Flutter Engine
The Flutter Engine
Loading...
Searching...
No Matches
FuzzPathop.cpp
Go to the documentation of this file.
1/*
2 * Copyright 2016 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8#include "fuzz/Fuzz.h"
9#include "fuzz/FuzzCommon.h"
10#include "include/core/SkPath.h"
11#include "include/core/SkRect.h"
12#include "include/pathops/SkPathOps.h"
13
14const uint8_t MAX_OPS = 20;
15
16DEF_FUZZ(Pathop, fuzz) {
17
18 uint8_t choice;
19 fuzz->nextRange(&choice, 0, 4);
20 switch (choice) {
21 case 0: {
22 uint8_t ops;
23 fuzz->nextRange(&ops, 0, MAX_OPS);
24 SkOpBuilder builder;
25 for (uint8_t i = 0; i < ops && !fuzz->exhausted(); i++) {
26 SkPath path;
27 FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
28 SkPathFillType ft;
29 fuzz->nextRange(&ft, 0, (int)SkPathFillType::kInverseEvenOdd);
30 path.setFillType(ft);
31
32 SkPathOp op;
33 fuzz->nextRange(&op, 0, SkPathOp::kReverseDifference_SkPathOp);
34 builder.add(path, op);
35 }
36
37 SkPath result;
38 builder.resolve(&result);
39 break;
40 }
41 case 1: {
42 SkPath path;
43 FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
44 SkPathFillType ft;
45 fuzz->nextRange(&ft, 0, (int)SkPathFillType::kInverseEvenOdd);
46 path.setFillType(ft);
47
48 SkPath result;
49 bool isSame;
50 fuzz->next(&isSame);
51 if (isSame) {
52 result = path;
53 }
54 Simplify(path, &result);
55 break;
56 }
57 case 2: {
58 SkPath path;
59 FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
60 SkPathFillType ft;
61 fuzz->nextRange(&ft, 0, SkPathFillType::kInverseEvenOdd);
62 path.setFillType(ft);
63
64 SkPath path2;
65 FuzzEvilPath(fuzz, &path2, SkPath::Verb::kDone_Verb);
66 fuzz->nextRange(&ft, 0, SkPathFillType::kInverseEvenOdd);
67 path.setFillType(ft);
68
69 SkPathOp op;
70 fuzz->nextRange(&op, 0, SkPathOp::kReverseDifference_SkPathOp);
71
72 SkPath result;
73 uint8_t pickOutput;
74 fuzz->nextRange(&pickOutput, 0, 2);
75 if (pickOutput == 1) {
76 result = path;
77 } else if (pickOutput == 2) {
78 result = path2;
79 }
80 Op(path, path2, op, &result);
81 break;
82 }
83 case 3: {
84 SkPath path;
85 FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
86 SkPathFillType ft;
87 fuzz->nextRange(&ft, 0, SkPathFillType::kInverseEvenOdd);
88 path.setFillType(ft);
89
90 SkPath result;
91 bool isSame;
92 fuzz->next(&isSame);
93 if (isSame) {
94 result = path;
95 }
96 AsWinding(path, &result);
97 break;
98 }
99 case 4: {
100 SkPath path;
101 FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
102 SkPathFillType ft;
103 fuzz->nextRange(&ft, 0, SkPathFillType::kInverseEvenOdd);
104 path.setFillType(ft);
105
106 SkRect result;
107 TightBounds(path, &result);
108 break;
109 }
110 default: {
111 SkASSERT(false);
112 break;
113 }
114 }
115}
116
117
118const int kLastOp = SkPathOp::kReverseDifference_SkPathOp;
119
120void BuildPath(Fuzz* fuzz, SkPath* path) {
121 while (!fuzz->exhausted()) {
122 // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint"
123 // smaller, which leads to more efficient fuzzing.
124 uint8_t operation;
125 fuzz->next(&operation);
126 SkScalar a,b,c,d,e,f;
127
128 switch (operation % (SkPath::Verb::kDone_Verb + 1)) {
129 case SkPath::Verb::kMove_Verb:
130 if (fuzz->remainingSize() < (2*sizeof(SkScalar))) {
131 fuzz->deplete();
132 return;
133 }
134 fuzz->next(&a, &b);
135 path->moveTo(a, b);
136 break;
137
138 case SkPath::Verb::kLine_Verb:
139 if (fuzz->remainingSize() < (2*sizeof(SkScalar))) {
140 fuzz->deplete();
141 return;
142 }
143 fuzz->next(&a, &b);
144 path->lineTo(a, b);
145 break;
146
147 case SkPath::Verb::kQuad_Verb:
148 if (fuzz->remainingSize() < (4*sizeof(SkScalar))) {
149 fuzz->deplete();
150 return;
151 }
152 fuzz->next(&a, &b, &c, &d);
153 path->quadTo(a, b, c, d);
154 break;
155
156 case SkPath::Verb::kConic_Verb:
157 if (fuzz->remainingSize() < (5*sizeof(SkScalar))) {
158 fuzz->deplete();
159 return;
160 }
161 fuzz->next(&a, &b, &c, &d, &e);
162 path->conicTo(a, b, c, d, e);
163 break;
164
165 case SkPath::Verb::kCubic_Verb:
166 if (fuzz->remainingSize() < (6*sizeof(SkScalar))) {
167 fuzz->deplete();
168 return;
169 }
170 fuzz->next(&a, &b, &c, &d, &e, &f);
171 path->cubicTo(a, b, c, d, e, f);
172 break;
173
174 case SkPath::Verb::kClose_Verb:
175 path->close();
176 break;
177
178 case SkPath::Verb::kDone_Verb:
179 // In this case, simply exit.
