Flutter Engine
The Flutter Engine
Loading...
Searching...
No Matches
Functions | Variables
FuzzMain.cpp File Reference
#include "fuzz/Fuzz.h"
#include "include/codec/SkCodec.h"
#include "include/core/SkBitmap.h"
#include "include/core/SkCanvas.h"
#include "include/core/SkData.h"
#include "include/core/SkFontMgr.h"
#include "include/core/SkImage.h"
#include "include/core/SkMallocPixelRef.h"
#include "include/core/SkPaint.h"
#include "include/core/SkPath.h"
#include "include/core/SkStream.h"
#include "include/core/SkSurface.h"
#include "include/core/SkTextBlob.h"
#include "include/encode/SkPngEncoder.h"
#include "src/core/SkOSFile.h"
#include "src/core/SkReadBuffer.h"
#include "src/utils/SkOSPath.h"
#include "tools/ToolUtils.h"
#include "tools/flags/CommandLineFlags.h"
#include "tools/fonts/FontToolUtils.h"
#include <iostream>
#include <map>
#include <regex>
#include <signal.h>

Go to the source code of this file.

Functions

static DEFINE_string2 (bytes, b, "", "A path to a file or a directory. If a file, the " "contents will be used as the fuzz bytes. If a directory, all files " "in the directory will be used as fuzz bytes for the fuzzer, one at a " "time.")
 
static DEFINE_string2 (name, n, "", "If --type is 'api', fuzz the API with this name.")
 
static DEFINE_string2 (dump, d, "", "If not empty, dump 'image*' or 'skp' types as a " "PNG with this name.")
 
static DEFINE_int (loops, 1, "Run the fuzzer on each input this many times.")
 
 DEFINE_bool2 (verbose, v, false, "Print more information while fuzzing.")
 
static DEFINE_string2 (type, t, "", g_type_message)
 
static int fuzz_file (const SkString &path, SkString type)
 
static uint8_t calculate_option (SkData *)
 
static SkString try_auto_detect (const SkString &path, SkString *name)
 
static void fuzz_android_codec (const sk_sp< SkData > &)
 
static void fuzz_animated_img (const sk_sp< SkData > &)
 
static void fuzz_api (const sk_sp< SkData > &, const SkString &name)
 
static void fuzz_color_deserialize (const sk_sp< SkData > &)
 
static void fuzz_colrv1 (const sk_sp< SkData > &)
 
static void fuzz_filter_fuzz (const sk_sp< SkData > &)
 
static void fuzz_image_decode (const sk_sp< SkData > &)
 
static void fuzz_image_decode_incremental (const sk_sp< SkData > &)
 
static void fuzz_img (const sk_sp< SkData > &, uint8_t, uint8_t)
 
static void fuzz_json (const sk_sp< SkData > &)
 
static void fuzz_path_deserialize (const sk_sp< SkData > &)
 
static void fuzz_region_deserialize (const sk_sp< SkData > &)
 
static void fuzz_region_set_path (const sk_sp< SkData > &)
 
static void fuzz_skdescriptor_deserialize (const sk_sp< SkData > &)
 
static void fuzz_skmeshspecification (const sk_sp< SkData > &)
 
static void fuzz_skp (const sk_sp< SkData > &)
 
static void fuzz_skruntimeblender (const sk_sp< SkData > &)
 
static void fuzz_skruntimecolorfilter (const sk_sp< SkData > &)
 
static void fuzz_skruntimeeffect (const sk_sp< SkData > &)
 
static void fuzz_sksl2glsl (const sk_sp< SkData > &)
 
static void fuzz_sksl2metal (const sk_sp< SkData > &)
 
static void fuzz_sksl2pipeline (const sk_sp< SkData > &)
 
static void fuzz_sksl2spirv (const sk_sp< SkData > &)
 
static void fuzz_sksl2wgsl (const sk_sp< SkData > &)
 
static void fuzz_textblob_deserialize (const sk_sp< SkData > &)
 
static void print_api_names ()
 
int main (int argc, char **argv)
 
void FuzzJSON (const uint8_t *data, size_t size)
 
void FuzzCOLRv1 (const uint8_t *data, size_t size)
 
static void dump_png (const SkBitmap &bitmap)
 
bool FuzzAnimatedImage (const uint8_t *data, size_t size)
 
bool FuzzImageDecode (const uint8_t *data, size_t size)
 
bool FuzzIncrementalImageDecode (const uint8_t *data, size_t size)
 
bool FuzzAndroidCodec (const uint8_t *fuzzData, size_t fuzzSize, uint8_t sampleSize)
 
void FuzzSKP (const uint8_t *data, size_t size)
 
void FuzzColorspace (const uint8_t *data, size_t size)
 
void FuzzPathDeserialize (const uint8_t *data, size_t size)
 
bool FuzzRegionDeserialize (const uint8_t *data, size_t size)
 
void FuzzTextBlobDeserialize (const uint8_t *data, size_t size)
 
void FuzzRegionSetPath (Fuzz *fuzz)
 
void FuzzImageFilterDeserialize (const uint8_t *data, size_t size)
 
void FuzzSkMeshSpecification (const uint8_t *fuzzData, size_t fuzzSize)
 
bool FuzzSkRuntimeBlender (const uint8_t *data, size_t size)
 
bool FuzzSkRuntimeColorFilter (const uint8_t *data, size_t size)
 
bool FuzzSkRuntimeEffect (const uint8_t *data, size_t size)
 
bool FuzzSKSL2GLSL (const uint8_t *data, size_t size)
 
bool FuzzSKSL2Metal (const uint8_t *data, size_t size)
 
bool FuzzSKSL2Pipeline (const uint8_t *data, size_t size)
 
bool FuzzSKSL2SPIRV (const uint8_t *data, size_t size)
 
bool FuzzSKSL2WGSL (const uint8_t *data, size_t size)
 
void FuzzSkDescriptorDeserialize (const uint8_t *data, size_t size)
 

Variables

static constexpr char g_type_message []
 
static std::map< std::string, std::string > cf_api_map
 
static std::map< std::string, std::string > cf_map
 

Function Documentation

◆ calculate_option()

static uint8_t calculate_option ( SkData bytes)
static

Definition at line 423 of file FuzzMain.cpp.

423 {
424 uint8_t total = 0;
425 const uint8_t* data = bytes->bytes();
426 for (size_t i = 0; i < 1024 && i < bytes->size(); i++) {
427 total += data[i];
428 }
429 return total;
430}
SkData::bytes
const uint8_t * bytes() const
Definition SkData.h:43
SkData::size
size_t size() const
Definition SkData.h:30
flutter::data
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot data
Definition switches.h:41

◆ DEFINE_bool2()

DEFINE_bool2 ( verbose  ,
,
false  ,
"Print more information while fuzzing."   
)

◆ DEFINE_int()

static DEFINE_int ( loops  ,
,
"Run the fuzzer on each input this many times."   
)
static

◆ DEFINE_string2() [1/4]

static DEFINE_string2 ( bytes  ,
b  ,
""  ,
"A path to a file or a directory. If a  file,
the " "contents will be used as the fuzz bytes. If a  directory,
all files " "in the directory will be used as fuzz bytes for the  fuzzer,
one at a " "time."   
)
static

◆ DEFINE_string2() [2/4]

static DEFINE_string2 ( dump  ,
d  ,
""  ,
"If not  empty,
dump 'image *' or 'skp' types as a " "PNG with this name."   
)
static

◆ DEFINE_string2() [3/4]

static DEFINE_string2 ( name  ,
,
""  ,
"If --type is 'api'  ,
fuzz the API with this name."   
)
static

◆ DEFINE_string2() [4/4]

static DEFINE_string2 ( type  ,
,
""  ,
g_type_message   
)
static

◆ dump_png()

static void dump_png ( const SkBitmap bitmap)
static

Definition at line 453 of file FuzzMain.cpp.

453 {
454 if (!FLAGS_dump.isEmpty()) {
455 SkFILEWStream file(FLAGS_dump[0]);
456 SkPngEncoder::Encode(&file, bitmap.pixmap(), {});
457 SkDebugf("Dumped to %s\n", FLAGS_dump[0]);
458 }
459}
SkDebugf
void SK_SPI SkDebugf(const char format[],...) SK_PRINTF_LIKE(1
SkPngEncoder::Encode
SK_API bool Encode(SkWStream *dst, const SkPixmap &src, const Options &options)
Definition SkPngEncoder_none.cpp:20
protoc_wrapper.file
file
Definition protoc_wrapper.py:226

◆ fuzz_android_codec()

static void fuzz_android_codec ( const sk_sp< SkData > &  data)
static

Definition at line 493 of file FuzzMain.cpp.

493 {
494 Fuzz fuzz(data->bytes(), data->size());
495 uint8_t sampleSize;
496 fuzz.nextRange(&sampleSize, 1, 64);
497 if (FuzzAndroidCodec(fuzz.remainingData(), fuzz.remainingSize(), sampleSize)) {
498 SkDebugf("[terminated] Success on Android Codec sampleSize=%u!\n", sampleSize);
499 return;
500 }
501 SkDebugf("[terminated] Could not use Android Codec sampleSize=%u!\n", sampleSize);
502}
FuzzAndroidCodec
bool FuzzAndroidCodec(const uint8_t *fuzzData, size_t fuzzSize, uint8_t sampleSize)
Definition FuzzAndroidCodec.cpp:17
Fuzz
Definition Fuzz.h:24

◆ fuzz_animated_img()

static void fuzz_animated_img ( const sk_sp< SkData > &  data)
static

Definition at line 463 of file FuzzMain.cpp.

463 {
464 if (FuzzAnimatedImage(data->bytes(), data->size())) {
465 SkDebugf("[terminated] Success from decoding/drawing animated image!\n");
466 return;
467 }
468 SkDebugf("[terminated] Could not decode or draw animated image.\n");
469}
FuzzAnimatedImage
bool FuzzAnimatedImage(const uint8_t *data, size_t size)
Definition FuzzAnimatedImage.cpp:14

◆ fuzz_api()

static void fuzz_api ( const sk_sp< SkData > &  data,
const SkString name 
)
static

Definition at line 439 of file FuzzMain.cpp.

439 {
440 for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) {
441 if (name.equals(fuzzable.name)) {
442 SkDebugf("Fuzzing %s...\n", fuzzable.name);
443 Fuzz fuzz(data->bytes(), data->size());
444 fuzzable.fn(&fuzz);
445 SkDebugf("[terminated] Success!\n");
446 return;
447 }
448 }
449
450 print_api_names();
451}
print_api_names
static void print_api_names()
Definition FuzzMain.cpp:432
name
const char * name
Definition fuchsia.cc:50
sk_tools
Definition ProcStats.h:17

◆ fuzz_color_deserialize()

static void fuzz_color_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 752 of file FuzzMain.cpp.

