Flutter Engine
The Flutter Engine
Functions | Variables
FuzzMain.cpp File Reference
#include "fuzz/Fuzz.h"
#include "include/codec/SkCodec.h"
#include "include/core/SkBitmap.h"
#include "include/core/SkCanvas.h"
#include "include/core/SkData.h"
#include "include/core/SkFontMgr.h"
#include "include/core/SkImage.h"
#include "include/core/SkMallocPixelRef.h"
#include "include/core/SkPaint.h"
#include "include/core/SkPath.h"
#include "include/core/SkStream.h"
#include "include/core/SkSurface.h"
#include "include/core/SkTextBlob.h"
#include "include/encode/SkPngEncoder.h"
#include "src/core/SkOSFile.h"
#include "src/core/SkReadBuffer.h"
#include "src/utils/SkOSPath.h"
#include "tools/ToolUtils.h"
#include "tools/flags/CommandLineFlags.h"
#include "tools/fonts/FontToolUtils.h"
#include <iostream>
#include <map>
#include <regex>
#include <signal.h>

Go to the source code of this file.

Functions

static DEFINE_string2 (bytes, b, "", "A path to a file or a directory. If a file, the " "contents will be used as the fuzz bytes. If a directory, all files " "in the directory will be used as fuzz bytes for the fuzzer, one at a " "time.")
 
static DEFINE_string2 (name, n, "", "If --type is 'api', fuzz the API with this name.")
 
static DEFINE_string2 (dump, d, "", "If not empty, dump 'image*' or 'skp' types as a " "PNG with this name.")
 
static DEFINE_int (loops, 1, "Run the fuzzer on each input this many times.")
 
 DEFINE_bool2 (verbose, v, false, "Print more information while fuzzing.")
 
static DEFINE_string2 (type, t, "", g_type_message)
 
static int fuzz_file (const SkString &path, SkString type)
 
static uint8_t calculate_option (SkData *)
 
static SkString try_auto_detect (const SkString &path, SkString *name)
 
static void fuzz_android_codec (const sk_sp< SkData > &)
 
static void fuzz_animated_img (const sk_sp< SkData > &)
 
static void fuzz_api (const sk_sp< SkData > &, const SkString &name)
 
static void fuzz_color_deserialize (const sk_sp< SkData > &)
 
static void fuzz_colrv1 (const sk_sp< SkData > &)
 
static void fuzz_filter_fuzz (const sk_sp< SkData > &)
 
static void fuzz_image_decode (const sk_sp< SkData > &)
 
static void fuzz_image_decode_incremental (const sk_sp< SkData > &)
 
static void fuzz_img (const sk_sp< SkData > &, uint8_t, uint8_t)
 
static void fuzz_json (const sk_sp< SkData > &)
 
static void fuzz_parse_path (const sk_sp< SkData > &)
 
static void fuzz_path_deserialize (const sk_sp< SkData > &)
 
static void fuzz_region_deserialize (const sk_sp< SkData > &)
 
static void fuzz_region_set_path (const sk_sp< SkData > &)
 
static void fuzz_skdescriptor_deserialize (const sk_sp< SkData > &)
 
static void fuzz_skmeshspecification (const sk_sp< SkData > &)
 
static void fuzz_skp (const sk_sp< SkData > &)
 
static void fuzz_skruntimeblender (const sk_sp< SkData > &)
 
static void fuzz_skruntimecolorfilter (const sk_sp< SkData > &)
 
static void fuzz_skruntimeeffect (const sk_sp< SkData > &)
 
static void fuzz_sksl2glsl (const sk_sp< SkData > &)
 
static void fuzz_sksl2metal (const sk_sp< SkData > &)
 
static void fuzz_sksl2pipeline (const sk_sp< SkData > &)
 
static void fuzz_sksl2spirv (const sk_sp< SkData > &)
 
static void fuzz_sksl2wgsl (const sk_sp< SkData > &)
 
static void fuzz_textblob_deserialize (const sk_sp< SkData > &)
 
static void print_api_names ()
 
int main (int argc, char **argv)
 
void FuzzJSON (const uint8_t *data, size_t size)
 
void FuzzCOLRv1 (const uint8_t *data, size_t size)
 
static void dump_png (const SkBitmap &bitmap)
 
bool FuzzAnimatedImage (const uint8_t *data, size_t size)
 
bool FuzzImageDecode (const uint8_t *data, size_t size)
 
bool FuzzIncrementalImageDecode (const uint8_t *data, size_t size)
 
bool FuzzAndroidCodec (const uint8_t *fuzzData, size_t fuzzSize, uint8_t sampleSize)
 
void FuzzSKP (const uint8_t *data, size_t size)
 
void FuzzColorspace (const uint8_t *data, size_t size)
 
void FuzzParsePath (const uint8_t *data, size_t size)
 
void FuzzPathDeserialize (const uint8_t *data, size_t size)
 
bool FuzzRegionDeserialize (const uint8_t *data, size_t size)
 
void FuzzTextBlobDeserialize (const uint8_t *data, size_t size)
 
void FuzzRegionSetPath (Fuzz *fuzz)
 
void FuzzImageFilterDeserialize (const uint8_t *data, size_t size)
 
void FuzzSkMeshSpecification (const uint8_t *fuzzData, size_t fuzzSize)
 
bool FuzzSkRuntimeBlender (const uint8_t *data, size_t size)
 
bool FuzzSkRuntimeColorFilter (const uint8_t *data, size_t size)
 
bool FuzzSkRuntimeEffect (const uint8_t *data, size_t size)
 
bool FuzzSKSL2GLSL (const uint8_t *data, size_t size)
 
bool FuzzSKSL2Metal (const uint8_t *data, size_t size)
 
bool FuzzSKSL2Pipeline (const uint8_t *data, size_t size)
 
bool FuzzSKSL2SPIRV (const uint8_t *data, size_t size)
 
bool FuzzSKSL2WGSL (const uint8_t *data, size_t size)
 
void FuzzSkDescriptorDeserialize (const uint8_t *data, size_t size)
 

Variables

static constexpr char g_type_message []
 
static std::map< std::string, std::string > cf_api_map
 
static std::map< std::string, std::string > cf_map
 

Function Documentation

◆ calculate_option()

static uint8_t calculate_option ( SkData bytes)
static

Definition at line 428 of file FuzzMain.cpp.

428 {
429 uint8_t total = 0;
430 const uint8_t* data = bytes->bytes();
431 for (size_t i = 0; i < 1024 && i < bytes->size(); i++) {
432 total += data[i];
433 }
434 return total;
435}
SkData::bytes
const uint8_t * bytes() const
Definition: SkData.h:43
SkData::size
size_t size() const
Definition: SkData.h:30
i
int i
Definition: fl_socket_accessible.cc:18
data
std::shared_ptr< const fml::Mapping > data
Definition: texture_gles.cc:63

◆ DEFINE_bool2()

DEFINE_bool2 ( verbose  ,
,
false  ,
"Print more information while fuzzing."   
)

◆ DEFINE_int()

static DEFINE_int ( loops  ,
,
"Run the fuzzer on each input this many times."   
)
static

◆ DEFINE_string2() [1/4]

static DEFINE_string2 ( bytes  ,
b  ,
""  ,
"A path to a file or a directory. If a  file,
the " "contents will be used as the fuzz bytes. If a  directory,
all files " "in the directory will be used as fuzz bytes for the  fuzzer,
one at a " "time."   
)
static

◆ DEFINE_string2() [2/4]

static DEFINE_string2 ( dump  ,
d  ,
""  ,
"If not  empty,
dump 'image *' or 'skp' types as a " "PNG with this name."   
)
static

◆ DEFINE_string2() [3/4]

static DEFINE_string2 ( name  ,
,
""  ,
"If --type is 'api'  ,
fuzz the API with this name."   
)
static

◆ DEFINE_string2() [4/4]

static DEFINE_string2 ( type  ,
,
""  ,
g_type_message   
)
static

◆ dump_png()

static void dump_png ( const SkBitmap bitmap)
static

Definition at line 458 of file FuzzMain.cpp.

458 {
459 if (!FLAGS_dump.isEmpty()) {
460 SkFILEWStream file(FLAGS_dump[0]);
461 SkPngEncoder::Encode(&file, bitmap.pixmap(), {});
462 SkDebugf("Dumped to %s\n", FLAGS_dump[0]);
463 }
464}
SkDebugf
void SK_SPI SkDebugf(const char format[],...) SK_PRINTF_LIKE(1
SkPngEncoder::Encode
SK_API bool Encode(SkWStream *dst, const SkPixmap &src, const Options &options)
Definition: SkPngEncoder_none.cpp:20
bitmap
Definition: bitmap.py:1
protoc_wrapper.file
file
Definition: protoc_wrapper.py:226

◆ fuzz_android_codec()

static void fuzz_android_codec ( const sk_sp< SkData > &  data)
static

Definition at line 498 of file FuzzMain.cpp.

498 {
499 Fuzz fuzz(data->bytes(), data->size());
500 uint8_t sampleSize;
501 fuzz.nextRange(&sampleSize, 1, 64);
502 if (FuzzAndroidCodec(fuzz.remainingData(), fuzz.remainingSize(), sampleSize)) {
503 SkDebugf("[terminated] Success on Android Codec sampleSize=%u!\n", sampleSize);
504 return;
505 }
506 SkDebugf("[terminated] Could not use Android Codec sampleSize=%u!\n", sampleSize);
507}
FuzzAndroidCodec
bool FuzzAndroidCodec(const uint8_t *fuzzData, size_t fuzzSize, uint8_t sampleSize)
Definition: FuzzAndroidCodec.cpp:17
Fuzz
Definition: Fuzz.h:24

◆ fuzz_animated_img()

static void fuzz_animated_img ( const sk_sp< SkData > &  data)
static

Definition at line 468 of file FuzzMain.cpp.

468 {
469 if (FuzzAnimatedImage(data->bytes(), data->size())) {
470 SkDebugf("[terminated] Success from decoding/drawing animated image!\n");
471 return;
472 }
473 SkDebugf("[terminated] Could not decode or draw animated image.\n");
474}
FuzzAnimatedImage
bool FuzzAnimatedImage(const uint8_t *data, size_t size)
Definition: FuzzAnimatedImage.cpp:14

◆ fuzz_api()

static void fuzz_api ( const sk_sp< SkData > &  data,
const SkString name 
)
static

Definition at line 444 of file FuzzMain.cpp.

444 {
445 for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) {
446 if (name.equals(fuzzable.name)) {
447 SkDebugf("Fuzzing %s...\n", fuzzable.name);
448 Fuzz fuzz(data->bytes(), data->size());
449 fuzzable.fn(&fuzz);
450 SkDebugf("[terminated] Success!\n");
451 return;
452 }
453 }
454
455 print_api_names();
456}
print_api_names
static void print_api_names()
Definition: FuzzMain.cpp:437
flutter::name
DEF_SWITCHES_START aot vmservice shared library name
Definition: switches.h:32
Fuzzable
Definition: Fuzz.h:150
sk_tools::Registry::Range
Definition: Registry.h:35

◆ fuzz_color_deserialize()

static void fuzz_color_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 757 of file FuzzMain.cpp.

