fuzz/fuzz.cpp - Issue 2418763004: Add SKSL fuzzer

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: fuzz/fuzz.cpp

Issue 2418763004: Add SKSL fuzzer (Closed)

Patch Set: Rework ifs Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: fuzz/fuzz.cpp

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp

index 549194619a7d1b3bd3578fec258fc0eb56f30d5f..cbfb74415c1bbd7e6dbf5ae17770bfcfb1600f30 100644

--- a/fuzz/fuzz.cpp

+++ b/fuzz/fuzz.cpp

@@ -16,6 +16,7 @@

#include "SkPicture.h"

+#include "SkSLCompiler.h"

#include "SkStream.h"

#include <cmath>

@@ -39,6 +40,7 @@ static int fuzz_img(sk_sp<SkData>, uint8_t, uint8_t);

static int fuzz_skp(sk_sp<SkData>);

static int fuzz_icc(sk_sp<SkData>);

static int fuzz_color_deserialize(sk_sp<SkData>);

+static int fuzz_sksl2glsl(sk_sp<SkData>);

int main(int argc, char** argv) {

SkCommandLineFlags::Parse(argc, argv);

@@ -53,22 +55,26 @@ int main(int argc, char** argv) {

uint8_t option = calculate_option(bytes.get());

if (!FLAGS_type.isEmpty()) {

- switch (FLAGS_type[0][0]) {

- case 'a': return fuzz_api(bytes);

- case 'c': return fuzz_color_deserialize(bytes);

- case 'i':

- if (FLAGS_type[0][1] == 'c') { //icc

- return fuzz_icc(bytes);

- }

- // We only allow one degree of freedom to avoid a search space explosion for afl-fuzz.

- if (FLAGS_type[0][6] == 's') { // image_scale

- return fuzz_img(bytes, option, 0);

- }

- // image_mode

- return fuzz_img(bytes, 0, option);

- case 's': return fuzz_skp(bytes);

+ if (0 == strcmp("api", FLAGS_type[0])) {

+ return fuzz_api(bytes);

+ }

+ if (0 == strcmp("color_deserialize", FLAGS_type[0])) {

+ return fuzz_color_deserialize(bytes);

+ }

+ if (0 == strcmp("icc", FLAGS_type[0])) {

+ return fuzz_icc(bytes);

+ }

+ if (0 == strcmp("image_scale", FLAGS_type[0])) {

+ return fuzz_img(bytes, option, 0);

+ }

+ if (0 == strcmp("image_mode", FLAGS_type[0])) {

+ return fuzz_img(bytes, 0, option);

+ }

+ if (0 == strcmp("skp", FLAGS_type[0])) {

+ return fuzz_skp(bytes);

+ }

+ if (0 == strcmp("sksl2glsl", FLAGS_type[0])) {

+ return fuzz_sksl2glsl(bytes);

}

return printUsage(argv[0]);

@@ -400,6 +406,32 @@ int fuzz_color_deserialize(sk_sp<SkData> bytes) {

return 0;

}

+static SkSL::GLCaps default_caps() {

+ return {

+ 400,

+ SkSL::GLCaps::kGL_Standard,

+ false, // isCoreProfile

+ false, // usesPrecisionModifiers;

+ false, // mustDeclareFragmentShaderOutput

+ true, // canUseMinAndAbsTogether

+ false // mustForceNegatedAtanParamToFloat

+ };

+int fuzz_sksl2glsl(sk_sp<SkData> bytes) {

+ SkSL::Compiler compiler;

+ std::string output;

+ bool result = compiler.toGLSL(SkSL::Program::kFragment_Kind,

+ (const char*)bytes->data(), default_caps(), &output);

+ if (!result) {

+ SkDebugf("[terminated] Couldn't compile input.\n");

+ return 1;

+ }

+ SkDebugf("[terminated] Success! Compiled input.\n");

+ return 0;

Fuzz::Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}

void Fuzz::signalBug () { SkDebugf("Signal bug\n"); raise(SIGSEGV); }

« no previous file with comments | « no previous file | no next file » | no next file with comments »