 |
| 252 static gpu::CommandBufferSetup& GetSetup() { | 257 static gpu::CommandBufferSetup& GetSetup() { |
| 253 static gpu::CommandBufferSetup setup; | 258 static gpu::CommandBufferSetup setup; |
| 254 return setup; | 259 return setup; |
| 255 } | 260 } |
| 256 | 261 |
| 257 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | 262 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 258 GetSetup().RunCommandBuffer(data, size); | 263 GetSetup().RunCommandBuffer(data, size); |
| 259 return 0; | 264 return 0; |
| 260 } | 265 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2272903002:
gpu_fuzzer: gracefully handle over-the-limit input (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master