757 {
758 FuzzColorspace(data->bytes(), data->size());
759 SkDebugf("[terminated] Finished SkColorspace\n");
760}
FuzzColorspace
void FuzzColorspace(const uint8_t *data, size_t size)
Definition: FuzzColorspace.cpp:13

◆ fuzz_colrv1()

static void fuzz_colrv1 ( const sk_sp< SkData > &  data)
static

Definition at line 418 of file FuzzMain.cpp.

418 {
419 FuzzCOLRv1(data->bytes(), data->size());
420 SkDebugf("[terminated] Done COLRv1!\n");
421}
FuzzCOLRv1
void FuzzCOLRv1(const uint8_t *data, size_t size)
Definition: FuzzCOLRv1.cpp:19

◆ fuzz_file()

static int fuzz_file ( const SkString path,
SkString  type 
)
static

Definition at line 158 of file FuzzMain.cpp.

158 {
159 sk_sp<SkData> bytes(SkData::MakeFromFileName(path.c_str()));
160 if (!bytes) {
161 SkDebugf("Could not read %s\n", path.c_str());
162 return 1;
163 }
164
165 SkString name = SkString(FLAGS_name.isEmpty() ? "" : FLAGS_name[0]);
166
167 if (type.isEmpty()) {
168 type = try_auto_detect(path, &name);
169 }
170
171 if (type.isEmpty()) {
172 SkDebugf("Could not autodetect type of %s\n", path.c_str());
173 return 1;
174 }
175 if (type.equals("android_codec")) {
176 fuzz_android_codec(std::move(bytes));
177 return 0;
178 }
179 if (type.equals("animated_image_decode")) {
180 fuzz_animated_img(std::move(bytes));
181 return 0;
182 }
183 if (type.equals("api")) {
184 fuzz_api(bytes, name);
185 return 0;
186 }
187 if (type.equals("color_deserialize")) {
188 fuzz_color_deserialize(std::move(bytes));
189 return 0;
190 }
191 if (type.equals("colrv1")) {
192 fuzz_colrv1(std::move(bytes));
193 return 0;
194 }
195 if (type.equals("filter_fuzz")) {
196 fuzz_filter_fuzz(std::move(bytes));
197 return 0;
198 }
199 if (type.equals("image_decode")) {
200 fuzz_image_decode(std::move(bytes));
201 return 0;
202 }
203 if (type.equals("image_decode_incremental")) {
204 fuzz_image_decode_incremental(std::move(bytes));
205 return 0;
206 }
207 if (type.equals("image_scale")) {
208 uint8_t option = calculate_option(bytes.get());
209 fuzz_img(std::move(bytes), option, 0);
210 return 0;
211 }
212 if (type.equals("image_mode")) {
213 uint8_t option = calculate_option(bytes.get());
214 fuzz_img(std::move(bytes), 0, option);
215 return 0;
216 }
217 if (type.equals("json")) {
218 fuzz_json(std::move(bytes));
219 return 0;
220 }
221 if (type.equals("parse_path")) {
222 fuzz_parse_path(std::move(bytes));
223 return 0;
224 }
225 if (type.equals("path_deserialize")) {
226 fuzz_path_deserialize(std::move(bytes));
227 return 0;
228 }
229 if (type.equals("region_deserialize")) {
230 fuzz_region_deserialize(std::move(bytes));
231 return 0;
232 }
233 if (type.equals("region_set_path")) {
234 fuzz_region_set_path(std::move(bytes));
235 return 0;
236 }
237 if (type.equals("pipe")) {
238 SkDebugf("I would prefer not to.\n");
239 return 0;
240 }
241 if (type.equals("skdescriptor_deserialize")) {
242 fuzz_skdescriptor_deserialize(std::move(bytes));
243 return 0;
244 }
245#if defined(SK_ENABLE_SKOTTIE)
246 if (type.equals("skottie_json")) {
247 fuzz_skottie_json(std::move(bytes));
248 return 0;
249 }
250#endif
251 if (type.equals("skmeshspecification")) {
252 fuzz_skmeshspecification(std::move(bytes));
253 return 0;
254 }
255 if (type.equals("skp")) {
256 fuzz_skp(std::move(bytes));
257 return 0;
258 }
259 if (type.equals("skruntimeblender")) {
260 fuzz_skruntimeblender(std::move(bytes));
261 return 0;
262 }
263 if (type.equals("skruntimecolorfilter")) {
264 fuzz_skruntimecolorfilter(std::move(bytes));
265 return 0;
266 }
267 if (type.equals("skruntimeeffect")) {
268 fuzz_skruntimeeffect(std::move(bytes));
269 return 0;
270 }
271 if (type.equals("sksl2glsl")) {
272 fuzz_sksl2glsl(std::move(bytes));
273 return 0;
274 }
275 if (type.equals("sksl2metal")) {
276 fuzz_sksl2metal(std::move(bytes));
277 return 0;
278 }
279 if (type.equals("sksl2pipeline")) {
280 fuzz_sksl2pipeline(std::move(bytes));
281 return 0;
282 }
283 if (type.equals("sksl2spirv")) {
284 fuzz_sksl2spirv(std::move(bytes));
285 return 0;
286 }
287 if (type.equals("sksl2wgsl")) {
288 fuzz_sksl2wgsl(std::move(bytes));
289 return 0;
290 }
291#if defined(SK_ENABLE_SVG)
292 if (type.equals("svg_dom")) {
293 fuzz_svg_dom(std::move(bytes));
294 return 0;
295 }
296#endif
297 if (type.equals("textblob")) {
298 fuzz_textblob_deserialize(std::move(bytes));
299 return 0;
300 }
301 SkDebugf("Unknown type %s\n", type.c_str());
302 CommandLineFlags::PrintUsage();
303 return 1;
304}
fuzz_path_deserialize
static void fuzz_path_deserialize(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:771
fuzz_sksl2pipeline
static void fuzz_sksl2pipeline(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:867
fuzz_colrv1
static void fuzz_colrv1(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:418
fuzz_textblob_deserialize
static void fuzz_textblob_deserialize(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:788
fuzz_skp
static void fuzz_skp(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:750
fuzz_sksl2wgsl
static void fuzz_sksl2wgsl(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:887
fuzz_sksl2glsl
static void fuzz_sksl2glsl(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:847
try_auto_detect
static SkString try_auto_detect(const SkString &path, SkString *name)
Definition: FuzzMain.cpp:360
fuzz_color_deserialize
static void fuzz_color_deserialize(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:757
fuzz_img
static void fuzz_img(const sk_sp< SkData > &, uint8_t, uint8_t)
Definition: FuzzMain.cpp:512
fuzz_skruntimeblender
static void fuzz_skruntimeblender(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:817
fuzz_parse_path
static void fuzz_parse_path(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:764
fuzz_skruntimeeffect
static void fuzz_skruntimeeffect(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:837
fuzz_filter_fuzz
static void fuzz_filter_fuzz(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:803
fuzz_json
static void fuzz_json(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:393
fuzz_sksl2metal
static void fuzz_sksl2metal(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:857
fuzz_android_codec
static void fuzz_android_codec(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:498
fuzz_skmeshspecification
static void fuzz_skmeshspecification(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:810
fuzz_api
static void fuzz_api(const sk_sp< SkData > &, const SkString &name)
Definition: FuzzMain.cpp:444
fuzz_skdescriptor_deserialize
static void fuzz_skdescriptor_deserialize(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:897
calculate_option
static uint8_t calculate_option(SkData *)
Definition: FuzzMain.cpp:428
fuzz_region_deserialize
static void fuzz_region_deserialize(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:778
fuzz_animated_img
static void fuzz_animated_img(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:468
fuzz_image_decode
static void fuzz_image_decode(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:478
fuzz_sksl2spirv
static void fuzz_sksl2spirv(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:877
fuzz_skruntimecolorfilter
static void fuzz_skruntimecolorfilter(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:827
fuzz_image_decode_incremental
static void fuzz_image_decode_incremental(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:488
fuzz_region_set_path
static void fuzz_region_set_path(const sk_sp< SkData > &)
Definition: FuzzMain.cpp:795
type
GLenum type
Definition: blit_command_gles.cc:126
CommandLineFlags::PrintUsage
static void PrintUsage()
Definition: CommandLineFlags.cpp:145
SkData::MakeFromFileName
static sk_sp< SkData > MakeFromFileName(const char path[])
Definition: SkData.cpp:148
sk_sp< SkData >
flutter::path
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot The VM snapshot data that will be memory mapped as read only SnapshotAssetPath must be present isolate snapshot The isolate snapshot data that will be memory mapped as read only SnapshotAssetPath must be present cache dir path
Definition: switches.h:57

◆ fuzz_filter_fuzz()

static void fuzz_filter_fuzz ( const sk_sp< SkData > &  data)
static

Definition at line 803 of file FuzzMain.cpp.

803 {
804 FuzzImageFilterDeserialize(data->bytes(), data->size());
805 SkDebugf("[terminated] filter_fuzz didn't crash!\n");
806}
FuzzImageFilterDeserialize
void FuzzImageFilterDeserialize(const uint8_t *data, size_t size)
Definition: FuzzImageFilterDeserialize.cpp:16

◆ fuzz_image_decode()

static void fuzz_image_decode ( const sk_sp< SkData > &  data)
static

Definition at line 478 of file FuzzMain.cpp.

478 {
479 if (FuzzImageDecode(data->bytes(), data->size())) {
480 SkDebugf("[terminated] Success from decoding/drawing image!\n");
481 return;
482 }
483 SkDebugf("[terminated] Could not decode or draw image.\n");
484}
FuzzImageDecode
bool FuzzImageDecode(const uint8_t *data, size_t size)
Definition: FuzzImage.cpp:14

◆ fuzz_image_decode_incremental()

static void fuzz_image_decode_incremental ( const sk_sp< SkData > &  data)
static

Definition at line 488 of file FuzzMain.cpp.

488 {
489 if (FuzzIncrementalImageDecode(data->bytes(), data->size())) {
490 SkDebugf("[terminated] Success using incremental decode!\n");
491 return;
492 }
493 SkDebugf("[terminated] Could not incrementally decode and image.\n");
494}
FuzzIncrementalImageDecode
bool FuzzIncrementalImageDecode(const uint8_t *data, size_t size)
Definition: FuzzIncrementalImage.cpp:13

◆ fuzz_img()

static void fuzz_img ( const sk_sp< SkData > &  bytes,
uint8_t  scale,
uint8_t  mode 
)
static

Definition at line 512 of file FuzzMain.cpp.