752 {
753 FuzzColorspace(data->bytes(), data->size());
754 SkDebugf("[terminated] Finished SkColorspace\n");
755}
FuzzColorspace
void FuzzColorspace(const uint8_t *data, size_t size)
Definition FuzzColorspace.cpp:13

◆ fuzz_colrv1()

static void fuzz_colrv1 ( const sk_sp< SkData > &  data)
static

Definition at line 413 of file FuzzMain.cpp.

413 {
414 FuzzCOLRv1(data->bytes(), data->size());
415 SkDebugf("[terminated] Done COLRv1!\n");
416}
FuzzCOLRv1
void FuzzCOLRv1(const uint8_t *data, size_t size)
Definition FuzzCOLRv1.cpp:19

◆ fuzz_file()

static int fuzz_file ( const SkString path,
SkString  type 
)
static

Definition at line 157 of file FuzzMain.cpp.

157 {
158 sk_sp<SkData> bytes(SkData::MakeFromFileName(path.c_str()));
159 if (!bytes) {
160 SkDebugf("Could not read %s\n", path.c_str());
161 return 1;
162 }
163
164 SkString name = SkString(FLAGS_name.isEmpty() ? "" : FLAGS_name[0]);
165
166 if (type.isEmpty()) {
167 type = try_auto_detect(path, &name);
168 }
169
170 if (type.isEmpty()) {
171 SkDebugf("Could not autodetect type of %s\n", path.c_str());
172 return 1;
173 }
174 if (type.equals("android_codec")) {
175 fuzz_android_codec(std::move(bytes));
176 return 0;
177 }
178 if (type.equals("animated_image_decode")) {
179 fuzz_animated_img(std::move(bytes));
180 return 0;
181 }
182 if (type.equals("api")) {
183 fuzz_api(bytes, name);
184 return 0;
185 }
186 if (type.equals("color_deserialize")) {
187 fuzz_color_deserialize(std::move(bytes));
188 return 0;
189 }
190 if (type.equals("colrv1")) {
191 fuzz_colrv1(std::move(bytes));
192 return 0;
193 }
194 if (type.equals("filter_fuzz")) {
195 fuzz_filter_fuzz(std::move(bytes));
196 return 0;
197 }
198 if (type.equals("image_decode")) {
199 fuzz_image_decode(std::move(bytes));
200 return 0;
201 }
202 if (type.equals("image_decode_incremental")) {
203 fuzz_image_decode_incremental(std::move(bytes));
204 return 0;
205 }
206 if (type.equals("image_scale")) {
207 uint8_t option = calculate_option(bytes.get());
208 fuzz_img(std::move(bytes), option, 0);
209 return 0;
210 }
211 if (type.equals("image_mode")) {
212 uint8_t option = calculate_option(bytes.get());
213 fuzz_img(std::move(bytes), 0, option);
214 return 0;
215 }
216 if (type.equals("json")) {
217 fuzz_json(std::move(bytes));
218 return 0;
219 }
220 if (type.equals("path_deserialize")) {
221 fuzz_path_deserialize(std::move(bytes));
222 return 0;
223 }
224 if (type.equals("region_deserialize")) {
225 fuzz_region_deserialize(std::move(bytes));
226 return 0;
227 }
228 if (type.equals("region_set_path")) {
229 fuzz_region_set_path(std::move(bytes));
230 return 0;
231 }
232 if (type.equals("pipe")) {
233 SkDebugf("I would prefer not to.\n");
234 return 0;
235 }
236 if (type.equals("skdescriptor_deserialize")) {
237 fuzz_skdescriptor_deserialize(std::move(bytes));
238 return 0;
239 }
240#if defined(SK_ENABLE_SKOTTIE)
241 if (type.equals("skottie_json")) {
242 fuzz_skottie_json(std::move(bytes));
243 return 0;
244 }
245#endif
246 if (type.equals("skmeshspecification")) {
247 fuzz_skmeshspecification(std::move(bytes));
248 return 0;
249 }
250 if (type.equals("skp")) {
251 fuzz_skp(std::move(bytes));
252 return 0;
253 }
254 if (type.equals("skruntimeblender")) {
255 fuzz_skruntimeblender(std::move(bytes));
256 return 0;
257 }
258 if (type.equals("skruntimecolorfilter")) {
259 fuzz_skruntimecolorfilter(std::move(bytes));
260 return 0;
261 }
262 if (type.equals("skruntimeeffect")) {
263 fuzz_skruntimeeffect(std::move(bytes));
264 return 0;
265 }
266 if (type.equals("sksl2glsl")) {
267 fuzz_sksl2glsl(std::move(bytes));
268 return 0;
269 }
270 if (type.equals("sksl2metal")) {
271 fuzz_sksl2metal(std::move(bytes));
272 return 0;
273 }
274 if (type.equals("sksl2pipeline")) {
275 fuzz_sksl2pipeline(std::move(bytes));
276 return 0;
277 }
278 if (type.equals("sksl2spirv")) {
279 fuzz_sksl2spirv(std::move(bytes));
280 return 0;
281 }
282 if (type.equals("sksl2wgsl")) {
283 fuzz_sksl2wgsl(std::move(bytes));
284 return 0;
285 }
286#if defined(SK_ENABLE_SVG)
287 if (type.equals("svg_dom")) {
288 fuzz_svg_dom(std::move(bytes));
289 return 0;
290 }
291#endif
292 if (type.equals("textblob")) {
293 fuzz_textblob_deserialize(std::move(bytes));
294 return 0;
295 }
296 SkDebugf("Unknown type %s\n", type.c_str());
297 CommandLineFlags::PrintUsage();
298 return 1;
299}
fuzz_path_deserialize
static void fuzz_path_deserialize(const sk_sp< SkData > &)
Definition FuzzMain.cpp:759
fuzz_sksl2pipeline
static void fuzz_sksl2pipeline(const sk_sp< SkData > &)
Definition FuzzMain.cpp:855
fuzz_colrv1
static void fuzz_colrv1(const sk_sp< SkData > &)
Definition FuzzMain.cpp:413
fuzz_textblob_deserialize
static void fuzz_textblob_deserialize(const sk_sp< SkData > &)
Definition FuzzMain.cpp:776
fuzz_skp
static void fuzz_skp(const sk_sp< SkData > &)
Definition FuzzMain.cpp:745
fuzz_sksl2wgsl
static void fuzz_sksl2wgsl(const sk_sp< SkData > &)
Definition FuzzMain.cpp:875
fuzz_sksl2glsl
static void fuzz_sksl2glsl(const sk_sp< SkData > &)
Definition FuzzMain.cpp:835
try_auto_detect
static SkString try_auto_detect(const SkString &path, SkString *name)
Definition FuzzMain.cpp:355
fuzz_color_deserialize
static void fuzz_color_deserialize(const sk_sp< SkData > &)
Definition FuzzMain.cpp:752
fuzz_img
static void fuzz_img(const sk_sp< SkData > &, uint8_t, uint8_t)
Definition FuzzMain.cpp:507
fuzz_skruntimeblender
static void fuzz_skruntimeblender(const sk_sp< SkData > &)
Definition FuzzMain.cpp:805
fuzz_skruntimeeffect
static void fuzz_skruntimeeffect(const sk_sp< SkData > &)
Definition FuzzMain.cpp:825
fuzz_filter_fuzz
static void fuzz_filter_fuzz(const sk_sp< SkData > &)
Definition FuzzMain.cpp:791
fuzz_json
static void fuzz_json(const sk_sp< SkData > &)
Definition FuzzMain.cpp:388
fuzz_sksl2metal
static void fuzz_sksl2metal(const sk_sp< SkData > &)
Definition FuzzMain.cpp:845
fuzz_android_codec
static void fuzz_android_codec(const sk_sp< SkData > &)
Definition FuzzMain.cpp:493
fuzz_skmeshspecification
static void fuzz_skmeshspecification(const sk_sp< SkData > &)
Definition FuzzMain.cpp:798
fuzz_api
static void fuzz_api(const sk_sp< SkData > &, const SkString &name)
Definition FuzzMain.cpp:439
fuzz_skdescriptor_deserialize
static void fuzz_skdescriptor_deserialize(const sk_sp< SkData > &)
Definition FuzzMain.cpp:885
calculate_option
static uint8_t calculate_option(SkData *)
Definition FuzzMain.cpp:423
fuzz_region_deserialize
static void fuzz_region_deserialize(const sk_sp< SkData > &)
Definition FuzzMain.cpp:766
fuzz_animated_img
static void fuzz_animated_img(const sk_sp< SkData > &)
Definition FuzzMain.cpp:463
fuzz_image_decode
static void fuzz_image_decode(const sk_sp< SkData > &)
Definition FuzzMain.cpp:473
fuzz_sksl2spirv
static void fuzz_sksl2spirv(const sk_sp< SkData > &)
Definition FuzzMain.cpp:865
fuzz_skruntimecolorfilter
static void fuzz_skruntimecolorfilter(const sk_sp< SkData > &)
Definition FuzzMain.cpp:815
fuzz_image_decode_incremental
static void fuzz_image_decode_incremental(const sk_sp< SkData > &)
Definition FuzzMain.cpp:483
fuzz_region_set_path
static void fuzz_region_set_path(const sk_sp< SkData > &)
Definition FuzzMain.cpp:783
CommandLineFlags::PrintUsage
static void PrintUsage()
Definition CommandLineFlags.cpp:145
SkData::MakeFromFileName
static sk_sp< SkData > MakeFromFileName(const char path[])
Definition SkData.cpp:148
sk_sp
Definition SkRefCnt.h:220
type
uint8_t type
Definition fl_standard_message_codec_test.cc:1115
flutter::path
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot The VM snapshot data that will be memory mapped as read only SnapshotAssetPath must be present isolate snapshot The isolate snapshot data that will be memory mapped as read only SnapshotAssetPath must be present cache dir path
Definition switches.h:57

◆ fuzz_filter_fuzz()

static void fuzz_filter_fuzz ( const sk_sp< SkData > &  data)
static

Definition at line 791 of file FuzzMain.cpp.

791 {
792 FuzzImageFilterDeserialize(data->bytes(), data->size());
793 SkDebugf("[terminated] filter_fuzz didn't crash!\n");
794}
FuzzImageFilterDeserialize
void FuzzImageFilterDeserialize(const uint8_t *data, size_t size)
Definition FuzzImageFilterDeserialize.cpp:16

◆ fuzz_image_decode()

static void fuzz_image_decode ( const sk_sp< SkData > &  data)
static

Definition at line 473 of file FuzzMain.cpp.

473 {
474 if (FuzzImageDecode(data->bytes(), data->size())) {
475 SkDebugf("[terminated] Success from decoding/drawing image!\n");
476 return;
477 }
478 SkDebugf("[terminated] Could not decode or draw image.\n");
479}
FuzzImageDecode
bool FuzzImageDecode(const uint8_t *data, size_t size)
Definition FuzzImage.cpp:14

◆ fuzz_image_decode_incremental()

static void fuzz_image_decode_incremental ( const sk_sp< SkData > &  data)
static

Definition at line 483 of file FuzzMain.cpp.