180 return;
181 }
182 }
183}
184
185DEF_FUZZ(LegacyChromiumPathop, fuzz) {
186 // See https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/skia_pathop_fuzzer.cc
187 SkOpBuilder builder;
188 while (!fuzz->exhausted()) {
189 SkPath path;
190 uint8_t op;
191 fuzz->next(&op);
192 if (fuzz->exhausted()) {
193 break;
194 }
195
196 BuildPath(fuzz, &path);
197 builder.add(path, static_cast<SkPathOp>(op % (kLastOp + 1)));
198 }
199
200 SkPath result;
201 builder.resolve(&result);
202}
FuzzEvilPath
void FuzzEvilPath(Fuzz *fuzz, SkPath *path, int last_verb)
Definition FuzzCommon.cpp:237
BuildPath
void BuildPath(Fuzz *fuzz, SkPath *path)
Definition FuzzPathop.cpp:120
MAX_OPS
const uint8_t MAX_OPS
Definition FuzzPathop.cpp:14
kLastOp
const int kLastOp
Definition FuzzPathop.cpp:118
DEF_FUZZ
#define DEF_FUZZ(name, f)
Definition Fuzz.h:156
path2
static SkPath path2()
Definition PathOpsIssue3651.cpp:198
ops
SkPathOp ops[]
Definition PathOpsOpTest.cpp:1181
SkASSERT
#define SkASSERT(cond)
Definition SkAssert.h:116
operation
static void operation(T operation, uint32_t &a, uint32_t b, uint32_t c, uint32_t d, uint32_t x, uint8_t s, uint32_t t)
Definition SkMD5.cpp:144
AsWinding
bool SK_API AsWinding(const SkPath &path, SkPath *result)
Definition SkPathOpsAsWinding.cpp:408
SkPathOp
SkPathOp
Definition SkPathOps.h:22
kReverseDifference_SkPathOp
@ kReverseDifference_SkPathOp
subtract the first path from the op path
Definition SkPathOps.h:27
Simplify
bool SK_API Simplify(const SkPath &path, SkPath *result)
Definition SkPathOpsSimplify.cpp:283
TightBounds
bool SK_API TightBounds(const SkPath &path, SkRect *result)
Definition SkPathOpsTightBounds.cpp:23
SkPathFillType
SkPathFillType
Definition SkPathTypes.h:11
Fuzz
Definition Fuzz.h:24
Fuzz::next
void next(T *t)
Definition Fuzz.h:64
Fuzz::remainingSize
size_t remainingSize() const
Definition Fuzz.h:47
Fuzz::deplete
void deplete()
Definition Fuzz.h:43
Fuzz::exhausted
bool exhausted() const
Definition Fuzz.h:39
SkPath::kClose_Verb
@ kClose_Verb
Definition SkPath.h:1463
SkPath::kMove_Verb
@ kMove_Verb
Definition SkPath.h:1458
SkPath::kConic_Verb
@ kConic_Verb
Definition SkPath.h:1461
SkPath::kDone_Verb
@ kDone_Verb
Definition SkPath.h:1464
SkPath::kCubic_Verb
@ kCubic_Verb
Definition SkPath.h:1462
SkPath::kQuad_Verb
@ kQuad_Verb
Definition SkPath.h:1460
SkPath::kLine_Verb
@ kLine_Verb
Definition SkPath.h:1459
d
VULKAN_HPP_DEFAULT_DISPATCH_LOADER_DYNAMIC_STORAGE auto & d
Definition main.cc:19
SkScalar
float SkScalar
Definition extension.cpp:12
b
static bool b
Definition ffi_native_test_module.c:74
a
struct MyStruct a[10]
result
GAsyncResult * result
Definition fl_text_input_plugin.cc:106
Generated on Fri Apr 26 2024 06:15:59 for Flutter Engine by doxygen 1.9.8