512 {
513 // We can scale 1x, 2x, 4x, 8x, 16x
514 scale = scale % 5;
515 float fscale = (float)pow(2.0f, scale);
516 SkDebugf("Scaling factor: %f\n", fscale);
517
518 // We have 5 different modes of decoding.
519 mode = mode % 5;
520 SkDebugf("Mode: %d\n", mode);
521
522 // This is mostly copied from DMSrcSink's CodecSrc::draw method.
523 SkDebugf("Decoding\n");
524 std::unique_ptr<SkCodec> codec(SkCodec::MakeFromData(bytes));
525 if (nullptr == codec) {
526 SkDebugf("[terminated] Couldn't create codec.\n");
527 return;
528 }
529
530 SkImageInfo decodeInfo = codec->getInfo();
531 SkISize size = codec->getScaledDimensions(fscale);
532 decodeInfo = decodeInfo.makeDimensions(size);
533
534 SkBitmap bitmap;
535 SkCodec::Options options;
536 options.fZeroInitialized = SkCodec::kYes_ZeroInitialized;
537
538 if (!bitmap.tryAllocPixelsFlags(decodeInfo, SkBitmap::kZeroPixels_AllocFlag)) {
539 SkDebugf("[terminated] Could not allocate memory. Image might be too large (%d x %d)",
540 decodeInfo.width(), decodeInfo.height());
541 return;
542 }
543
544 switch (mode) {
545 case 0: {//kCodecZeroInit_Mode, kCodec_Mode
546 switch (codec->getPixels(decodeInfo, bitmap.getPixels(), bitmap.rowBytes(), &options)) {
547 case SkCodec::kSuccess:
548 SkDebugf("[terminated] Success!\n");
549 break;
550 case SkCodec::kIncompleteInput:
551 SkDebugf("[terminated] Partial Success\n");
552 break;
553 case SkCodec::kErrorInInput:
554 SkDebugf("[terminated] Partial Success with error\n");
555 break;
556 case SkCodec::kInvalidConversion:
557 SkDebugf("Incompatible colortype conversion\n");
558 // Crash to allow afl-fuzz to know this was a bug.
559 raise(SIGSEGV);
560 break;
561 default:
562 SkDebugf("[terminated] Couldn't getPixels.\n");
563 return;
564 }
565 break;
566 }
567 case 1: {//kScanline_Mode
568 if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)) {
569 SkDebugf("[terminated] Could not start scanline decoder\n");
570 return;
571 }
572
573 void* dst = bitmap.getAddr(0, 0);
574 size_t rowBytes = bitmap.rowBytes();
575 uint32_t height = decodeInfo.height();
576 // We do not need to check the return value. On an incomplete
577 // image, memory will be filled with a default value.
578 codec->getScanlines(dst, height, rowBytes);
579 SkDebugf("[terminated] Success!\n");
580 break;
581 }
582 case 2: { //kStripe_Mode
583 const int height = decodeInfo.height();
584 // This value is chosen arbitrarily. We exercise more cases by choosing a value that
585 // does not align with image blocks.
586 const int stripeHeight = 37;
587 const int numStripes = (height + stripeHeight - 1) / stripeHeight;
588
589 // Decode odd stripes
590 if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)
591 || SkCodec::kTopDown_SkScanlineOrder != codec->getScanlineOrder()) {
592 // This mode was designed to test the new skip scanlines API in libjpeg-turbo.
593 // Jpegs have kTopDown_SkScanlineOrder, and at this time, it is not interesting
594 // to run this test for image types that do not have this scanline ordering.
595 SkDebugf("[terminated] Could not start top-down scanline decoder\n");
596 return;
597 }
598
599 for (int i = 0; i < numStripes; i += 2) {
600 // Skip a stripe
601 const int linesToSkip = std::min(stripeHeight, height - i * stripeHeight);
602 codec->skipScanlines(linesToSkip);
603
604 // Read a stripe
605 const int startY = (i + 1) * stripeHeight;
606 const int linesToRead = std::min(stripeHeight, height - startY);
607 if (linesToRead > 0) {
608 codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes());
609 }
610 }
611
612 // Decode even stripes
613 const SkCodec::Result startResult = codec->startScanlineDecode(decodeInfo);
614 if (SkCodec::kSuccess != startResult) {
615 SkDebugf("[terminated] Failed to restart scanline decoder with same parameters.\n");
616 return;
617 }
618 for (int i = 0; i < numStripes; i += 2) {
619 // Read a stripe
620 const int startY = i * stripeHeight;
621 const int linesToRead = std::min(stripeHeight, height - startY);
622 codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes());
623
624 // Skip a stripe
625 const int linesToSkip = std::min(stripeHeight, height - (i + 1) * stripeHeight);
626 if (linesToSkip > 0) {
627 codec->skipScanlines(linesToSkip);
628 }
629 }
630 SkDebugf("[terminated] Success!\n");
631 break;
632 }
633 case 3: { //kSubset_Mode
634 // Arbitrarily choose a divisor.
635 int divisor = 2;
636 // Total width/height of the image.
637 const int W = codec->getInfo().width();
638 const int H = codec->getInfo().height();
639 if (divisor > W || divisor > H) {
640 SkDebugf("[terminated] Cannot codec subset: divisor %d is too big "
641 "with dimensions (%d x %d)\n", divisor, W, H);
642 return;
643 }
644 // subset dimensions
645 // SkWebpCodec, the only one that supports subsets, requires even top/left boundaries.
646 const int w = SkAlign2(W / divisor);
647 const int h = SkAlign2(H / divisor);
648 SkIRect subset;
649 SkCodec::Options opts;
650 opts.fSubset = &subset;
651 SkBitmap subsetBm;
652 // We will reuse pixel memory from bitmap.
653 void* pixels = bitmap.getPixels();
654 for (int x = 0; x < W; x += w) {
655 for (int y = 0; y < H; y+= h) {
656 // Do not make the subset go off the edge of the image.
657 const int preScaleW = std::min(w, W - x);
658 const int preScaleH = std::min(h, H - y);
659 subset.setXYWH(x, y, preScaleW, preScaleH);
660 // And fscale
661 // FIXME: Should we have a version of getScaledDimensions that takes a subset
662 // into account?
663 decodeInfo = decodeInfo.makeWH(
664 std::max(1, SkScalarRoundToInt(preScaleW * fscale)),
665 std::max(1, SkScalarRoundToInt(preScaleH * fscale)));
666 size_t rowBytes = decodeInfo.minRowBytes();
667 if (!subsetBm.installPixels(decodeInfo, pixels, rowBytes)) {
668 SkDebugf("[terminated] Could not install pixels.\n");
669 return;
670 }
671 const SkCodec::Result result = codec->getPixels(decodeInfo, pixels, rowBytes,
672 &opts);
673 switch (result) {
674 case SkCodec::kSuccess:
675 case SkCodec::kIncompleteInput:
676 case SkCodec::kErrorInInput:
677 SkDebugf("okay\n");
678 break;
679 case SkCodec::kInvalidConversion:
680 if (0 == (x|y)) {
681 // First subset is okay to return unimplemented.
682 SkDebugf("[terminated] Incompatible colortype conversion\n");
683 return;
684 }
685 // If the first subset succeeded, a later one should not fail.
686 [[fallthrough]];
687 case SkCodec::kUnimplemented:
688 if (0 == (x|y)) {
689 // First subset is okay to return unimplemented.
690 SkDebugf("[terminated] subset codec not supported\n");
691 return;
692 }
693 // If the first subset succeeded, why would a later one fail?
694 [[fallthrough]];
695 default:
696 SkDebugf("[terminated] subset codec failed to decode (%d, %d, %d, %d) "
697 "with dimensions (%d x %d)\t error %d\n",
698 x, y, decodeInfo.width(), decodeInfo.height(),
699 W, H, result);
700 return;
701 }
702 }
703 }
704 SkDebugf("[terminated] Success!\n");
705 break;
706 }
707 case 4: { //kAnimated_Mode
708 std::vector<SkCodec::FrameInfo> frameInfos = codec->getFrameInfo();
709 if (frameInfos.size() == 0) {
710 SkDebugf("[terminated] Not an animated image\n");
711 break;
712 }
713
714 for (size_t i = 0; i < frameInfos.size(); i++) {
715 options.fFrameIndex = i;
716 auto result = codec->startIncrementalDecode(decodeInfo, bitmap.getPixels(),
717 bitmap.rowBytes(), &options);
718 if (SkCodec::kSuccess != result) {
719 SkDebugf("[terminated] failed to start incremental decode "
720 "in frame %zu with error %d\n", i, result);
721 return;
722 }
723
724 result = codec->incrementalDecode();
725 if (result == SkCodec::kIncompleteInput || result == SkCodec::kErrorInInput) {
726 SkDebugf("okay\n");
727 // Frames beyond this one will not decode.
728 break;
729 }
730 if (result == SkCodec::kSuccess) {
731 SkDebugf("okay - decoded frame %zu\n", i);
732 } else {
733 SkDebugf("[terminated] incremental decode failed with "
734 "error %d\n", result);
735 return;
736 }
737 }
738 SkDebugf("[terminated] Success!\n");
739 break;
740 }
741 default:
742 SkDebugf("[terminated] Mode not implemented yet\n");
743 }
744
745 dump_png(bitmap);
746}
options
const char * options
Definition: CommonFlagsConfig.cpp:43
dump_png
static void dump_png(const SkBitmap &bitmap)
Definition: FuzzMain.cpp:458
SkAlign2
static constexpr T SkAlign2(T x)
Definition: SkAlign.h:15
SkScalarRoundToInt
#define SkScalarRoundToInt(x)
Definition: SkScalar.h:37
W
#define W
Definition: aaa.cpp:17
SkBitmap::installPixels
bool installPixels(const SkImageInfo &info, void *pixels, size_t rowBytes, void(*releaseProc)(void *addr, void *context), void *context)
Definition: SkBitmap.cpp:323
SkBitmap::kZeroPixels_AllocFlag
@ kZeroPixels_AllocFlag
zero pixel memory. No effect. This is the default.
Definition: SkBitmap.h:435
SkCodec::MakeFromData
static std::unique_ptr< SkCodec > MakeFromData(sk_sp< SkData >, SkSpan< const SkCodecs::Decoder > decoders, SkPngChunkReader *=nullptr)
Definition: SkCodec.cpp:241
SkCodec::kYes_ZeroInitialized
@ kYes_ZeroInitialized
Definition: SkCodec.h:308
SkCodec::kTopDown_SkScanlineOrder
@ kTopDown_SkScanlineOrder
Definition: SkCodec.h:581
SkCodec::Result
Result
Definition: SkCodec.h:76
SkCodec::kInvalidConversion
@ kInvalidConversion
Definition: SkCodec.h:96
SkCodec::kIncompleteInput
@ kIncompleteInput
Definition: SkCodec.h:84
SkCodec::kUnimplemented
@ kUnimplemented
Definition: SkCodec.h:123
SkCodec::kSuccess
@ kSuccess
Definition: SkCodec.h:80
SkCodec::kErrorInInput
@ kErrorInInput
Definition: SkCodec.h:91
H
#define H
Definition: constant_reader.cc:13
result
GAsyncResult * result
Definition: fl_text_input_plugin.cc:106
max
static float max(float r, float g, float b)
Definition: hsl.cpp:49
min
static float min(float r, float g, float b)
Definition: hsl.cpp:48
y
double y
Definition: mouse-input-test.cc:83
x
double x
Definition: mouse-input-test.cc:82
flutter::mode
it will be possible to load the file into Perfetto s trace viewer disable asset Prevents usage of any non test fonts unless they were explicitly Loaded via prefetched default font Indicates whether the embedding started a prefetch of the default font manager before creating the engine run In non interactive mode
Definition: switches.h:228
flutter::size
it will be possible to load the file into Perfetto s trace viewer disable asset Prevents usage of any non test fonts unless they were explicitly Loaded via prefetched default font Indicates whether the embedding started a prefetch of the default font manager before creating the engine run In non interactive keep the shell running after the Dart script has completed enable serial On low power devices with low core running concurrent GC tasks on threads can cause them to contend with the UI thread which could potentially lead to jank This option turns off all concurrent GC activities domain network JSON encoded network policy per domain This overrides the DisallowInsecureConnections switch Embedder can specify whether to allow or disallow insecure connections at a domain level old gen heap size
Definition: switches.h:259
gn.cp.dst
dst
Definition: cp.py:12
w
SkScalar w
Definition: pictureshadertile.cpp:30
h
SkScalar h
Definition: pictureshadertile.cpp:30
height
int32_t height
Definition: serialization_callbacks.cc:1
scale
const Scalar scale
Definition: stroke_path_geometry.cc:308
H
Definition: SkMD5.cpp:130
SkCodec::Options::fSubset
const SkIRect * fSubset
Definition: SkCodec.h:347
SkIRect
Definition: SkRect.h:32
SkIRect::setXYWH
void setXYWH(int32_t x, int32_t y, int32_t width, int32_t height)
Definition: SkRect.h:268
SkISize
Definition: SkSize.h:16
SkImageInfo::makeWH
SkImageInfo makeWH(int newWidth, int newHeight) const
Definition: SkImageInfo.h:444
SkImageInfo::minRowBytes
size_t minRowBytes() const
Definition: SkImageInfo.h:517
SkImageInfo::makeDimensions
SkImageInfo makeDimensions(SkISize newSize) const
Definition: SkImageInfo.h:454
SkImageInfo::width
int width() const
Definition: SkImageInfo.h:365
SkImageInfo::height
int height() const
Definition: SkImageInfo.h:371