483 {
484 if (FuzzIncrementalImageDecode(data->bytes(), data->size())) {
485 SkDebugf("[terminated] Success using incremental decode!\n");
486 return;
487 }
488 SkDebugf("[terminated] Could not incrementally decode and image.\n");
489}
FuzzIncrementalImageDecode
bool FuzzIncrementalImageDecode(const uint8_t *data, size_t size)
Definition FuzzIncrementalImage.cpp:13

◆ fuzz_img()

static void fuzz_img ( const sk_sp< SkData > &  bytes,
uint8_t  scale,
uint8_t  mode 
)
static

Definition at line 507 of file FuzzMain.cpp.

507 {
508 // We can scale 1x, 2x, 4x, 8x, 16x
509 scale = scale % 5;
510 float fscale = (float)pow(2.0f, scale);
511 SkDebugf("Scaling factor: %f\n", fscale);
512
513 // We have 5 different modes of decoding.
514 mode = mode % 5;
515 SkDebugf("Mode: %d\n", mode);
516
517 // This is mostly copied from DMSrcSink's CodecSrc::draw method.
518 SkDebugf("Decoding\n");
519 std::unique_ptr<SkCodec> codec(SkCodec::MakeFromData(bytes));
520 if (nullptr == codec) {
521 SkDebugf("[terminated] Couldn't create codec.\n");
522 return;
523 }
524
525 SkImageInfo decodeInfo = codec->getInfo();
526 SkISize size = codec->getScaledDimensions(fscale);
527 decodeInfo = decodeInfo.makeDimensions(size);
528
529 SkBitmap bitmap;
530 SkCodec::Options options;
531 options.fZeroInitialized = SkCodec::kYes_ZeroInitialized;
532
533 if (!bitmap.tryAllocPixelsFlags(decodeInfo, SkBitmap::kZeroPixels_AllocFlag)) {
534 SkDebugf("[terminated] Could not allocate memory. Image might be too large (%d x %d)",
535 decodeInfo.width(), decodeInfo.height());
536 return;
537 }
538
539 switch (mode) {
540 case 0: {//kCodecZeroInit_Mode, kCodec_Mode
541 switch (codec->getPixels(decodeInfo, bitmap.getPixels(), bitmap.rowBytes(), &options)) {
542 case SkCodec::kSuccess:
543 SkDebugf("[terminated] Success!\n");
544 break;
545 case SkCodec::kIncompleteInput:
546 SkDebugf("[terminated] Partial Success\n");
547 break;
548 case SkCodec::kErrorInInput:
549 SkDebugf("[terminated] Partial Success with error\n");
550 break;
551 case SkCodec::kInvalidConversion:
552 SkDebugf("Incompatible colortype conversion\n");
553 // Crash to allow afl-fuzz to know this was a bug.
554 raise(SIGSEGV);
555 break;
556 default:
557 SkDebugf("[terminated] Couldn't getPixels.\n");
558 return;
559 }
560 break;
561 }
562 case 1: {//kScanline_Mode
563 if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)) {
564 SkDebugf("[terminated] Could not start scanline decoder\n");
565 return;
566 }
567
568 void* dst = bitmap.getAddr(0, 0);
569 size_t rowBytes = bitmap.rowBytes();
570 uint32_t height = decodeInfo.height();
571 // We do not need to check the return value. On an incomplete
572 // image, memory will be filled with a default value.
573 codec->getScanlines(dst, height, rowBytes);
574 SkDebugf("[terminated] Success!\n");
575 break;
576 }
577 case 2: { //kStripe_Mode
578 const int height = decodeInfo.height();
579 // This value is chosen arbitrarily. We exercise more cases by choosing a value that
580 // does not align with image blocks.
581 const int stripeHeight = 37;
582 const int numStripes = (height + stripeHeight - 1) / stripeHeight;
583
584 // Decode odd stripes
585 if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)
586 || SkCodec::kTopDown_SkScanlineOrder != codec->getScanlineOrder()) {
587 // This mode was designed to test the new skip scanlines API in libjpeg-turbo.
588 // Jpegs have kTopDown_SkScanlineOrder, and at this time, it is not interesting
589 // to run this test for image types that do not have this scanline ordering.
590 SkDebugf("[terminated] Could not start top-down scanline decoder\n");
591 return;
592 }
593
594 for (int i = 0; i < numStripes; i += 2) {
595 // Skip a stripe
596 const int linesToSkip = std::min(stripeHeight, height - i * stripeHeight);
597 codec->skipScanlines(linesToSkip);
598
599 // Read a stripe
600 const int startY = (i + 1) * stripeHeight;
601 const int linesToRead = std::min(stripeHeight, height - startY);
602 if (linesToRead > 0) {
603 codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes());
604 }
605 }
606
607 // Decode even stripes
608 const SkCodec::Result startResult = codec->startScanlineDecode(decodeInfo);
609 if (SkCodec::kSuccess != startResult) {
610 SkDebugf("[terminated] Failed to restart scanline decoder with same parameters.\n");
611 return;
612 }
613 for (int i = 0; i < numStripes; i += 2) {
614 // Read a stripe
615 const int startY = i * stripeHeight;
616 const int linesToRead = std::min(stripeHeight, height - startY);
617 codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes());
618
619 // Skip a stripe
620 const int linesToSkip = std::min(stripeHeight, height - (i + 1) * stripeHeight);
621 if (linesToSkip > 0) {
622 codec->skipScanlines(linesToSkip);
623 }
624 }
625 SkDebugf("[terminated] Success!\n");
626 break;
627 }
628 case 3: { //kSubset_Mode
629 // Arbitrarily choose a divisor.
630 int divisor = 2;
631 // Total width/height of the image.
632 const int W = codec->getInfo().width();
633 const int H = codec->getInfo().height();
634 if (divisor > W || divisor > H) {
635 SkDebugf("[terminated] Cannot codec subset: divisor %d is too big "
636 "with dimensions (%d x %d)\n", divisor, W, H);
637 return;
638 }
639 // subset dimensions
640 // SkWebpCodec, the only one that supports subsets, requires even top/left boundaries.
641 const int w = SkAlign2(W / divisor);
642 const int h = SkAlign2(H / divisor);
643 SkIRect subset;
644 SkCodec::Options opts;
645 opts.fSubset = &subset;
646 SkBitmap subsetBm;
647 // We will reuse pixel memory from bitmap.
648 void* pixels = bitmap.getPixels();
649 for (int x = 0; x < W; x += w) {
650 for (int y = 0; y < H; y+= h) {
651 // Do not make the subset go off the edge of the image.
652 const int preScaleW = std::min(w, W - x);
653 const int preScaleH = std::min(h, H - y);
654 subset.setXYWH(x, y, preScaleW, preScaleH);
655 // And fscale
656 // FIXME: Should we have a version of getScaledDimensions that takes a subset
657 // into account?
658 decodeInfo = decodeInfo.makeWH(
659 std::max(1, SkScalarRoundToInt(preScaleW * fscale)),
660 std::max(1, SkScalarRoundToInt(preScaleH * fscale)));
661 size_t rowBytes = decodeInfo.minRowBytes();
662 if (!subsetBm.installPixels(decodeInfo, pixels, rowBytes)) {
663 SkDebugf("[terminated] Could not install pixels.\n");
664 return;
665 }
666 const SkCodec::Result result = codec->getPixels(decodeInfo, pixels, rowBytes,
667 &opts);
668 switch (result) {
669 case SkCodec::kSuccess:
670 case SkCodec::kIncompleteInput:
671 case SkCodec::kErrorInInput:
672 SkDebugf("okay\n");
673 break;
674 case SkCodec::kInvalidConversion:
675 if (0 == (x|y)) {
676 // First subset is okay to return unimplemented.
677 SkDebugf("[terminated] Incompatible colortype conversion\n");
678 return;
679 }
680 // If the first subset succeeded, a later one should not fail.
681 [[fallthrough]];
682 case SkCodec::kUnimplemented:
683 if (0 == (x|y)) {
684 // First subset is okay to return unimplemented.
685 SkDebugf("[terminated] subset codec not supported\n");
686 return;
687 }
688 // If the first subset succeeded, why would a later one fail?
689 [[fallthrough]];
690 default:
691 SkDebugf("[terminated] subset codec failed to decode (%d, %d, %d, %d) "
692 "with dimensions (%d x %d)\t error %d\n",
693 x, y, decodeInfo.width(), decodeInfo.height(),
694 W, H, result);
695 return;
696 }
697 }
698 }
699 SkDebugf("[terminated] Success!\n");
700 break;
701 }
702 case 4: { //kAnimated_Mode
703 std::vector<SkCodec::FrameInfo> frameInfos = codec->getFrameInfo();
704 if (frameInfos.size() == 0) {
705 SkDebugf("[terminated] Not an animated image\n");
706 break;
707 }
708
709 for (size_t i = 0; i < frameInfos.size(); i++) {
710 options.fFrameIndex = i;
711 auto result = codec->startIncrementalDecode(decodeInfo, bitmap.getPixels(),
712 bitmap.rowBytes(), &options);
713 if (SkCodec::kSuccess != result) {
714 SkDebugf("[terminated] failed to start incremental decode "
715 "in frame %zu with error %d\n", i, result);
716 return;
717 }
718
719 result = codec->incrementalDecode();
720 if (result == SkCodec::kIncompleteInput || result == SkCodec::kErrorInInput) {
721 SkDebugf("okay\n");
722 // Frames beyond this one will not decode.
723 break;
724 }
725 if (result == SkCodec::kSuccess) {
726 SkDebugf("okay - decoded frame %zu\n", i);
727 } else {
728 SkDebugf("[terminated] incremental decode failed with "
729 "error %d\n", result);
730 return;
731 }
732 }
733 SkDebugf("[terminated] Success!\n");
734 break;
735 }
736 default:
737 SkDebugf("[terminated] Mode not implemented yet\n");
738 }
739
740 dump_png(bitmap);
741}
options
const char * options
Definition CommonFlagsConfig.cpp:43
dump_png
static void dump_png(const SkBitmap &bitmap)
Definition FuzzMain.cpp:453
SkAlign2
static constexpr T SkAlign2(T x)
Definition SkAlign.h:15
SkScalarRoundToInt
#define SkScalarRoundToInt(x)
Definition SkScalar.h:37
W
#define W
Definition aaa.cpp:17
SkBitmap::installPixels
bool installPixels(const SkImageInfo &info, void *pixels, size_t rowBytes, void(*releaseProc)(void *addr, void *context), void *context)
Definition SkBitmap.cpp:323
SkBitmap::kZeroPixels_AllocFlag
@ kZeroPixels_AllocFlag
zero pixel memory. No effect. This is the default.
Definition SkBitmap.h:435
SkCodec::MakeFromData
static std::unique_ptr< SkCodec > MakeFromData(sk_sp< SkData >, SkSpan< const SkCodecs::Decoder > decoders, SkPngChunkReader *=nullptr)
Definition SkCodec.cpp:241
SkCodec::kYes_ZeroInitialized
@ kYes_ZeroInitialized
Definition SkCodec.h:308
SkCodec::kTopDown_SkScanlineOrder
@ kTopDown_SkScanlineOrder
Definition SkCodec.h:581
SkCodec::kInvalidConversion
@ kInvalidConversion
Definition SkCodec.h:96
SkCodec::kIncompleteInput
@ kIncompleteInput
Definition SkCodec.h:84
SkCodec::kUnimplemented
@ kUnimplemented
Definition SkCodec.h:123
SkCodec::kSuccess
@ kSuccess
Definition SkCodec.h:80
SkCodec::kErrorInInput
@ kErrorInInput
Definition SkCodec.h:91
H
#define H
Definition constant_reader.cc:13
result
GAsyncResult * result
Definition fl_text_input_plugin.cc:106
y
double y
Definition mouse-input-test.cc:83
x
double x
Definition mouse-input-test.cc:82
flutter::mode
it will be possible to load the file into Perfetto s trace viewer disable asset Prevents usage of any non test fonts unless they were explicitly Loaded via prefetched default font Indicates whether the embedding started a prefetch of the default font manager before creating the engine run In non interactive mode
Definition switches.h:228
flutter::size
it will be possible to load the file into Perfetto s trace viewer disable asset Prevents usage of any non test fonts unless they were explicitly Loaded via prefetched default font Indicates whether the embedding started a prefetch of the default font manager before creating the engine run In non interactive keep the shell running after the Dart script has completed enable serial On low power devices with low core running concurrent GC tasks on threads can cause them to contend with the UI thread which could potentially lead to jank This option turns off all concurrent GC activities domain network JSON encoded network policy per domain This overrides the DisallowInsecureConnections switch Embedder can specify whether to allow or disallow insecure connections at a domain level old gen heap size
Definition switches.h:259
gn.cp.dst
dst
Definition cp.py:12
w
SkScalar w
Definition pictureshadertile.cpp:30
h
SkScalar h
Definition pictureshadertile.cpp:30
height
int32_t height
Definition serialization_callbacks.cc:1
scale
const Scalar scale
Definition stroke_path_geometry.cc:253
H
Definition SkMD5.cpp:130
SkCodec::Options::fSubset
const SkIRect * fSubset
Definition SkCodec.h:347
SkCodec::Options::fZeroInitialized
ZeroInitialized fZeroInitialized
Definition SkCodec.h:329
SkIRect::setXYWH
void setXYWH(int32_t x, int32_t y, int32_t width, int32_t height)
Definition SkRect.h:268
SkImageInfo::makeWH
SkImageInfo makeWH(int newWidth, int newHeight) const
Definition SkImageInfo.h:444
SkImageInfo::minRowBytes
size_t minRowBytes() const
Definition SkImageInfo.h:517
SkImageInfo::makeDimensions
SkImageInfo makeDimensions(SkISize newSize) const
Definition SkImageInfo.h:454
SkImageInfo::width
int width() const
Definition SkImageInfo.h:365
SkImageInfo::height
int height() const
Definition SkImageInfo.h:371