◆ fuzz_json()

static void fuzz_json ( const sk_sp< SkData > &  data)
static

Definition at line 393 of file FuzzMain.cpp.

393 {
394 FuzzJSON(data->bytes(), data->size());
395 SkDebugf("[terminated] Done parsing!\n");
396}
FuzzJSON
void FuzzJSON(const uint8_t *data, size_t size)
Definition: FuzzJSON.cpp:11

◆ fuzz_parse_path()

static void fuzz_parse_path ( const sk_sp< SkData > &  data)
static

Definition at line 764 of file FuzzMain.cpp.

764 {
765 FuzzParsePath(data->bytes(), data->size());
766 SkDebugf("[terminated] parse_path didn't crash!\n");
767}
FuzzParsePath
void FuzzParsePath(const uint8_t *data, size_t size)
Definition: FuzzParsePath.cpp:12

◆ fuzz_path_deserialize()

static void fuzz_path_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 771 of file FuzzMain.cpp.

771 {
772 FuzzPathDeserialize(data->bytes(), data->size());
773 SkDebugf("[terminated] path_deserialize didn't crash!\n");
774}
FuzzPathDeserialize
void FuzzPathDeserialize(const uint8_t *data, size_t size)
Definition: FuzzPathDeserialize.cpp:14

◆ fuzz_region_deserialize()

static void fuzz_region_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 778 of file FuzzMain.cpp.

778 {
779 if (!FuzzRegionDeserialize(data->bytes(), data->size())) {
780 SkDebugf("[terminated] Couldn't initialize SkRegion.\n");
781 return;
782 }
783 SkDebugf("[terminated] Success! Initialized SkRegion.\n");
784}
FuzzRegionDeserialize
bool FuzzRegionDeserialize(const uint8_t *data, size_t size)
Definition: FuzzRegionDeserialize.cpp:14

◆ fuzz_region_set_path()

static void fuzz_region_set_path ( const sk_sp< SkData > &  data)
static

Definition at line 795 of file FuzzMain.cpp.

795 {
796 Fuzz fuzz(data->bytes(), data->size());
797 FuzzRegionSetPath(&fuzz);
798 SkDebugf("[terminated] region_set_path didn't crash!\n");
799}
FuzzRegionSetPath
void FuzzRegionSetPath(Fuzz *fuzz)
Definition: FuzzRegionSetPath.cpp:14

◆ fuzz_skdescriptor_deserialize()

static void fuzz_skdescriptor_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 897 of file FuzzMain.cpp.

897 {
898 FuzzSkDescriptorDeserialize(data->bytes(), data->size());
899 SkDebugf("[terminated] Did not crash while deserializing an SkDescriptor.\n");
900}
FuzzSkDescriptorDeserialize
void FuzzSkDescriptorDeserialize(const uint8_t *data, size_t size)
Definition: FuzzSkDescriptorDeserialize.cpp:11

◆ fuzz_skmeshspecification()

static void fuzz_skmeshspecification ( const sk_sp< SkData > &  data)
static

Definition at line 810 of file FuzzMain.cpp.

810 {
811 FuzzSkMeshSpecification(data->bytes(), data->size());
812 SkDebugf("[terminated] SkMeshSpecification::Make didn't crash!\n");
813}
FuzzSkMeshSpecification
void FuzzSkMeshSpecification(const uint8_t *fuzzData, size_t fuzzSize)
Definition: FuzzSkMeshSpecification.cpp:26

◆ fuzz_skp()

static void fuzz_skp ( const sk_sp< SkData > &  data)
static

Definition at line 750 of file FuzzMain.cpp.

750 {
751 FuzzSKP(data->bytes(), data->size());
752 SkDebugf("[terminated] Finished SKP\n");
753}
FuzzSKP
void FuzzSKP(const uint8_t *data, size_t size)
Definition: FuzzSKP.cpp:15

◆ fuzz_skruntimeblender()

static void fuzz_skruntimeblender ( const sk_sp< SkData > &  data)
static

Definition at line 817 of file FuzzMain.cpp.

817 {
818 if (FuzzSkRuntimeBlender(data->bytes(), data->size())) {
819 SkDebugf("[terminated] Success! Compiled and executed SkSL blender.\n");
820 } else {
821 SkDebugf("[terminated] Could not compile or execute SkSL blender.\n");
822 }
823}
FuzzSkRuntimeBlender
bool FuzzSkRuntimeBlender(const uint8_t *data, size_t size)
Definition: FuzzSkRuntimeBlender.cpp:59

◆ fuzz_skruntimecolorfilter()

static void fuzz_skruntimecolorfilter ( const sk_sp< SkData > &  data)
static

Definition at line 827 of file FuzzMain.cpp.

827 {
828 if (FuzzSkRuntimeColorFilter(data->bytes(), data->size())) {
829 SkDebugf("[terminated] Success! Compiled and executed SkSL color filter.\n");
830 } else {
831 SkDebugf("[terminated] Could not compile or execute SkSL color filter.\n");
832 }
833}
FuzzSkRuntimeColorFilter
bool FuzzSkRuntimeColorFilter(const uint8_t *data, size_t size)
Definition: FuzzSkRuntimeColorFilter.cpp:59

◆ fuzz_skruntimeeffect()

static void fuzz_skruntimeeffect ( const sk_sp< SkData > &  data)
static

Definition at line 837 of file FuzzMain.cpp.

837 {
838 if (FuzzSkRuntimeEffect(data->bytes(), data->size())) {
839 SkDebugf("[terminated] Success! Compiled and executed SkSL shader.\n");
840 } else {
841 SkDebugf("[terminated] Could not compile or execute SkSL shader.\n");
842 }
843}
FuzzSkRuntimeEffect
bool FuzzSkRuntimeEffect(const uint8_t *data, size_t size)
Definition: FuzzSkRuntimeEffect.cpp:58

◆ fuzz_sksl2glsl()

static void fuzz_sksl2glsl ( const sk_sp< SkData > &  data)
static

Definition at line 847 of file FuzzMain.cpp.

847 {
848 if (FuzzSKSL2GLSL(data->bytes(), data->size())) {
849 SkDebugf("[terminated] Success! Compiled input to GLSL.\n");
850 } else {
851 SkDebugf("[terminated] Could not compile input to GLSL.\n");
852 }
853}
FuzzSKSL2GLSL
bool FuzzSKSL2GLSL(const uint8_t *data, size_t size)
Definition: FuzzSKSL2GLSL.cpp:17

◆ fuzz_sksl2metal()

static void fuzz_sksl2metal ( const sk_sp< SkData > &  data)
static

Definition at line 857 of file FuzzMain.cpp.

857 {
858 if (FuzzSKSL2Metal(data->bytes(), data->size())) {
859 SkDebugf("[terminated] Success! Compiled input to Metal.\n");
860 } else {
861 SkDebugf("[terminated] Could not compile input to Metal.\n");
862 }
863}
FuzzSKSL2Metal
bool FuzzSKSL2Metal(const uint8_t *data, size_t size)
Definition: FuzzSKSL2Metal.cpp:17

◆ fuzz_sksl2pipeline()

static void fuzz_sksl2pipeline ( const sk_sp< SkData > &  data)
static

Definition at line 867 of file FuzzMain.cpp.

867 {
868 if (FuzzSKSL2Pipeline(data->bytes(), data->size())) {
869 SkDebugf("[terminated] Success! Compiled input to pipeline stage.\n");
870 } else {
871 SkDebugf("[terminated] Could not compile input to pipeline stage.\n");
872 }
873}
FuzzSKSL2Pipeline
bool FuzzSKSL2Pipeline(const uint8_t *data, size_t size)
Definition: FuzzSKSL2Pipeline.cpp:18

◆ fuzz_sksl2spirv()

static void fuzz_sksl2spirv ( const sk_sp< SkData > &  data)
static

Definition at line 877 of file FuzzMain.cpp.

877 {
878 if (FuzzSKSL2SPIRV(data->bytes(), data->size())) {
879 SkDebugf("[terminated] Success! Compiled input to SPIR-V.\n");
880 } else {
881 SkDebugf("[terminated] Could not compile input to SPIR-V.\n");
882 }
883}
FuzzSKSL2SPIRV
bool FuzzSKSL2SPIRV(const uint8_t *data, size_t size)
Definition: FuzzSKSL2SPIRV.cpp:17

◆ fuzz_sksl2wgsl()

static void fuzz_sksl2wgsl ( const sk_sp< SkData > &  data)
static

Definition at line 887 of file FuzzMain.cpp.

887 {
888 if (FuzzSKSL2WGSL(data->bytes(), data->size())) {
889 SkDebugf("[terminated] Success! Compiled input to WGSL.\n");
890 } else {
891 SkDebugf("[terminated] Could not compile input to WGSL.\n");
892 }
893}
FuzzSKSL2WGSL
bool FuzzSKSL2WGSL(const uint8_t *data, size_t size)
Definition: FuzzSKSL2WGSL.cpp:17

◆ fuzz_textblob_deserialize()

static void fuzz_textblob_deserialize ( const sk_sp< SkData > &  data)
static

Definition at line 788 of file FuzzMain.cpp.

788 {
789 FuzzTextBlobDeserialize(data->bytes(), data->size());
790 SkDebugf("[terminated] textblob didn't crash!\n");
791}
FuzzTextBlobDeserialize
void FuzzTextBlobDeserialize(const uint8_t *data, size_t size)
Definition: FuzzTextBlobDeserialize.cpp:15

◆ FuzzAndroidCodec()

bool FuzzAndroidCodec ( const uint8_t *  fuzzData,
size_t  fuzzSize,
uint8_t  sampleSize 
)

Definition at line 17 of file FuzzAndroidCodec.cpp.

17 {
18 auto codec = SkAndroidCodec::MakeFromStream(SkMemoryStream::MakeDirect(fuzzData, fuzzSize));
19 if (!codec) {
20 return false;
21 }
22
23 auto size = codec->getSampledDimensions(sampleSize);
24 auto info = SkImageInfo::MakeN32Premul(size);
25 SkBitmap bm;
26 if (!bm.tryAllocPixels(info)) {
27 // May fail in memory-constrained fuzzing environments
28 return false;
29 }
30
31 SkAndroidCodec::AndroidOptions options;
32 options.fSampleSize = sampleSize;
33
34 auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options);
35 switch (result) {
36 case SkCodec::kSuccess:
37 case SkCodec::kIncompleteInput:
38 case SkCodec::kErrorInInput:
39 break;
40 default:
41 return false;
42 }
43
44 SkGainmapInfo gainmapInfo;
45 auto gainmapImageStream = std::unique_ptr<SkStream>();
46
47 if (codec->getAndroidGainmap(&gainmapInfo, &gainmapImageStream)) {
48 // Do something with the outputs so the compiler does not optimize the call away.
49 if (!std::isfinite(gainmapInfo.fDisplayRatioSdr)) {
50 return false;
51 }
52 if (gainmapImageStream->getLength() > 100000000) {
53 return false;
54 }
55 }
56
57 auto surface = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(size.width(), size.height()));
58 if (!surface) {
59 // May return nullptr in memory-constrained fuzzing environments
60 return false;
61 }
62
63 surface->getCanvas()->drawImage(bm.asImage(), 0, 0);
64 return true;
65}
info
static void info(const char *fmt,...) SK_PRINTF_LIKE(1
Definition: DM.cpp:213
SkAndroidCodec::MakeFromStream
static std::unique_ptr< SkAndroidCodec > MakeFromStream(std::unique_ptr< SkStream >, SkPngChunkReader *=nullptr)
Definition: SkAndroidCodec.cpp:206
SkBitmap::asImage
sk_sp< SkImage > asImage() const
Definition: SkBitmap.cpp:645
SkBitmap::rowBytes
size_t rowBytes() const
Definition: SkBitmap.h:238
SkBitmap::getPixels
void * getPixels() const
Definition: SkBitmap.h:283
SkBitmap::info
const SkImageInfo & info() const
Definition: SkBitmap.h:139
SkBitmap::tryAllocPixels
bool tryAllocPixels(const SkImageInfo &info, size_t rowBytes)
Definition: SkBitmap.cpp:271
SkMemoryStream::MakeDirect
static std::unique_ptr< SkMemoryStream > MakeDirect(const void *data, size_t length)
Definition: SkStream.cpp:310
surface
VkSurfaceKHR surface
Definition: main.cc:49
SkSurfaces::Raster
SK_API sk_sp< SkSurface > Raster(const SkImageInfo &imageInfo, size_t rowBytes, const SkSurfaceProps *surfaceProps)
Definition: SkSurface_Raster.cpp:186
skvx::isfinite
SINT bool isfinite(const Vec< N, T > &v)
Definition: SkVx.h:1003
SkGainmapInfo::fDisplayRatioSdr
float fDisplayRatioSdr
Definition: SkGainmapInfo.h:65
SkImageInfo::MakeN32Premul
static SkImageInfo MakeN32Premul(int width, int height)
Definition: SkImageInfo.cpp:157

◆ FuzzAnimatedImage()

bool FuzzAnimatedImage ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzAnimatedImage.cpp.

14 {
15 auto codec = SkAndroidCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
16 if (nullptr == codec) {
17 return false;
18 }
19 auto aImg = SkAnimatedImage::Make(std::move(codec));
20 if (nullptr == aImg) {
21 return false;
22 }
23
24 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
25 if (!s) {
26 // May return nullptr in memory-constrained fuzzing environments
27 return false;
28 }
29
30 int escape = 0;
31 while (!aImg->isFinished() && escape < 100) {
32 aImg->draw(s->getCanvas());
33 escape++;
34 aImg->decodeNextFrame();
35 }
36 return true;
37}
SkAnimatedImage::Make
static sk_sp< SkAnimatedImage > Make(std::unique_ptr< SkAndroidCodec >, const SkImageInfo &info, SkIRect cropRect, sk_sp< SkPicture > postProcess)
Definition: SkAnimatedImage.cpp:23
s
struct MyStruct s

◆ FuzzColorspace()

void FuzzColorspace ( const uint8_t *  data,
size_t  size 
)

Definition at line 13 of file FuzzColorspace.cpp.

13 {
14 sk_sp<SkColorSpace> space(SkColorSpace::Deserialize(data, size));
15 if (!space) {
16 return;
17 }
18 // Call some arbitrary methods on the colorspace, using a throw-away
19 // variable to prevent the compiler from optimizing things away.
20 int i = 0;
21 if (space->gammaCloseToSRGB()) {
22 i += 1;
23 }
24 if (space->gammaIsLinear()) {
25 i += 1;
26 }
27 if (space->isSRGB()) {
28 i += 1;
29 }
30 skcms_ICCProfile profile;
31 space->toProfile(&profile);
32 sk_sp<SkColorSpace> space2 = space->makeLinearGamma()->makeSRGBGamma()->makeColorSpin();
33 sk_sp<SkData> data1 = space->serialize();
34 if (SkColorSpace::Equals(space.get(), space2.get()) && i > 5) {
35 SkDebugf("Should never happen %d", (int)data1->size());
36 space2->writeToMemory(nullptr);
37 }
38}
SkColorSpace::makeSRGBGamma
sk_sp< SkColorSpace > makeSRGBGamma() const
Definition: SkColorSpace.cpp:168
SkColorSpace::Equals
static bool Equals(const SkColorSpace *, const SkColorSpace *)
Definition: SkColorSpace.cpp:291
SkColorSpace::makeLinearGamma
sk_sp< SkColorSpace > makeLinearGamma() const
Definition: SkColorSpace.cpp:161
SkColorSpace::makeColorSpin
sk_sp< SkColorSpace > makeColorSpin() const
Definition: SkColorSpace.cpp:175
SkColorSpace::Deserialize
static sk_sp< SkColorSpace > Deserialize(const void *data, size_t length)
Definition: SkColorSpace.cpp:266
SkColorSpace::writeToMemory
size_t writeToMemory(void *memory) const
Definition: SkColorSpace.cpp:246
sk_sp::get
T * get() const
Definition: SkRefCnt.h:303
gn.codesign_ios.profile
profile
Definition: codesign_ios.py:22
skcms_ICCProfile
Definition: skcms_public.h:173

◆ FuzzCOLRv1()

void FuzzCOLRv1 ( const uint8_t *  data,
size_t  size 
)

Definition at line 19 of file FuzzCOLRv1.cpp.

19 {
20 // We do not want the portable fontmgr here, as it does not allow creation of fonts from bytes.
21 sk_sp<SkFontMgr> mgr = ToolUtils::TestFontMgr();
22 std::unique_ptr<SkStreamAsset> stream = SkMemoryStream::MakeDirect(data, size);
23 sk_sp<SkTypeface> typeface = mgr->makeFromStream(std::move(stream), 0);
24
25 if (!typeface) {
26 return;
27 }
28
29 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
30 if (!s) {
31 return;
32 }
33
34 // Place at a baseline in the lower part of the canvas square, but canvas size and baseline
35 // placement are chosen arbitrarily and we just need to cover colrv1 rendering in this
36 // fuzz test.
37 SkFont colrv1Font = SkFont(typeface, 120);
38 SkCanvas* canvas = s->getCanvas();
39 SkPaint paint;
40 int numGlyphs = typeface->countGlyphs();
41
42 for (int i = 0; i < std::min(numGlyphs, 10); ++i) {
43 SkPoint origin = SkPoint::Make(10, 108);
44 SkPoint position = SkPoint::Make(0, 0);
45 SkGlyphID glyphId = i;
46 canvas->drawGlyphs(1, &glyphId, &position, origin, colrv1Font, paint);
47 }
48}
SkGlyphID
uint16_t SkGlyphID
Definition: SkTypes.h:179
SkCanvas::drawGlyphs
void drawGlyphs(int count, const SkGlyphID glyphs[], const SkPoint positions[], const uint32_t clusters[], int textByteCount, const char utf8text[], SkPoint origin, const SkFont &font, const SkPaint &paint)
SkFontMgr::makeFromStream
sk_sp< SkTypeface > makeFromStream(std::unique_ptr< SkStreamAsset >, int ttcIndex=0) const
Definition: SkFontMgr.cpp:127
SkFont
Definition: SkFont.h:35
SkTypeface::countGlyphs
int countGlyphs() const
Definition: SkTypeface.cpp:432
paint
const Paint & paint
Definition: color_source.cc:38
ToolUtils::TestFontMgr
sk_sp< SkFontMgr > TestFontMgr()
Definition: FontToolUtils.cpp:247
dart_profiler_symbols.stream
stream
Definition: dart_profiler_symbols.py:81
SkPoint::Make
static constexpr SkPoint Make(float x, float y)
Definition: SkPoint_impl.h:173

◆ FuzzImageDecode()

bool FuzzImageDecode ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzImage.cpp.

14 {
15 auto img = SkImages::DeferredFromEncodedData(SkData::MakeWithoutCopy(data, size));
16 if (nullptr == img.get()) {
17 return false;
18 }
19
20 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
21 if (!s) {
22 // May return nullptr in memory-constrained fuzzing environments
23 return false;
24 }
25
26 s->getCanvas()->drawImage(img, 0, 0);
27 return true;
28}
SkData::MakeWithoutCopy
static sk_sp< SkData > MakeWithoutCopy(const void *data, size_t length)
Definition: SkData.h:116
SkImages::DeferredFromEncodedData
SK_API sk_sp< SkImage > DeferredFromEncodedData(sk_sp< SkData > encoded, std::optional< SkAlphaType > alphaType=std::nullopt)
Definition: SkImageGenerator_FromEncoded.cpp:52

◆ FuzzImageFilterDeserialize()

void FuzzImageFilterDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 16 of file FuzzImageFilterDeserialize.cpp.