◆ fuzz_json()

static void fuzz_json ( const sk_sp< SkData > &  data)
static

Definition at line 388 of file FuzzMain.cpp.

388 {
389 FuzzJSON(data->bytes(), data->size());
390 SkDebugf("[terminated] Done parsing!\n");
391}
FuzzJSON
void FuzzJSON(const uint8_t *data, size_t size)
Definition FuzzJSON.cpp:11

◆ fuzz_path_deserialize()

static void fuzz_path_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 759 of file FuzzMain.cpp.

759 {
760 FuzzPathDeserialize(data->bytes(), data->size());
761 SkDebugf("[terminated] path_deserialize didn't crash!\n");
762}
FuzzPathDeserialize
void FuzzPathDeserialize(const uint8_t *data, size_t size)
Definition FuzzPathDeserialize.cpp:14

◆ fuzz_region_deserialize()

static void fuzz_region_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 766 of file FuzzMain.cpp.

766 {
767 if (!FuzzRegionDeserialize(data->bytes(), data->size())) {
768 SkDebugf("[terminated] Couldn't initialize SkRegion.\n");
769 return;
770 }
771 SkDebugf("[terminated] Success! Initialized SkRegion.\n");
772}
FuzzRegionDeserialize
bool FuzzRegionDeserialize(const uint8_t *data, size_t size)
Definition FuzzRegionDeserialize.cpp:14

◆ fuzz_region_set_path()

static void fuzz_region_set_path ( const sk_sp< SkData > &  data)
static

Definition at line 783 of file FuzzMain.cpp.

783 {
784 Fuzz fuzz(data->bytes(), data->size());
785 FuzzRegionSetPath(&fuzz);
786 SkDebugf("[terminated] region_set_path didn't crash!\n");
787}
FuzzRegionSetPath
void FuzzRegionSetPath(Fuzz *fuzz)
Definition FuzzRegionSetPath.cpp:14

◆ fuzz_skdescriptor_deserialize()

static void fuzz_skdescriptor_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 885 of file FuzzMain.cpp.

885 {
886 FuzzSkDescriptorDeserialize(data->bytes(), data->size());
887 SkDebugf("[terminated] Did not crash while deserializing an SkDescriptor.\n");
888}
FuzzSkDescriptorDeserialize
void FuzzSkDescriptorDeserialize(const uint8_t *data, size_t size)
Definition FuzzSkDescriptorDeserialize.cpp:11

◆ fuzz_skmeshspecification()

static void fuzz_skmeshspecification ( const sk_sp< SkData > &  data)
static

Definition at line 798 of file FuzzMain.cpp.

798 {
799 FuzzSkMeshSpecification(data->bytes(), data->size());
800 SkDebugf("[terminated] SkMeshSpecification::Make didn't crash!\n");
801}
FuzzSkMeshSpecification
void FuzzSkMeshSpecification(const uint8_t *fuzzData, size_t fuzzSize)
Definition FuzzSkMeshSpecification.cpp:26

◆ fuzz_skp()

static void fuzz_skp ( const sk_sp< SkData > &  data)
static

Definition at line 745 of file FuzzMain.cpp.

745 {
746 FuzzSKP(data->bytes(), data->size());
747 SkDebugf("[terminated] Finished SKP\n");
748}
FuzzSKP
void FuzzSKP(const uint8_t *data, size_t size)
Definition FuzzSKP.cpp:15

◆ fuzz_skruntimeblender()

static void fuzz_skruntimeblender ( const sk_sp< SkData > &  data)
static

Definition at line 805 of file FuzzMain.cpp.

805 {
806 if (FuzzSkRuntimeBlender(data->bytes(), data->size())) {
807 SkDebugf("[terminated] Success! Compiled and executed SkSL blender.\n");
808 } else {
809 SkDebugf("[terminated] Could not compile or execute SkSL blender.\n");
810 }
811}
FuzzSkRuntimeBlender
bool FuzzSkRuntimeBlender(const uint8_t *data, size_t size)
Definition FuzzSkRuntimeBlender.cpp:59

◆ fuzz_skruntimecolorfilter()

static void fuzz_skruntimecolorfilter ( const sk_sp< SkData > &  data)
static

Definition at line 815 of file FuzzMain.cpp.

815 {
816 if (FuzzSkRuntimeColorFilter(data->bytes(), data->size())) {
817 SkDebugf("[terminated] Success! Compiled and executed SkSL color filter.\n");
818 } else {
819 SkDebugf("[terminated] Could not compile or execute SkSL color filter.\n");
820 }
821}
FuzzSkRuntimeColorFilter
bool FuzzSkRuntimeColorFilter(const uint8_t *data, size_t size)
Definition FuzzSkRuntimeColorFilter.cpp:59

◆ fuzz_skruntimeeffect()

static void fuzz_skruntimeeffect ( const sk_sp< SkData > &  data)
static

Definition at line 825 of file FuzzMain.cpp.

825 {
826 if (FuzzSkRuntimeEffect(data->bytes(), data->size())) {
827 SkDebugf("[terminated] Success! Compiled and executed SkSL shader.\n");
828 } else {
829 SkDebugf("[terminated] Could not compile or execute SkSL shader.\n");
830 }
831}
FuzzSkRuntimeEffect
bool FuzzSkRuntimeEffect(const uint8_t *data, size_t size)
Definition FuzzSkRuntimeEffect.cpp:58

◆ fuzz_sksl2glsl()

static void fuzz_sksl2glsl ( const sk_sp< SkData > &  data)
static

Definition at line 835 of file FuzzMain.cpp.

835 {
836 if (FuzzSKSL2GLSL(data->bytes(), data->size())) {
837 SkDebugf("[terminated] Success! Compiled input to GLSL.\n");
838 } else {
839 SkDebugf("[terminated] Could not compile input to GLSL.\n");
840 }
841}
FuzzSKSL2GLSL
bool FuzzSKSL2GLSL(const uint8_t *data, size_t size)
Definition FuzzSKSL2GLSL.cpp:17

◆ fuzz_sksl2metal()

static void fuzz_sksl2metal ( const sk_sp< SkData > &  data)
static

Definition at line 845 of file FuzzMain.cpp.

845 {
846 if (FuzzSKSL2Metal(data->bytes(), data->size())) {
847 SkDebugf("[terminated] Success! Compiled input to Metal.\n");
848 } else {
849 SkDebugf("[terminated] Could not compile input to Metal.\n");
850 }
851}
FuzzSKSL2Metal
bool FuzzSKSL2Metal(const uint8_t *data, size_t size)
Definition FuzzSKSL2Metal.cpp:17

◆ fuzz_sksl2pipeline()

static void fuzz_sksl2pipeline ( const sk_sp< SkData > &  data)
static

Definition at line 855 of file FuzzMain.cpp.

855 {
856 if (FuzzSKSL2Pipeline(data->bytes(), data->size())) {
857 SkDebugf("[terminated] Success! Compiled input to pipeline stage.\n");
858 } else {
859 SkDebugf("[terminated] Could not compile input to pipeline stage.\n");
860 }
861}
FuzzSKSL2Pipeline
bool FuzzSKSL2Pipeline(const uint8_t *data, size_t size)
Definition FuzzSKSL2Pipeline.cpp:18

◆ fuzz_sksl2spirv()

static void fuzz_sksl2spirv ( const sk_sp< SkData > &  data)
static

Definition at line 865 of file FuzzMain.cpp.