16 {
17 const int BitmapSize = 24;
18 SkBitmap bitmap;
19 bitmap.allocN32Pixels(BitmapSize, BitmapSize);
20 SkCanvas canvas(bitmap);
21 canvas.clear(0x00000000);
22
23 auto flattenable = SkImageFilter::Deserialize(data, size);
24
25 if (flattenable != nullptr) {
26 // Let's see if using the filters can cause any trouble...
27 SkPaint paint;
28 paint.setImageFilter(flattenable);
29 canvas.save();
30 canvas.clipIRect(bitmap.bounds());
31
32 // This call shouldn't crash or cause ASAN to flag any memory issues
33 // If nothing bad happens within this call, everything is fine
34 canvas.drawImage(bitmap.asImage(), 0, 0, SkSamplingOptions(), &paint);
35
36 canvas.restore();
37 }
38}
SkImageFilter::Deserialize
static sk_sp< SkImageFilter > Deserialize(const void *data, size_t size, const SkDeserialProcs *procs=nullptr)
Definition: SkImageFilter.h:101

◆ FuzzIncrementalImageDecode()

bool FuzzIncrementalImageDecode ( const uint8_t *  data,
size_t  size 
)

Definition at line 13 of file FuzzIncrementalImage.cpp.

13 {
14 auto codec = SkCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
15 if (!codec) {
16 return false;
17 }
18
19 SkBitmap bm;
20 if (!bm.tryAllocPixels(codec->getInfo())) {
21 // May fail in memory-constrained fuzzing environments
22 return false;
23 }
24
25 auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
26 if (result != SkCodec::kSuccess) {
27 return false;
28 }
29
30 // Deliberately uninitialized to verify that incrementalDecode initializes it when it
31 // returns kIncompleteInput or kErrorInInput.
32 int rowsDecoded;
33 result = codec->incrementalDecode(&rowsDecoded);
34 switch (result) {
35 case SkCodec::kIncompleteInput:
36 case SkCodec::kErrorInInput:
37 if (rowsDecoded < bm.height()) {
38 void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
39 sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
40 }
41 return true; // decoded a partial image
42 case SkCodec::kSuccess:
43 return true;
44 default:
45 return false;
46 }
47}
sk_bzero
sk_bzero(glyphs, sizeof(glyphs))
SkBitmap::height
int height() const
Definition: SkBitmap.h:158
SkCodec::MakeFromStream
static std::unique_ptr< SkCodec > MakeFromStream(std::unique_ptr< SkStream >, SkSpan< const SkCodecs::Decoder > decoders, Result *=nullptr, SkPngChunkReader *=nullptr, SelectionPolicy selectionPolicy=SelectionPolicy::kPreferStillImage)
Definition: SkCodec.cpp:163

◆ FuzzJSON()

void FuzzJSON ( const uint8_t *  data,
size_t  size 
)

Definition at line 11 of file FuzzJSON.cpp.

11 {
12 skjson::DOM dom(reinterpret_cast<const char*>(data), size);
13 SkDynamicMemoryWStream wstream;
14 dom.write(&wstream);
15}
dom
Definition: dom.py:1

◆ FuzzParsePath()

void FuzzParsePath ( const uint8_t *  data,
size_t  size 
)

Definition at line 12 of file FuzzParsePath.cpp.

12 {
13 SkPath path;
14 // Put into a SkString first because we are not sure if the input
15 // data is null-terminated or not.
16 SkString input((const char*) data, size);
17 if (SkParsePath::FromSVGString(input.c_str(), &path)) {
18 SkString output1 = SkParsePath::ToSVGString(path, SkParsePath::PathEncoding::Absolute);
19 SkString output2 = SkParsePath::ToSVGString(path, SkParsePath::PathEncoding::Relative);
20 // Do something with the output so it is not optimized away.
21 if (output1.startsWith("Impossible") || output2.startsWith("Impossible")) {
22 SK_ABORT("invalid SVG created");
23 }
24 }
25}
SK_ABORT
#define SK_ABORT(message,...)
Definition: SkAssert.h:70
SkParsePath::ToSVGString
static SkString ToSVGString(const SkPath &, PathEncoding=PathEncoding::Absolute)
Definition: SkParsePath.cpp:246
SkParsePath::FromSVGString
static bool FromSVGString(const char str[], SkPath *)
Definition: SkParsePath.cpp:107
SkPath
Definition: SkPath.h:59
SkString::startsWith
bool startsWith(const char prefixStr[]) const
Definition: SkString.h:140

◆ FuzzPathDeserialize()

void FuzzPathDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzPathDeserialize.cpp.

14 {
15 SkReadBuffer buf(data, size);
16
17 SkPath path;
18 buf.readPath(&path);
19 if (!buf.isValid()) {
20 return;
21 }
22
23 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
24 if (!s) {
25 // May return nullptr in memory-constrained fuzzing environments
26 return;
27 }
28 s->getCanvas()->drawPath(path, SkPaint());
29}

◆ FuzzRegionDeserialize()

bool FuzzRegionDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 14 of file FuzzRegionDeserialize.cpp.

14 {
15 SkRegion region;
16 if (!region.readFromMemory(data, size)) {
17 return false;
18 }
19 region.computeRegionComplexity();
20 region.isComplex();
21 SkRegion r2;
22 if (region == r2) {
23 region.contains(0,0);
24 } else {
25 region.contains(1,1);
26 }
27 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
28 if (!s) {
29 // May return nullptr in memory-constrained fuzzing environments
30 return false;
31 }
32 s->getCanvas()->drawRegion(region, SkPaint());
33 SkDEBUGCODE(SkRegionPriv::Validate(region));
34 return true;
35}
SkDEBUGCODE
SkDEBUGCODE(SK_SPI) SkThreadID SkGetThreadID()
SkRegion::readFromMemory
size_t readFromMemory(const void *buffer, size_t length)
Definition: SkRegion.cpp:1276
SkRegion::contains
bool contains(int32_t x, int32_t y) const
Definition: SkRegion.cpp:364
SkRegion::isComplex
bool isComplex() const
Definition: SkRegion.h:158
SkRegion::computeRegionComplexity
int computeRegionComplexity() const
Definition: SkRegion.cpp:176
SkRecords::region
ClipOpAndAA opAA SkRegion region
Definition: SkRecords.h:238
dart::Validate
void Validate(const Table &table)
Definition: hash_table_test.cc:39

◆ FuzzRegionSetPath()

void FuzzRegionSetPath ( Fuzz fuzz)

Definition at line 14 of file FuzzRegionSetPath.cpp.

14 {
15 SkPath p;
16 FuzzNicePath(fuzz, &p, 1000);
17 SkRegion r1;
18 bool initR1;
19 fuzz->next(&initR1);
20 if (initR1) {
21 fuzz->next(&r1);
22 }
23 SkRegion r2;
24 fuzz->next(&r2);
25
26 r1.setPath(p, r2);
27
28 // Do some follow on computations to make sure region is well-formed.
29 r1.computeRegionComplexity();
30 r1.isComplex();
31 if (r1 == r2) {
32 r1.contains(0,0);
33 } else {
34 r1.contains(1,1);
35 }
36}
FuzzNicePath
void FuzzNicePath(Fuzz *fuzz, SkPath *path, int maxOps)
Definition: FuzzCommon.cpp:37
Fuzz::next
void next(T *t)
Definition: Fuzz.h:64
SkRegion::setPath
bool setPath(const SkPath &path, const SkRegion &clip)
Definition: SkRegion_path.cpp:338
dart_profiler_symbols.p
p
Definition: dart_profiler_symbols.py:55

◆ FuzzSkDescriptorDeserialize()

void FuzzSkDescriptorDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 11 of file FuzzSkDescriptorDeserialize.cpp.

11 {
12 SkReadBuffer buffer{data, size};
13 auto sut = SkAutoDescriptor::MakeFromBuffer(buffer);
14 if (!sut.has_value()) {
15 return;
16 }
17
18 auto desc = sut->getDesc();
19
20 desc->computeChecksum();
21 desc->isValid();
22
23 // An arbitrary number
24 uint32_t tagToFind = 117;
25
26 uint32_t ignore;
27 desc->findEntry(tagToFind, &ignore);
28}
SkAutoDescriptor::MakeFromBuffer
static std::optional< SkAutoDescriptor > MakeFromBuffer(SkReadBuffer &buffer)
Definition: SkDescriptor.cpp:175
flutter::buffer
DEF_SWITCHES_START aot vmservice shared library Name of the *so containing AOT compiled Dart assets for launching the service isolate vm snapshot The VM snapshot data that will be memory mapped as read only SnapshotAssetPath must be present isolate snapshot The isolate snapshot data that will be memory mapped as read only SnapshotAssetPath must be present cache dir Path to the cache directory This is different from the persistent_cache_path in embedder which is used for Skia shader cache icu native lib Path to the library file that exports the ICU data vm service The hostname IP address on which the Dart VM Service should be served If not defaults to or::depending on whether ipv6 is specified vm service A custom Dart VM Service port The default is to pick a randomly available open port disable vm Disable the Dart VM Service The Dart VM Service is never available in release mode disable vm service Disable mDNS Dart VM Service publication Bind to the IPv6 localhost address for the Dart VM Service Ignored if vm service host is set endless trace buffer
Definition: switches.h:126
import_conformance_tests.desc
desc
Definition: import_conformance_tests.py:63

◆ FuzzSkMeshSpecification()

void FuzzSkMeshSpecification ( const uint8_t *  fuzzData,
size_t  fuzzSize 
)

Definition at line 26 of file FuzzSkMeshSpecification.cpp.