865 {
866 if (FuzzSKSL2SPIRV(data->bytes(), data->size())) {
867 SkDebugf("[terminated] Success! Compiled input to SPIR-V.\n");
868 } else {
869 SkDebugf("[terminated] Could not compile input to SPIR-V.\n");
870 }
871}
FuzzSKSL2SPIRV
bool FuzzSKSL2SPIRV(const uint8_t *data, size_t size)
Definition FuzzSKSL2SPIRV.cpp:17

◆ fuzz_sksl2wgsl()

static void fuzz_sksl2wgsl ( const sk_sp< SkData > &  data)
static

Definition at line 875 of file FuzzMain.cpp.

875 {
876 if (FuzzSKSL2WGSL(data->bytes(), data->size())) {
877 SkDebugf("[terminated] Success! Compiled input to WGSL.\n");
878 } else {
879 SkDebugf("[terminated] Could not compile input to WGSL.\n");
880 }
881}
FuzzSKSL2WGSL
bool FuzzSKSL2WGSL(const uint8_t *data, size_t size)
Definition FuzzSKSL2WGSL.cpp:17

◆ fuzz_textblob_deserialize()

static void fuzz_textblob_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 776 of file FuzzMain.cpp.

776 {
777 FuzzTextBlobDeserialize(data->bytes(), data->size());
778 SkDebugf("[terminated] textblob didn't crash!\n");
779}
FuzzTextBlobDeserialize
void FuzzTextBlobDeserialize(const uint8_t *data, size_t size)
Definition FuzzTextBlobDeserialize.cpp:15

◆ FuzzAndroidCodec()

bool FuzzAndroidCodec ( const uint8_t *  fuzzData,
size_t  fuzzSize,
uint8_t  sampleSize 
)

Definition at line 17 of file FuzzAndroidCodec.cpp.

17 {
18 auto codec = SkAndroidCodec::MakeFromStream(SkMemoryStream::MakeDirect(fuzzData, fuzzSize));
19 if (!codec) {
20 return false;
21 }
22
23 auto size = codec->getSampledDimensions(sampleSize);
24 auto info = SkImageInfo::MakeN32Premul(size);
25 SkBitmap bm;
26 if (!bm.tryAllocPixels(info)) {
27 // May fail in memory-constrained fuzzing environments
28 return false;
29 }
30
31 SkAndroidCodec::AndroidOptions options;
32 options.fSampleSize = sampleSize;
33
34 auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options);
35 switch (result) {
36 case SkCodec::kSuccess:
37 case SkCodec::kIncompleteInput:
38 case SkCodec::kErrorInInput:
39 break;
40 default:
41 return false;
42 }
43
44 SkGainmapInfo gainmapInfo;
45 auto gainmapImageStream = std::unique_ptr<SkStream>();
46
47 if (codec->getAndroidGainmap(&gainmapInfo, &gainmapImageStream)) {
48 // Do something with the outputs so the compiler does not optimize the call away.
49 if (!std::isfinite(gainmapInfo.fDisplayRatioSdr)) {
50 return false;
51 }
52 if (gainmapImageStream->getLength() > 100000000) {
53 return false;
54 }
55 }
56
57 auto surface = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(size.width(), size.height()));
58 if (!surface) {
59 // May return nullptr in memory-constrained fuzzing environments
60 return false;
61 }
62
63 surface->getCanvas()->drawImage(bm.asImage(), 0, 0);
64 return true;
65}
info
static void info(const char *fmt,...) SK_PRINTF_LIKE(1
Definition DM.cpp:213
SkAndroidCodec::MakeFromStream
static std::unique_ptr< SkAndroidCodec > MakeFromStream(std::unique_ptr< SkStream >, SkPngChunkReader *=nullptr)
Definition SkAndroidCodec.cpp:206
SkBitmap::asImage
sk_sp< SkImage > asImage() const
Definition SkBitmap.cpp:645
SkBitmap::rowBytes
size_t rowBytes() const
Definition SkBitmap.h:238
SkBitmap::getPixels
void * getPixels() const
Definition SkBitmap.h:283
SkBitmap::info
const SkImageInfo & info() const
Definition SkBitmap.h:139
SkBitmap::tryAllocPixels
bool tryAllocPixels(const SkImageInfo &info, size_t rowBytes)
Definition SkBitmap.cpp:271
SkMemoryStream::MakeDirect
static std::unique_ptr< SkMemoryStream > MakeDirect(const void *data, size_t length)
Definition SkStream.cpp:310
surface
VkSurfaceKHR surface
Definition main.cc:49
SkSurfaces::Raster
SK_API sk_sp< SkSurface > Raster(const SkImageInfo &imageInfo, size_t rowBytes, const SkSurfaceProps *surfaceProps)
Definition SkSurface_Raster.cpp:186
SkGainmapInfo::fDisplayRatioSdr
float fDisplayRatioSdr
Definition SkGainmapInfo.h:63
SkImageInfo::MakeN32Premul
static SkImageInfo MakeN32Premul(int width, int height)
Definition SkImageInfo.cpp:157

◆ FuzzAnimatedImage()

bool FuzzAnimatedImage ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzAnimatedImage.cpp.

14 {
15 auto codec = SkAndroidCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
16 if (nullptr == codec) {
17 return false;
18 }
19 auto aImg = SkAnimatedImage::Make(std::move(codec));
20 if (nullptr == aImg) {
21 return false;
22 }
23
24 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
25 if (!s) {
26 // May return nullptr in memory-constrained fuzzing environments
27 return false;
28 }
29
30 int escape = 0;
31 while (!aImg->isFinished() && escape < 100) {
32 aImg->draw(s->getCanvas());
33 escape++;
34 aImg->decodeNextFrame();
35 }
36 return true;
37}
SkAnimatedImage::Make
static sk_sp< SkAnimatedImage > Make(std::unique_ptr< SkAndroidCodec >, const SkImageInfo &info, SkIRect cropRect, sk_sp< SkPicture > postProcess)
Definition SkAnimatedImage.cpp:23
s
struct MyStruct s

◆ FuzzColorspace()

void FuzzColorspace ( const uint8_t *  data,
size_t  size 
)

Definition at line 13 of file FuzzColorspace.cpp.

13 {
14 sk_sp<SkColorSpace> space(SkColorSpace::Deserialize(data, size));
15 if (!space) {
16 return;
17 }
18 // Call some arbitrary methods on the colorspace, using a throw-away
19 // variable to prevent the compiler from optimizing things away.
20 int i = 0;
21 if (space->gammaCloseToSRGB()) {
22 i += 1;
23 }
24 if (space->gammaIsLinear()) {
25 i += 1;
26 }
27 if (space->isSRGB()) {
28 i += 1;
29 }
30 skcms_ICCProfile profile;
31 space->toProfile(&profile);
32 sk_sp<SkColorSpace> space2 = space->makeLinearGamma()->makeSRGBGamma()->makeColorSpin();
33 sk_sp<SkData> data1 = space->serialize();
34 if (SkColorSpace::Equals(space.get(), space2.get()) && i > 5) {
35 SkDebugf("Should never happen %d", (int)data1->size());
36 space2->writeToMemory(nullptr);
37 }
38}
SkColorSpace::Equals
static bool Equals(const SkColorSpace *, const SkColorSpace *)
Definition SkColorSpace.cpp:291
SkColorSpace::Deserialize
static sk_sp< SkColorSpace > Deserialize(const void *data, size_t length)
Definition SkColorSpace.cpp:266
sk_sp::get
T * get() const
Definition SkRefCnt.h:303
gn.codesign_ios.profile
profile
Definition codesign_ios.py:22
skcms_ICCProfile
Definition skcms_public.h:173

◆ FuzzCOLRv1()

void FuzzCOLRv1 ( const uint8_t *  data,
size_t  size 
)

Definition at line 19 of file FuzzCOLRv1.cpp.

19 {
20 // We do not want the portable fontmgr here, as it does not allow creation of fonts from bytes.
21 sk_sp<SkFontMgr> mgr = ToolUtils::TestFontMgr();
22 std::unique_ptr<SkStreamAsset> stream = SkMemoryStream::MakeDirect(data, size);
23 sk_sp<SkTypeface> typeface = mgr->makeFromStream(std::move(stream), 0);
24
25 if (!typeface) {
26 return;
27 }
28
29 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
30 if (!s) {
31 return;
32 }
33
34 // Place at a baseline in the lower part of the canvas square, but canvas size and baseline
35 // placement are chosen arbitrarily and we just need to cover colrv1 rendering in this
36 // fuzz test.
37 SkFont colrv1Font = SkFont(typeface, 120);
38 SkCanvas* canvas = s->getCanvas();
39 SkPaint paint;
40 int numGlyphs = typeface->countGlyphs();
41
42 for (int i = 0; i < std::min(numGlyphs, 10); ++i) {
43 SkPoint origin = SkPoint::Make(10, 108);
44 SkPoint position = SkPoint::Make(0, 0);
45 SkGlyphID glyphId = i;
46 canvas->drawGlyphs(1, &glyphId, &position, origin, colrv1Font, paint);
47 }
48}
SkGlyphID
uint16_t SkGlyphID
Definition SkTypes.h:179
SkCanvas::drawGlyphs
void drawGlyphs(int count, const SkGlyphID glyphs[], const SkPoint positions[], const uint32_t clusters[], int textByteCount, const char utf8text[], SkPoint origin, const SkFont &font, const SkPaint &paint)
paint
const Paint & paint
Definition color_source.cc:38
ToolUtils::TestFontMgr
sk_sp< SkFontMgr > TestFontMgr()
Definition FontToolUtils.cpp:247
dart_profiler_symbols.stream
stream
Definition dart_profiler_symbols.py:81
SkPoint::Make
static constexpr SkPoint Make(float x, float y)
Definition SkPoint_impl.h:173

◆ FuzzImageDecode()

bool FuzzImageDecode ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzImage.cpp.

14 {
15 auto img = SkImages::DeferredFromEncodedData(SkData::MakeWithoutCopy(data, size));
16 if (nullptr == img.get()) {
17 return false;
18 }
19
20 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
21 if (!s) {
22 // May return nullptr in memory-constrained fuzzing environments
23 return false;
24 }
25
26 s->getCanvas()->drawImage(img, 0, 0);
27 return true;
28}
SkData::MakeWithoutCopy
static sk_sp< SkData > MakeWithoutCopy(const void *data, size_t length)
Definition SkData.h:116
SkImages::DeferredFromEncodedData
SK_API sk_sp< SkImage > DeferredFromEncodedData(sk_sp< SkData > encoded, std::optional< SkAlphaType > alphaType=std::nullopt)
Definition SkImageGenerator_FromEncoded.cpp:52

◆ FuzzImageFilterDeserialize()

void FuzzImageFilterDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 16 of file FuzzImageFilterDeserialize.cpp.