26 {
27 using Attribute = SkMeshSpecification::Attribute;
28 using Varying = SkMeshSpecification::Varying;
29
30 SkSpan<const uint8_t> data(fuzzData, fuzzSize);
31 STArray<SkMeshSpecification::kMaxAttributes, Attribute> attributes;
32 STArray<SkMeshSpecification::kMaxVaryings, Varying> varyings;
33 size_t vertexStride;
34 SkString vs, fs;
35
36 auto fuzzByteToASCII = [&](uint8_t c, SkString* str) -> bool {
37 // Most control characters (including \0) and all high ASCII are treated as stop bytes.
38 if ((c >= 32 && c <= 127) || c == '\r' || c == '\n' || c == '\t') {
39 char ascii = c;
40 str->append(&ascii, 1);
41 return true;
42 }
43 return false;
44 };
45
46 auto fuzzByteToSkSL = [&](uint8_t c, SkString* str) -> bool {
47 // In the 0x00 - 0x80 range, treat characters as ASCII.
48 if (c < 128) {
49 return fuzzByteToASCII(c, str);
50 }
51 c -= 128;
52
53 // Dedicate a few bytes to injecting our attribute and varying names.
54 if (c < SkMeshSpecification::kMaxAttributes) {
55 if (!attributes.empty()) {
56 str->append(attributes[c % attributes.size()].name);
57 }
58 return true;
59 }
60 c -= SkMeshSpecification::kMaxAttributes;
61
62 if (c < SkMeshSpecification::kMaxVaryings) {
63 if (!varyings.empty()) {
64 str->append(varyings[c % varyings.size()].name);
65 }
66 return true;
67 }
68 c -= SkMeshSpecification::kMaxVaryings;
69
70 // Replace the remaining high-ASCII bytes with valid SkSL operators and keywords in order to
71 // improve our chances of generating a program. (We omit single-character operators since
72 // single-byte versions of those already exist in the low-ASCII space.)
73 static constexpr std::string_view kSkSLData[] = {
74 " true ",
75 " false ",
76 " if ",
77 " else ",
78 " for ",
79 " while ",
80 " do ",
81 " switch ",
82 " case ",
83 " default ",
84 " break ",
85 " continue ",
86 " discard ",
87 " return ",
88 " in ",
89 " out ",
90 " inout ",
91 " uniform ",
92 " const ",
93 " flat ",
94 " noperspective ",
95 " inline ",
96 " noinline ",
97 " $pure ",
98 " readonly ",
99 " writeonly ",
100 " buffer ",
101 " struct ",
102 " layout ",
103 " highp ",
104 " mediump ",
105 " lowp ",
106 " $es3 ",
107 " $export ",
108 " workgroup ",
109 " << ",
110 " >> ",
111 " && ",
112 " || ",
113 " ^^ ",
114 " == ",
115 " != ",
116 " <= ",
117 " >= ",
118 " += ",
119 " -= ",
120 " *= ",
121 " /= ",
122 " %= ",
123 " <<= ",
124 " >>= ",
125 " &= ",
126 " |= ",
127 " ^= ",
128 " ++ ",
129 " -- ",
130 " //",
131 " /*",
132 "*/ ",
133 " float",
134 " half",
135 " int",
136 " uint",
137 " short",
138 " ushort",
139 " bool",
140 " void",
141 " vec",
142 " ivec",
143 " bvec",
144 " mat",
145 " Attributes ",
146 " Varyings ",
147 };
148
149 c %= std::size(kSkSLData);
150 str->append(kSkSLData[c]);
151 return true;
152 };
153
154 // Pick a vertex stride; intentionally allow some bad values through.
155 vertexStride = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
156
157 while (!data.empty()) {
158 uint8_t control = extract<uint8_t>(data) % 4;
159 // A control code with no payload can be ignored.
160 if (data.empty()) {
161 break;
162 }
163 switch (control) {
164 case 0: {
165 // Add an attribute.
166 Attribute& a = attributes.push_back();
167 a.type = (Attribute::Type)(extract<uint8_t>(data) %
168 ((int)Attribute::Type::kLast + 1));
169 a.offset = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
170 while (uint8_t c = extract<char>(data)) {
171 if (!fuzzByteToASCII(c, &a.name)) {
172 break;
173 }
174 }
175 break;
176 }
177 case 1: {
178 // Add a varying.
179 Varying& v = varyings.push_back();
180 v.type = (Varying::Type)(extract<uint8_t>(data) % ((int)Varying::Type::kLast + 1));
181 while (uint8_t c = extract<char>(data)) {
182 if (!fuzzByteToASCII(c, &v.name)) {
183 break;
184 }
185 }
186 break;
187 }
188 case 2: {
189 // Convert the following data into SkSL and add it into the vertex program.
190 while (uint8_t c = extract<char>(data)) {
191 if (!fuzzByteToSkSL(c, &vs)) {
192 break;
193 }
194 }
195 break;
196 }
197 case 3: {
198 // Convert the following data into SkSL and add it into the fragment program.
199 while (uint8_t c = extract<char>(data)) {
200 if (!fuzzByteToSkSL(c, &fs)) {
201 break;
202 }
203 }
204 break;
205 }
206 }
207 }
208
209 auto result = SkMeshSpecification::Make(attributes, vertexStride, varyings, vs, fs);
210 if (result.error.isEmpty()) {
211 // TODO: synthesize a mesh with this specification and paint it.
212 printf("----\n%s\n----\n\n----\n%s\n----\n\n\n", vs.c_str(), fs.c_str());
213 }
214}
Attribute
SkMeshSpecification::Attribute Attribute
Definition: SkMesh.cpp:54
Varying
SkMeshSpecification::Varying Varying
Definition: SkMesh.cpp:55
SkMeshSpecification::kMaxVaryings
static constexpr size_t kMaxVaryings
Definition: SkMesh.h:72
SkMeshSpecification::kMaxAttributes
static constexpr size_t kMaxAttributes
Definition: SkMesh.h:69
SkMeshSpecification::kMaxStride
static constexpr size_t kMaxStride
Definition: SkMesh.h:68
SkMeshSpecification::Make
static Result Make(SkSpan< const Attribute > attributes, size_t vertexStride, SkSpan< const Varying > varyings, const SkString &vs, const SkString &fs)
Definition: SkMesh.cpp:389
SkString::append
void append(const char text[])
Definition: SkString.h:203
SkString::c_str
const char * c_str() const
Definition: SkString.h:133
skia_private::STArray
Definition: SkTArray.h:754
skia_private::TArray::empty
bool empty() const
Definition: SkTArray.h:199
skia_private::TArray::size
int size() const
Definition: SkTArray.h:421
skia_private::TArray::push_back
T & push_back()
Definition: SkTArray.h:205
a
struct MyStruct a[10]
SkSL::String::printf
std::string printf(const char *fmt,...) SK_PRINTF_LIKE(1
Definition: SkSLString.cpp:83

◆ FuzzSKP()

void FuzzSKP ( const uint8_t *  data,
size_t  size 
)

Definition at line 15 of file FuzzSKP.cpp.

15 {
16 sk_sp<SkPicture> pic = SkPicture::MakeFromData(data, size);
17 if (!pic) {
18 return;
19 }
20 sk_sp<SkSurface> surface = SkSurfaces::Raster(
21 SkImageInfo::MakeN32Premul(kCanvasSize.width(), kCanvasSize.height()));
22 surface->getCanvas()->drawPicture(pic);
23 pic->approximateBytesUsed();
24 pic->approximateOpCount();
25 return;
26}
kCanvasSize
static constexpr SkISize kCanvasSize
Definition: FuzzSKP.cpp:13
SkPicture::MakeFromData
static sk_sp< SkPicture > MakeFromData(const SkData *data, const SkDeserialProcs *procs=nullptr)
Definition: SkPicture.cpp:160
SkPicture::approximateBytesUsed
virtual size_t approximateBytesUsed() const =0
SkPicture::approximateOpCount
virtual int approximateOpCount(bool nested=false) const =0
SkISize::width
constexpr int32_t width() const
Definition: SkSize.h:36
SkISize::height
constexpr int32_t height() const
Definition: SkSize.h:37

◆ FuzzSkRuntimeBlender()

bool FuzzSkRuntimeBlender ( const uint8_t *  data,
size_t  size 
)

Definition at line 59 of file FuzzSkRuntimeBlender.cpp.

59 {
60 // Test once with optimization disabled...
61 SkString shaderText{reinterpret_cast<const char*>(data), size};
62 SkRuntimeEffect::Options options;
63 options.forceUnoptimized = true;
64 bool result = FuzzSkRuntimeBlender_Once(shaderText, options);
65
66 // ... and then with optimization enabled.
67 options.forceUnoptimized = false;
68 result = FuzzSkRuntimeBlender_Once(shaderText, options) || result;
69
70 return result;
71}
FuzzSkRuntimeBlender_Once
static bool FuzzSkRuntimeBlender_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition: FuzzSkRuntimeBlender.cpp:30

◆ FuzzSkRuntimeColorFilter()

bool FuzzSkRuntimeColorFilter ( const uint8_t *  data,
size_t  size 
)

Definition at line 59 of file FuzzSkRuntimeColorFilter.cpp.

59 {
60 // Test once with optimization disabled...
61 SkString shaderText{reinterpret_cast<const char*>(data), size};
62 SkRuntimeEffect::Options options;
63 options.forceUnoptimized = true;
64 bool result = FuzzSkRuntimeColorFilter_Once(shaderText, options);
65
66 // ... and then with optimization enabled.
67 options.forceUnoptimized = false;
68 result = FuzzSkRuntimeColorFilter_Once(shaderText, options) || result;
69
70 return result;
71}
FuzzSkRuntimeColorFilter_Once
static bool FuzzSkRuntimeColorFilter_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition: FuzzSkRuntimeColorFilter.cpp:30

◆ FuzzSkRuntimeEffect()

bool FuzzSkRuntimeEffect ( const uint8_t *  data,
size_t  size 
)

Definition at line 58 of file FuzzSkRuntimeEffect.cpp.

58 {
59 // Test once with optimization disabled...
60 SkString shaderText{reinterpret_cast<const char*>(data), size};
61 SkRuntimeEffect::Options options;
62 options.forceUnoptimized = true;
63 bool result = FuzzSkRuntimeEffect_Once(shaderText, options);
64
65 // ... and then with optimization enabled.
66 options.forceUnoptimized = false;
67 result = FuzzSkRuntimeEffect_Once(shaderText, options) || result;
68
69 return result;
70}
FuzzSkRuntimeEffect_Once
static bool FuzzSkRuntimeEffect_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition: FuzzSkRuntimeEffect.cpp:30

◆ FuzzSKSL2GLSL()

bool FuzzSKSL2GLSL ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2GLSL.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToGLSL(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ShaderCapsFactory::Default
static const ShaderCaps * Default()
Definition: SkSLUtil.h:168
SkSL::ToGLSL
bool ToGLSL(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition: SkSLGLSLCodeGenerator.cpp:2034
dart_profiler_symbols.output
output
Definition: dart_profiler_symbols.py:51
gn.compile_sksl_tests.settings
settings
Definition: compile_sksl_tests.py:18
malisc.compiler
compiler
Definition: malisc.py:17

◆ FuzzSKSL2Metal()

bool FuzzSKSL2Metal ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2Metal.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToMetal(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ToMetal
bool ToMetal(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition: SkSLMetalCodeGenerator.cpp:3653

◆ FuzzSKSL2Pipeline()

bool FuzzSKSL2Pipeline ( const uint8_t *  data,
size_t  size 
)

Definition at line 18 of file FuzzSKSL2Pipeline.cpp.