16 {
17 const int BitmapSize = 24;
18 SkBitmap bitmap;
19 bitmap.allocN32Pixels(BitmapSize, BitmapSize);
20 SkCanvas canvas(bitmap);
21 canvas.clear(0x00000000);
22
23 auto flattenable = SkImageFilter::Deserialize(data, size);
24
25 if (flattenable != nullptr) {
26 // Let's see if using the filters can cause any trouble...
27 SkPaint paint;
28 paint.setImageFilter(flattenable);
29 canvas.save();
30 canvas.clipIRect(bitmap.bounds());
31
32 // This call shouldn't crash or cause ASAN to flag any memory issues
33 // If nothing bad happens within this call, everything is fine
34 canvas.drawImage(bitmap.asImage(), 0, 0, SkSamplingOptions(), &paint);
35
36 canvas.restore();
37 }
38}
SkImageFilter::Deserialize
static sk_sp< SkImageFilter > Deserialize(const void *data, size_t size, const SkDeserialProcs *procs=nullptr)
Definition SkImageFilter.h:101

◆ FuzzIncrementalImageDecode()

bool FuzzIncrementalImageDecode ( const uint8_t *  data,
size_t  size 
)

Definition at line 13 of file FuzzIncrementalImage.cpp.

13 {
14 auto codec = SkCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
15 if (!codec) {
16 return false;
17 }
18
19 SkBitmap bm;
20 if (!bm.tryAllocPixels(codec->getInfo())) {
21 // May fail in memory-constrained fuzzing environments
22 return false;
23 }
24
25 auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
26 if (result != SkCodec::kSuccess) {
27 return false;
28 }
29
30 // Deliberately uninitialized to verify that incrementalDecode initializes it when it
31 // returns kIncompleteInput or kErrorInInput.
32 int rowsDecoded;
33 result = codec->incrementalDecode(&rowsDecoded);
34 switch (result) {
35 case SkCodec::kIncompleteInput:
36 case SkCodec::kErrorInInput:
37 if (rowsDecoded < bm.height()) {
38 void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
39 sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
40 }
41 return true; // decoded a partial image
42 case SkCodec::kSuccess:
43 return true;
44 default:
45 return false;
46 }
47}
sk_bzero
static void sk_bzero(void *buffer, size_t size)
Definition SkMalloc.h:105
SkBitmap::height
int height() const
Definition SkBitmap.h:158
SkCodec::MakeFromStream
static std::unique_ptr< SkCodec > MakeFromStream(std::unique_ptr< SkStream >, SkSpan< const SkCodecs::Decoder > decoders, Result *=nullptr, SkPngChunkReader *=nullptr, SelectionPolicy selectionPolicy=SelectionPolicy::kPreferStillImage)
Definition SkCodec.cpp:163

◆ FuzzJSON()

void FuzzJSON ( const uint8_t *  data,
size_t  size 
)

Definition at line 11 of file FuzzJSON.cpp.

11 {
12 skjson::DOM dom(reinterpret_cast<const char*>(data), size);
13 SkDynamicMemoryWStream wstream;
14 dom.write(&wstream);
15}
dom
Definition dom.py:1

◆ FuzzPathDeserialize()

void FuzzPathDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzPathDeserialize.cpp.

14 {
15 SkReadBuffer buf(data, size);
16
17 SkPath path;
18 buf.readPath(&path);
19 if (!buf.isValid()) {
20 return;
21 }
22
23 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
24 if (!s) {
25 // May return nullptr in memory-constrained fuzzing environments
26 return;
27 }
28 s->getCanvas()->drawPath(path, SkPaint());
29}

◆ FuzzRegionDeserialize()

bool FuzzRegionDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzRegionDeserialize.cpp.

14 {
15 SkRegion region;
16 if (!region.readFromMemory(data, size)) {
17 return false;
18 }
19 region.computeRegionComplexity();
20 region.isComplex();
21 SkRegion r2;
22 if (region == r2) {
23 region.contains(0,0);
24 } else {
25 region.contains(1,1);
26 }
27 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
28 if (!s) {
29 // May return nullptr in memory-constrained fuzzing environments
30 return false;
31 }
32 s->getCanvas()->drawRegion(region, SkPaint());
33 SkDEBUGCODE(SkRegionPriv::Validate(region));
34 return true;
35}
SkDEBUGCODE
#define SkDEBUGCODE(...)
Definition SkDebug.h:23
SkRegion::readFromMemory
size_t readFromMemory(const void *buffer, size_t length)
Definition SkRegion.cpp:1276
SkRegion::contains
bool contains(int32_t x, int32_t y) const
Definition SkRegion.cpp:364
SkRegion::isComplex
bool isComplex() const
Definition SkRegion.h:158
SkRegion::computeRegionComplexity
int computeRegionComplexity() const
Definition SkRegion.cpp:176
SkRecords::region
ClipOpAndAA opAA SkRegion region
Definition SkRecords.h:238

◆ FuzzRegionSetPath()

void FuzzRegionSetPath ( Fuzz fuzz)

Definition at line 14 of file FuzzRegionSetPath.cpp.

14 {
15 SkPath p;
16 FuzzNicePath(fuzz, &p, 1000);
17 SkRegion r1;
18 bool initR1;
19 fuzz->next(&initR1);
20 if (initR1) {
21 fuzz->next(&r1);
22 }
23 SkRegion r2;
24 fuzz->next(&r2);
25
26 r1.setPath(p, r2);
27
28 // Do some follow on computations to make sure region is well-formed.
29 r1.computeRegionComplexity();
30 r1.isComplex();
31 if (r1 == r2) {
32 r1.contains(0,0);
33 } else {
34 r1.contains(1,1);
35 }
36}
FuzzNicePath
void FuzzNicePath(Fuzz *fuzz, SkPath *path, int maxOps)
Definition FuzzCommon.cpp:37
Fuzz::next
void next(T *t)
Definition Fuzz.h:64
SkRegion::setPath
bool setPath(const SkPath &path, const SkRegion &clip)
Definition SkRegion_path.cpp:338
dart_profiler_symbols.p
p
Definition dart_profiler_symbols.py:55

◆ FuzzSkDescriptorDeserialize()

void FuzzSkDescriptorDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 11 of file FuzzSkDescriptorDeserialize.cpp.

11 {
12 SkReadBuffer buffer{data, size};
13 auto sut = SkAutoDescriptor::MakeFromBuffer(buffer);
14 if (!sut.has_value()) {
15 return;
16 }
17
18 auto desc = sut->getDesc();
19
20 desc->computeChecksum();
21 desc->isValid();
22
23 // An arbitrary number
24 uint32_t tagToFind = 117;
25
26 uint32_t ignore;
27 desc->findEntry(tagToFind, &ignore);
28}
SkAutoDescriptor::MakeFromBuffer
static std::optional< SkAutoDescriptor > MakeFromBuffer(SkReadBuffer &buffer)
Definition SkDescriptor.cpp:175
buffer
static const uint8_t buffer[]
Definition fl_pixel_buffer_texture_test.cc:44
import_conformance_tests.desc
desc
Definition import_conformance_tests.py:63

◆ FuzzSkMeshSpecification()

void FuzzSkMeshSpecification ( const uint8_t *  fuzzData,
size_t  fuzzSize 
)

Definition at line 26 of file FuzzSkMeshSpecification.cpp.

26 {
27 using Attribute = SkMeshSpecification::Attribute;
28 using Varying = SkMeshSpecification::Varying;
29
30 SkSpan<const uint8_t> data(fuzzData, fuzzSize);
31 STArray<SkMeshSpecification::kMaxAttributes, Attribute> attributes;
32 STArray<SkMeshSpecification::kMaxVaryings, Varying> varyings;
33 size_t vertexStride;
34 SkString vs, fs;
35
36 auto fuzzByteToASCII = [&](uint8_t c, SkString* str) -> bool {
37 // Most control characters (including \0) and all high ASCII are treated as stop bytes.
38 if ((c >= 32 && c <= 127) || c == '\r' || c == '\n' || c == '\t') {
39 char ascii = c;
40 str->append(&ascii, 1);
41 return true;
42 }
43 return false;
44 };
45
46 auto fuzzByteToSkSL = [&](uint8_t c, SkString* str) -> bool {
47 // In the 0x00 - 0x80 range, treat characters as ASCII.
48 if (c < 128) {
49 return fuzzByteToASCII(c, str);
50 }
51 c -= 128;
52
53 // Dedicate a few bytes to injecting our attribute and varying names.
54 if (c < SkMeshSpecification::kMaxAttributes) {
55 if (!attributes.empty()) {
56 str->append(attributes[c % attributes.size()].name);
57 }
58 return true;
59 }
60 c -= SkMeshSpecification::kMaxAttributes;
61
62 if (c < SkMeshSpecification::kMaxVaryings) {
63 if (!varyings.empty()) {
64 str->append(varyings[c % varyings.size()].name);
65 }
66 return true;
67 }
68 c -= SkMeshSpecification::kMaxVaryings;
69
70 // Replace the remaining high-ASCII bytes with valid SkSL operators and keywords in order to
71 // improve our chances of generating a program. (We omit single-character operators since
72 // single-byte versions of those already exist in the low-ASCII space.)
73 static constexpr std::string_view kSkSLData[] = {
74 " true ",
75 " false ",
76 " if ",
77 " else ",
78 " for ",
79 " while ",
80 " do ",
81 " switch ",
82 " case ",
83 " default ",
84 " break ",
85 " continue ",
86 " discard ",
87 " return ",
88 " in ",
89 " out ",
90 " inout ",
91 " uniform ",
92 " const ",
93 " flat ",
94 " noperspective ",
95 " inline ",
96 " noinline ",
97 " $pure ",
98 " readonly ",
99 " writeonly ",
100 " buffer ",
101 " struct ",
102 " layout ",
103 " highp ",
104 " mediump ",
105 " lowp ",
106 " $es3 ",
107 " $export ",
108 " workgroup ",
109 " << ",
110 " >> ",
111 " && ",
112 " || ",
113 " ^^ ",
114 " == ",
115 " != ",
116 " <= ",
117 " >= ",
118 " += ",
119 " -= ",
120 " *= ",
121 " /= ",
122 " %= ",
123 " <<= ",
124 " >>= ",
125 " &= ",
126 " |= ",
127 " ^= ",
128 " ++ ",
129 " -- ",
130 " //",
131 " /*",
132 "*/ ",
133 " float",
134 " half",
135 " int",
136 " uint",
137 " short",
138 " ushort",
139 " bool",
140 " void",
141 " vec",
142 " ivec",
143 " bvec",
144 " mat",
145 " Attributes ",
146 " Varyings ",
147 };
148
149 c %= std::size(kSkSLData);
150 str->append(kSkSLData[c]);
151 return true;
152 };
153
154 // Pick a vertex stride; intentionally allow some bad values through.
155 vertexStride = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
156
157 while (!data.empty()) {
158 uint8_t control = extract<uint8_t>(data) % 4;
159 // A control code with no payload can be ignored.
160 if (data.empty()) {
161 break;
162 }
163 switch (control) {
164 case 0: {
165 // Add an attribute.
166 Attribute& a = attributes.push_back();
167 a.type = (Attribute::Type)(extract<uint8_t>(data) %
168 ((int)Attribute::Type::kLast + 1));
169 a.offset = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
170 while (uint8_t c = extract<char>(data)) {
171 if (!fuzzByteToASCII(c, &a.name)) {
172 break;
173 }
174 }
175 break;
176 }
177 case 1: {
178 // Add a varying.
179 Varying& v = varyings.push_back();
180 v.type = (Varying::Type)(extract<uint8_t>(data) % ((int)Varying::Type::kLast + 1));
181 while (uint8_t c = extract<char>(data)) {
182 if (!fuzzByteToASCII(c, &v.name)) {
183 break;
184 }
185 }
186 break;
187 }
188 case 2: {
189 // Convert the following data into SkSL and add it into the vertex program.
190 while (uint8_t c = extract<char>(data)) {
191 if (!fuzzByteToSkSL(c, &vs)) {
192 break;
193 }
194 }
195 break;
196 }
197 case 3: {
198 // Convert the following data into SkSL and add it into the fragment program.
199 while (uint8_t c = extract<char>(data)) {
200 if (!fuzzByteToSkSL(c, &fs)) {
201 break;
202 }
203 }
204 break;
205 }
206 }
207 }
208
209 auto result = SkMeshSpecification::Make(attributes, vertexStride, varyings, vs, fs);
210 if (result.error.isEmpty()) {
211 // TODO: synthesize a mesh with this specification and paint it.
212 printf("----\n%s\n----\n\n----\n%s\n----\n\n\n", vs.c_str(), fs.c_str());
213 }
214}
int
Type::kYUV Type::kRGBA() int(0.7 *637)
SkMeshSpecification::kMaxVaryings
static constexpr size_t kMaxVaryings
Definition SkMesh.h:72
SkMeshSpecification::kMaxAttributes
static constexpr size_t kMaxAttributes
Definition SkMesh.h:69
SkMeshSpecification::kMaxStride
static constexpr size_t kMaxStride
Definition SkMesh.h:68
SkMeshSpecification::Make
static Result Make(SkSpan< const Attribute > attributes, size_t vertexStride, SkSpan< const Varying > varyings, const SkString &vs, const SkString &fs)
Definition SkMesh.cpp:389
SkString::append
void append(const char text[])
Definition SkString.h:203
SkString::c_str
const char * c_str() const
Definition SkString.h:133
skia_private::STArray
Definition SkTArray.h:744
skia_private::TArray::empty
bool empty() const
Definition SkTArray.h:194
skia_private::TArray::size
int size() const
Definition SkTArray.h:416
skia_private::TArray::push_back
T & push_back()
Definition SkTArray.h:200
a
struct MyStruct a[10]
SkSL::String::printf
std::string printf(const char *fmt,...) SK_PRINTF_LIKE(1
Definition SkSLString.cpp:83