18 {
19 SkSL::Compiler compiler;
20 SkSL::ProgramSettings settings;
21 std::unique_ptr<SkSL::Program> program =
22 compiler.convertProgram(SkSL::ProgramKind::kRuntimeShader,
23 std::string(reinterpret_cast<const char*>(data), size),
24 settings);
25 if (!program) {
26 return false;
27 }
28
29 class Callbacks : public SkSL::PipelineStage::Callbacks {
30 std::string declareUniform(const SkSL::VarDeclaration* decl) override {
31 return std::string(decl->var()->name());
32 }
33
34 void defineFunction(const char* /*decl*/, const char* /*body*/, bool /*isMain*/) override {}
35 void declareFunction(const char* /*decl*/) override {}
36 void defineStruct(const char* /*definition*/) override {}
37 void declareGlobal(const char* /*declaration*/) override {}
38
39 std::string sampleShader(int index, std::string coords) override {
40 return "child_" + std::to_string(index) + ".eval(" + coords + ")";
41 }
42
43 std::string sampleColorFilter(int index, std::string color) override {
44 return "child_" + std::to_string(index) + ".eval(" + color + ")";
45 }
46
47 std::string sampleBlender(int index, std::string src, std::string dst) override {
48 return "child_" + std::to_string(index) + ".eval(" + src + ", " + dst + ")";
49 }
50
51 std::string toLinearSrgb(std::string color) override { return color; }
52 std::string fromLinearSrgb(std::string color) override { return color; }
53 };
54
55 Callbacks callbacks;
56 SkSL::PipelineStage::ConvertProgram(*program, "coords", "inColor", "half4(1)", &callbacks);
57 return true;
58}
SkSL::PipelineStage::Callbacks::sampleShader
virtual std::string sampleShader(int index, std::string coords)=0
SkSL::PipelineStage::Callbacks::sampleBlender
virtual std::string sampleBlender(int index, std::string src, std::string dst)=0
SkSL::PipelineStage::Callbacks::defineStruct
virtual void defineStruct(const char *definition)=0
SkSL::PipelineStage::Callbacks::declareFunction
virtual void declareFunction(const char *declaration)=0
SkSL::PipelineStage::Callbacks::toLinearSrgb
virtual std::string toLinearSrgb(std::string color)=0
SkSL::PipelineStage::Callbacks::declareGlobal
virtual void declareGlobal(const char *declaration)=0
SkSL::PipelineStage::Callbacks::sampleColorFilter
virtual std::string sampleColorFilter(int index, std::string color)=0
SkSL::PipelineStage::Callbacks::fromLinearSrgb
virtual std::string fromLinearSrgb(std::string color)=0
SkSL::PipelineStage::Callbacks::defineFunction
virtual void defineFunction(const char *declaration, const char *body, bool isMain)=0
SkSL::PipelineStage::Callbacks::declareUniform
virtual std::string declareUniform(const VarDeclaration *)=0
SkSL::Symbol::name
std::string_view name() const
Definition: SkSLSymbol.h:51
SkSL::VarDeclaration::var
Variable * var() const
Definition: SkSLVarDeclarations.h:96
color
DlColor color
Definition: dl_golden_blur_unittests.cc:23
SkSL::PipelineStage::ConvertProgram
void ConvertProgram(const Program &program, const char *sampleCoords, const char *inputColor, const char *destColor, Callbacks *callbacks)
Definition: SkSLPipelineStageCodeGenerator.cpp:806
mskp_parser.src
src
Definition: mskp_parser.py:22
to_string
static SkString to_string(int n)
Definition: nanobench.cpp:119

◆ FuzzSKSL2SPIRV()

bool FuzzSKSL2SPIRV ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2SPIRV.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20
21 // This tells the compiler where the rt-flip uniform will live should it be required. For
22 // fuzzing purposes we don't care where that is, but the compiler will report an error if we
23 // leave them at their default invalid values, or if the offset overlaps another uniform.
24 settings.fRTFlipOffset = 16384;
25 settings.fRTFlipSet = 0;
26 settings.fRTFlipBinding = 0;
27
28 std::unique_ptr<SkSL::Program> program =
29 compiler.convertProgram(SkSL::ProgramKind::kFragment,
30 std::string(reinterpret_cast<const char*>(data), size),
31 settings);
32 std::string output;
33 if (!program || !SkSL::ToSPIRV(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
34 return false;
35 }
36 return true;
37}
SkSL::ToSPIRV
bool ToSPIRV(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition: SkSLSPIRVCodeGenerator.cpp:5408

◆ FuzzSKSL2WGSL()

bool FuzzSKSL2WGSL ( const uint8_t *  data,
size_t  size 
)

Definition at line 17 of file FuzzSKSL2WGSL.cpp.

17 {
18 SkSL::Compiler compiler;
19 SkSL::ProgramSettings settings;
20 std::unique_ptr<SkSL::Program> program =
21 compiler.convertProgram(SkSL::ProgramKind::kFragment,
22 std::string(reinterpret_cast<const char*>(data), size),
23 settings);
24 std::string output;
25 if (!program || !SkSL::ToWGSL(*program, SkSL::ShaderCapsFactory::Default(), &output)) {
26 return false;
27 }
28 return true;
29}
SkSL::ToWGSL
bool ToWGSL(Program &program, const ShaderCaps *caps, OutputStream &out)
Definition: SkSLWGSLCodeGenerator.cpp:4597

◆ FuzzTextBlobDeserialize()

void FuzzTextBlobDeserialize ( const uint8_t *  data,
size_t  size 
)

Definition at line 15 of file FuzzTextBlobDeserialize.cpp.

15 {
16 SkReadBuffer buf(data, size);
17 auto tb = SkTextBlobPriv::MakeFromBuffer(buf);
18 if (!buf.isValid()) {
19 return;
20 }
21
22 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
23 if (!s) {
24 // May return nullptr in memory-constrained fuzzing environments
25 return;
26 }
27 s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint());
28}
SkTextBlobPriv::MakeFromBuffer
static sk_sp< SkTextBlob > MakeFromBuffer(SkReadBuffer &)
Definition: SkTextBlob.cpp:705

◆ main()

int main ( int  argc,
char **  argv 
)

Definition at line 120 of file FuzzMain.cpp.

120 {
121 CommandLineFlags::SetUsage(
122 "Usage: fuzz -t <type> -b <path/to/file> [-n api-to-fuzz]\n"
123 " fuzz -b <path/to/file>\n"
124 "--help lists the valid types. If type is not specified,\n"
125 "fuzz will make a guess based on the name of the file.\n");
126 CommandLineFlags::Parse(argc, argv);
127 ToolUtils::UsePortableFontMgr();
128
129 SkString path = SkString(FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]);
130 SkString type = SkString(FLAGS_type.isEmpty() ? "" : FLAGS_type[0]);
131
132 int loopCount = std::max(FLAGS_loops, 1);
133
134 if (!sk_isdir(path.c_str())) {
135 for (int i = 0; i < loopCount; ++i) {
136 int rv = fuzz_file(path, type);
137 if (rv != 0) {
138 return rv;
139 }
140 }
141 return 0;
142 }
143
144 SkOSFile::Iter it(path.c_str());
145 for (SkString file; it.next(&file); ) {
146 SkString p = SkOSPath::Join(path.c_str(), file.c_str());
147 SkDebugf("Fuzzing %s\n", p.c_str());
148 for (int i = 0; i < loopCount; ++i) {
149 int rv = fuzz_file(p, type);
150 if (rv != 0) {
151 return rv;
152 }
153 }
154 }
155 return 0;
156}
fuzz_file
static int fuzz_file(const SkString &path, SkString type)
Definition: FuzzMain.cpp:158
sk_isdir
bool sk_isdir(const char *path)
Definition: SkOSFile_stdio.cpp:141
CommandLineFlags::Parse
static void Parse(int argc, const char *const *argv)
Definition: CommandLineFlags.cpp:215
CommandLineFlags::SetUsage
static void SetUsage(const char *usage)
Definition: CommandLineFlags.cpp:143
SkOSPath::Join
static SkString Join(const char *rootPath, const char *relativePath)
Definition: SkOSPath.cpp:14
argv
char ** argv
Definition: library.h:9
ToolUtils::UsePortableFontMgr
void UsePortableFontMgr()
Definition: FontToolUtils.cpp:301
ios_debug_cmd.rv
rv
Definition: ios_debug_cmd.py:34

◆ print_api_names()

static void print_api_names ( )
static

Definition at line 437 of file FuzzMain.cpp.

437 {
438 SkDebugf("When using --type api, please choose an API to fuzz with --name/-n:\n");
439 for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) {
440 SkDebugf("\t%s\n", fuzzable.name);
441 }
442}

◆ try_auto_detect()

static SkString try_auto_detect ( const SkString path,
SkString name 
)
static

Definition at line 360 of file FuzzMain.cpp.

360 {
361 std::cmatch m;
362 std::regex clusterfuzz("clusterfuzz-testcase(-minimized)?-([a-z0-9_]+)-[\\d]+");
363 std::regex skiafuzzer("(api-)?(\\w+)-[a-f0-9]+");
364
365 if (std::regex_search(path.c_str(), m, clusterfuzz)) {
366 std::string type = m.str(2);
367
368 if (cf_api_map.find(type) != cf_api_map.end()) {
369 *name = SkString(cf_api_map[type].c_str());
370 return SkString("api");
371 } else {
372 if (cf_map.find(type) != cf_map.end()) {
373 return SkString(cf_map[type].c_str());
374 }
375 }
376 } else if (std::regex_search(path.c_str(), m, skiafuzzer)) {
377 std::string a1 = m.str(1);
378 std::string typeOrName = m.str(2);
379 if (a1.length() > 0) {
380 // it's an api fuzzer
381 *name = SkString(typeOrName.c_str());
382 return SkString("api");
383 } else {
384 return SkString(typeOrName.c_str());
385 }
386 }
387
388 return SkString();
389}
cf_map
static std::map< std::string, std::string > cf_map
Definition: FuzzMain.cpp:331
cf_api_map
static std::map< std::string, std::string > cf_api_map
Definition: FuzzMain.cpp:306
dart_profiler_symbols.m
m
Definition: dart_profiler_symbols.py:64
dart_profiler_symbols.regex
regex
Definition: dart_profiler_symbols.py:61

Variable Documentation

◆ cf_api_map

std::map<std::string, std::string> cf_api_map
static
Initial value:
= {
{"api_create_ddl", "CreateDDL"},
{"api_draw_functions", "DrawFunctions"},
{"api_ddl_threading", "DDLThreadingGL"},
{"api_gradients", "Gradients"},
{"api_image_filter", "ImageFilter"},
{"api_mock_gpu_canvas", "MockGPUCanvas"},
{"api_null_canvas", "NullCanvas"},
{"api_path_measure", "PathMeasure"},
{"api_pathop", "Pathop"},
{"api_polyutils", "PolyUtils"},
{"api_raster_n32_canvas", "RasterN32Canvas"},
{"api_skparagraph", "SkParagraph"},
{"api_svg_canvas", "SVGCanvas"},
{"cubic_quad_roots", "CubicQuadRoots"},
{"jpeg_encoder", "JPEGEncoder"},
{"png_encoder", "PNGEncoder"},
{"skia_pathop_fuzzer", "LegacyChromiumPathop"},
{"webp_encoder", "WEBPEncoder"}
}

Definition at line 306 of file FuzzMain.cpp.

◆ cf_map

std::map<std::string, std::string> cf_map
static
Initial value:
= {
{"android_codec", "android_codec"},
{"animated_image_decode", "animated_image_decode"},
{"colrv1", "colrv1"},
{"image_decode", "image_decode"},
{"image_decode_incremental", "image_decode_incremental"},
{"image_filter_deserialize", "filter_fuzz"},
{"image_filter_deserialize_width", "filter_fuzz"},
{"path_deserialize", "path_deserialize"},
{"region_deserialize", "region_deserialize"},
{"region_set_path", "region_set_path"},
{"skdescriptor_deserialize", "skdescriptor_deserialize"},
{"skjson", "json"},
{"skmeshspecification", "skmeshspecification"},
{"skp", "skp"},
{"skruntimeeffect", "skruntimeeffect"},
{"sksl2glsl", "sksl2glsl"},
{"sksl2metal", "sksl2metal"},
{"sksl2spirv", "sksl2spirv"},
{"sksl2pipeline", "sksl2pipeline"},
{"textblob_deserialize", "textblob"}
}

Definition at line 331 of file FuzzMain.cpp.

◆ g_type_message

constexpr char g_type_message[]
staticconstexpr

Definition at line 45 of file FuzzMain.cpp.

Generated on Sun Jun 23 2024 21:57:08 for Flutter Engine by doxygen 1.9.4