◆ FuzzSKP()

void FuzzSKP ( const uint8_t *  data,
size_t  size 
)

Definition at line 15 of file FuzzSKP.cpp.

15 {
16 sk_sp<SkPicture> pic = SkPicture::MakeFromData(data, size);
17 if (!pic) {
18 return;
19 }
20 sk_sp<SkSurface> surface = SkSurfaces::Raster(
21 SkImageInfo::MakeN32Premul(kCanvasSize.width(), kCanvasSize.height()));
22 surface->getCanvas()->drawPicture(pic);
23 pic->approximateBytesUsed();
24 pic->approximateOpCount();
25 return;
26}
kCanvasSize
static constexpr SkISize kCanvasSize
Definition FuzzSKP.cpp:13
SkPicture::MakeFromData
static sk_sp< SkPicture > MakeFromData(const SkData *data, const SkDeserialProcs *procs=nullptr)
Definition SkPicture.cpp:160
SkISize::width
constexpr int32_t width() const
Definition SkSize.h:36
SkISize::height
constexpr int32_t height() const
Definition SkSize.h:37

◆ FuzzSkRuntimeBlender()

bool FuzzSkRuntimeBlender ( const uint8_t *  data,
size_t  size 
)

Definition at line 59 of file FuzzSkRuntimeBlender.cpp.

59 {
60 // Test once with optimization disabled...
61 SkString shaderText{reinterpret_cast<const char*>(data), size};
62 SkRuntimeEffect::Options options;
63 options.forceUnoptimized = true;
64 bool result = FuzzSkRuntimeBlender_Once(shaderText, options);
65
66 // ... and then with optimization enabled.
67 options.forceUnoptimized = false;
68 result = FuzzSkRuntimeBlender_Once(shaderText, options) || result;
69
70 return result;
71}
FuzzSkRuntimeBlender_Once
static bool FuzzSkRuntimeBlender_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition FuzzSkRuntimeBlender.cpp:30

◆ FuzzSkRuntimeColorFilter()

bool FuzzSkRuntimeColorFilter ( const uint8_t *  data,
size_t  size 
)

Definition at line 59 of file FuzzSkRuntimeColorFilter.cpp.

59 {
60 // Test once with optimization disabled...
61 SkString shaderText{reinterpret_cast<const char*>(data), size};
62 SkRuntimeEffect::Options options;
63 options.forceUnoptimized = true;
64 bool result = FuzzSkRuntimeColorFilter_Once(shaderText, options);
65
66 // ... and then with optimization enabled.
67 options.forceUnoptimized = false;
68 result = FuzzSkRuntimeColorFilter_Once(shaderText, options) || result;
69
70 return result;
71}
FuzzSkRuntimeColorFilter_Once
static bool FuzzSkRuntimeColorFilter_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition FuzzSkRuntimeColorFilter.cpp:30

◆ FuzzSkRuntimeEffect()

bool FuzzSkRuntimeEffect ( const uint8_t *  data,
size_t  size 
)

Definition at line 58 of file FuzzSkRuntimeEffect.cpp.

58 {
59 // Test once with optimization disabled...
60 SkString shaderText{reinterpret_cast<const char*>(data), size};
61 SkRuntimeEffect::Options options;
62 options.forceUnoptimized = true;
63 bool result = FuzzSkRuntimeEffect_Once(shaderText, options);
64
65 // ... and then with optimization enabled.
66 options.forceUnoptimized = false;
67 result = FuzzSkRuntimeEffect_Once(shaderText, options) || result;
68
69 return result;
70}
FuzzSkRuntimeEffect_Once
static bool FuzzSkRuntimeEffect_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition FuzzSkRuntimeEffect.cpp:30

◆ FuzzSKSL2GLSL()

bool FuzzSKSL2GLSL ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2GLSL.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToGLSL(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ShaderCapsFactory::Default
static const ShaderCaps * Default()
Definition SkSLUtil.h:166
SkSL::ToGLSL
bool ToGLSL(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition SkSLGLSLCodeGenerator.cpp:2023
dart_profiler_symbols.output
output
Definition dart_profiler_symbols.py:51
gn.compile_sksl_tests.settings
settings
Definition compile_sksl_tests.py:18

◆ FuzzSKSL2Metal()

bool FuzzSKSL2Metal ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2Metal.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToMetal(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ToMetal
bool ToMetal(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition SkSLMetalCodeGenerator.cpp:3580

◆ FuzzSKSL2Pipeline()

bool FuzzSKSL2Pipeline ( const uint8_t *  data,
size_t  size 
)

Definition at line 18 of file FuzzSKSL2Pipeline.cpp.

18 {
19 SkSL::Compiler compiler;
20 SkSL::ProgramSettings settings;
21 std::unique_ptr<SkSL::Program> program =
22 compiler.convertProgram(SkSL::ProgramKind::kRuntimeShader,
23 std::string(reinterpret_cast<const char*>(data), size),
24 settings);
25 if (!program) {
26 return false;
27 }
28
29 class Callbacks : public SkSL::PipelineStage::Callbacks {
30 std::string declareUniform(const SkSL::VarDeclaration* decl) override {
31 return std::string(decl->var()->name());
32 }
33
34 void defineFunction(const char* /*decl*/, const char* /*body*/, bool /*isMain*/) override {}
35 void declareFunction(const char* /*decl*/) override {}
36 void defineStruct(const char* /*definition*/) override {}
37 void declareGlobal(const char* /*declaration*/) override {}
38
39 std::string sampleShader(int index, std::string coords) override {
40 return "child_" + std::to_string(index) + ".eval(" + coords + ")";
41 }
42
43 std::string sampleColorFilter(int index, std::string color) override {
44 return "child_" + std::to_string(index) + ".eval(" + color + ")";
45 }
46
47 std::string sampleBlender(int index, std::string src, std::string dst) override {
48 return "child_" + std::to_string(index) + ".eval(" + src + ", " + dst + ")";
49 }
50
51 std::string toLinearSrgb(std::string color) override { return color; }
52 std::string fromLinearSrgb(std::string color) override { return color; }
53 };
54
55 Callbacks callbacks;
56 SkSL::PipelineStage::ConvertProgram(*program, "coords", "inColor", "half4(1)", &callbacks);
57 return true;
58}
color
SkColor4f color
Definition ImageShaderTest.cpp:28
SkSL::PipelineStage::Callbacks::sampleShader
virtual std::string sampleShader(int index, std::string coords)=0
SkSL::PipelineStage::Callbacks::sampleBlender
virtual std::string sampleBlender(int index, std::string src, std::string dst)=0
SkSL::PipelineStage::Callbacks::defineStruct
virtual void defineStruct(const char *definition)=0
SkSL::PipelineStage::Callbacks::declareFunction
virtual void declareFunction(const char *declaration)=0
SkSL::PipelineStage::Callbacks::toLinearSrgb
virtual std::string toLinearSrgb(std::string color)=0
SkSL::PipelineStage::Callbacks::declareGlobal
virtual void declareGlobal(const char *declaration)=0
SkSL::PipelineStage::Callbacks::sampleColorFilter
virtual std::string sampleColorFilter(int index, std::string color)=0
SkSL::PipelineStage::Callbacks::fromLinearSrgb
virtual std::string fromLinearSrgb(std::string color)=0
SkSL::PipelineStage::Callbacks::defineFunction
virtual void defineFunction(const char *declaration, const char *body, bool isMain)=0
SkSL::PipelineStage::Callbacks::declareUniform
virtual std::string declareUniform(const VarDeclaration *)=0
SkSL::Symbol::name
std::string_view name() const
Definition SkSLSymbol.h:51
SkSL::VarDeclaration::var
Variable * var() const
Definition SkSLVarDeclarations.h:96
SkSL::PipelineStage::ConvertProgram
void ConvertProgram(const Program &program, const char *sampleCoords, const char *inputColor, const char *destColor, Callbacks *callbacks)
Definition SkSLPipelineStageCodeGenerator.cpp:806
mskp_parser.src
src
Definition mskp_parser.py:22

◆ FuzzSKSL2SPIRV()

bool FuzzSKSL2SPIRV ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2SPIRV.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20
21 // This tells the compiler where the rt-flip uniform will live should it be required. For
22 // fuzzing purposes we don't care where that is, but the compiler will report an error if we
23 // leave them at their default invalid values, or if the offset overlaps another uniform.
24 settings.fRTFlipOffset = 16384;
25 settings.fRTFlipSet = 0;
26 settings.fRTFlipBinding = 0;
27
28 std::unique_ptr<SkSL::Program> program =
29 compiler.convertProgram(SkSL::ProgramKind::kFragment,
30 std::string(reinterpret_cast<const char*>(data), size),
31 settings);
32 std::string output;
33 if (!program || !SkSL::ToSPIRV(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
34 return false;
35 }
36 return true;
37}
SkSL::ToSPIRV
bool ToSPIRV(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition SkSLSPIRVCodeGenerator.cpp:5346

◆ FuzzSKSL2WGSL()

bool FuzzSKSL2WGSL ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2WGSL.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToWGSL(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ToWGSL
bool ToWGSL(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition SkSLWGSLCodeGenerator.cpp:4546

◆ FuzzTextBlobDeserialize()

void FuzzTextBlobDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 15 of file FuzzTextBlobDeserialize.cpp.

15 {
16 SkReadBuffer buf(data, size);
17 auto tb = SkTextBlobPriv::MakeFromBuffer(buf);
18 if (!buf.isValid()) {
19 return;
20 }
21
22 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
23 if (!s) {
24 // May return nullptr in memory-constrained fuzzing environments
25 return;
26 }
27 s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint());
28}
SkTextBlobPriv::MakeFromBuffer
static sk_sp< SkTextBlob > MakeFromBuffer(SkReadBuffer &)
Definition SkTextBlob.cpp:705

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 119 of file FuzzMain.cpp.

119 {
120 CommandLineFlags::SetUsage(
121 "Usage: fuzz -t <type> -b <path/to/file> [-n api-to-fuzz]\n"
122 " fuzz -b <path/to/file>\n"
123 "--help lists the valid types. If type is not specified,\n"
124 "fuzz will make a guess based on the name of the file.\n");
125 CommandLineFlags::Parse(argc, argv);
126 ToolUtils::UsePortableFontMgr();
127
128 SkString path = SkString(FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]);
129 SkString type = SkString(FLAGS_type.isEmpty() ? "" : FLAGS_type[0]);
130
131 int loopCount = std::max(FLAGS_loops, 1);
132
133 if (!sk_isdir(path.c_str())) {
134 for (int i = 0; i < loopCount; ++i) {
135 int rv = fuzz_file(path, type);
136 if (rv != 0) {
137 return rv;
138 }
139 }
140 return 0;
141 }
142
143 SkOSFile::Iter it(path.c_str());
144 for (SkString file; it.next(&file); ) {
145 SkString p = SkOSPath::Join(path.c_str(), file.c_str());
146 SkDebugf("Fuzzing %s\n", p.c_str());
147 for (int i = 0; i < loopCount; ++i) {
148 int rv = fuzz_file(p, type);
149 if (rv != 0) {
150 return rv;
151 }
152 }
153 }
154 return 0;
155}
fuzz_file
static int fuzz_file(const SkString &path, SkString type)
Definition FuzzMain.cpp:157
sk_isdir
bool sk_isdir(const char *path)
Definition SkOSFile_stdio.cpp:141
CommandLineFlags::Parse
static void Parse(int argc, const char *const *argv)
Definition CommandLineFlags.cpp:215
CommandLineFlags::SetUsage
static void SetUsage(const char *usage)
Definition CommandLineFlags.cpp:143
SkOSPath::Join
static SkString Join(const char *rootPath, const char *relativePath)
Definition SkOSPath.cpp:14
ToolUtils::UsePortableFontMgr
void UsePortableFontMgr()
Definition FontToolUtils.cpp:301
ios_debug_cmd.rv
rv
Definition ios_debug_cmd.py:34

◆ print_api_names()

static void print_api_names ( )
static

Definition at line 432 of file FuzzMain.cpp.

432 {
433 SkDebugf("When using --type api, please choose an API to fuzz with --name/-n:\n");
434 for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) {
435 SkDebugf("\t%s\n", fuzzable.name);
436 }
437}

◆ try_auto_detect()

static SkString try_auto_detect ( const SkString path,
SkString name 
)
static

Definition at line 355 of file FuzzMain.cpp.

355 {
356 std::cmatch m;
357 std::regex clusterfuzz("clusterfuzz-testcase(-minimized)?-([a-z0-9_]+)-[\\d]+");
358 std::regex skiafuzzer("(api-)?(\\w+)-[a-f0-9]+");
359
360 if (std::regex_search(path.c_str(), m, clusterfuzz)) {
361 std::string type = m.str(2);
362
363 if (cf_api_map.find(type) != cf_api_map.end()) {
364 *name = SkString(cf_api_map[type].c_str());
365 return SkString("api");
366 } else {
367 if (cf_map.find(type) != cf_map.end()) {
368 return SkString(cf_map[type].c_str());
369 }
370 }
371 } else if (std::regex_search(path.c_str(), m, skiafuzzer)) {
372 std::string a1 = m.str(1);
373 std::string typeOrName = m.str(2);
374 if (a1.length() > 0) {
375 // it's an api fuzzer
376 *name = SkString(typeOrName.c_str());
377 return SkString("api");
378 } else {
379 return SkString(typeOrName.c_str());
380 }
381 }
382
383 return SkString();
384}
cf_map
static std::map< std::string, std::string > cf_map
Definition FuzzMain.cpp:326
cf_api_map
static std::map< std::string, std::string > cf_api_map
Definition FuzzMain.cpp:301
dart_profiler_symbols.m
m
Definition dart_profiler_symbols.py:64

Variable Documentation

◆ cf_api_map

std::map<std::string, std::string> cf_api_map
static
Initial value:
= {
{"api_create_ddl", "CreateDDL"},
{"api_draw_functions", "DrawFunctions"},
{"api_ddl_threading", "DDLThreadingGL"},
{"api_gradients", "Gradients"},
{"api_image_filter", "ImageFilter"},
{"api_mock_gpu_canvas", "MockGPUCanvas"},
{"api_null_canvas", "NullCanvas"},
{"api_path_measure", "PathMeasure"},
{"api_pathop", "Pathop"},
{"api_polyutils", "PolyUtils"},
{"api_raster_n32_canvas", "RasterN32Canvas"},
{"api_skparagraph", "SkParagraph"},
{"api_svg_canvas", "SVGCanvas"},
{"cubic_quad_roots", "CubicQuadRoots"},
{"jpeg_encoder", "JPEGEncoder"},
{"png_encoder", "PNGEncoder"},
{"skia_pathop_fuzzer", "LegacyChromiumPathop"},
{"webp_encoder", "WEBPEncoder"}
}

Definition at line 301 of file FuzzMain.cpp.

301 {
302 {"api_create_ddl", "CreateDDL"},
303 {"api_draw_functions", "DrawFunctions"},
304 {"api_ddl_threading", "DDLThreadingGL"},
305 {"api_gradients", "Gradients"},
306 {"api_image_filter", "ImageFilter"},
307 {"api_mock_gpu_canvas", "MockGPUCanvas"},
308 {"api_null_canvas", "NullCanvas"},
309 {"api_path_measure", "PathMeasure"},
310 {"api_pathop", "Pathop"},
311 {"api_polyutils", "PolyUtils"},
312#if defined(SK_GRAPHITE) && defined(SK_ENABLE_PRECOMPILE)
313 {"api_precompile", "Precompile"},
314#endif
315 {"api_raster_n32_canvas", "RasterN32Canvas"},
316 {"api_skparagraph", "SkParagraph"},
317 {"api_svg_canvas", "SVGCanvas"},
318 {"cubic_quad_roots", "CubicQuadRoots"},
319 {"jpeg_encoder", "JPEGEncoder"},
320 {"png_encoder", "PNGEncoder"},
321 {"skia_pathop_fuzzer", "LegacyChromiumPathop"},
322 {"webp_encoder", "WEBPEncoder"}
323};

◆ cf_map

std::map<std::string, std::string> cf_map
static
Initial value:
= {
{"android_codec", "android_codec"},
{"animated_image_decode", "animated_image_decode"},
{"colrv1", "colrv1"},
{"image_decode", "image_decode"},
{"image_decode_incremental", "image_decode_incremental"},
{"image_filter_deserialize", "filter_fuzz"},
{"image_filter_deserialize_width", "filter_fuzz"},
{"path_deserialize", "path_deserialize"},
{"region_deserialize", "region_deserialize"},
{"region_set_path", "region_set_path"},
{"skdescriptor_deserialize", "skdescriptor_deserialize"},
{"skjson", "json"},
{"skmeshspecification", "skmeshspecification"},
{"skp", "skp"},
{"skruntimeeffect", "skruntimeeffect"},
{"sksl2glsl", "sksl2glsl"},
{"sksl2metal", "sksl2metal"},
{"sksl2spirv", "sksl2spirv"},
{"sksl2pipeline", "sksl2pipeline"},
{"textblob_deserialize", "textblob"}
}

Definition at line 326 of file FuzzMain.cpp.

326 {
327 {"android_codec", "android_codec"},
328 {"animated_image_decode", "animated_image_decode"},
329 {"colrv1", "colrv1"},
330 {"image_decode", "image_decode"},
331 {"image_decode_incremental", "image_decode_incremental"},
332 {"image_filter_deserialize", "filter_fuzz"},
333 {"image_filter_deserialize_width", "filter_fuzz"},
334 {"path_deserialize", "path_deserialize"},
335 {"region_deserialize", "region_deserialize"},
336 {"region_set_path", "region_set_path"},
337 {"skdescriptor_deserialize", "skdescriptor_deserialize"},
338 {"skjson", "json"},
339 {"skmeshspecification", "skmeshspecification"},
340 {"skp", "skp"},
341 {"skruntimeeffect", "skruntimeeffect"},
342 {"sksl2glsl", "sksl2glsl"},
343 {"sksl2metal", "sksl2metal"},
344 {"sksl2spirv", "sksl2spirv"},
345 {"sksl2pipeline", "sksl2pipeline"},
346#if defined(SK_ENABLE_SKOTTIE)
347 {"skottie_json", "skottie_json"},
348#endif
349#if defined(SK_ENABLE_SVG)
350 {"svg_dom", "svg_dom"},
351#endif
352 {"textblob_deserialize", "textblob"}
353};

◆ g_type_message

constexpr char g_type_message[]
staticconstexpr

Definition at line 45 of file FuzzMain.cpp.

Generated on Fri Apr 26 2024 06:18:34 for Flutter Engine by doxygen 1.9.8