FuzzSkRuntimeBlender.cpp File Reference

#include "fuzz/Fuzz.h"
#include "fuzz/FuzzCommon.h"
#include "include/core/SkCanvas.h"
#include "include/core/SkPaint.h"
#include "include/core/SkShader.h"
#include "include/core/SkSurface.h"
#include "include/effects/SkRuntimeEffect.h"
#include "include/private/base/SkTArray.h"
#include "src/gpu/ganesh/GrShaderCaps.h"

Go to the source code of this file.

Functions
static bool	FuzzSkRuntimeBlender_Once (const SkString &shaderText, const SkRuntimeEffect::Options &options)
bool	FuzzSkRuntimeBlender (const uint8_t *data, size_t size)

Function Documentation

FuzzSkRuntimeBlender()

bool FuzzSkRuntimeBlender	(	const uint8_t *	data,
		size_t	size
	)

Definition at line 59 of file FuzzSkRuntimeBlender.cpp.

                                                            {
    // Test once with optimization disabled...
    SkString shaderText{reinterpret_cast<const char*>(data), size};
    SkRuntimeEffect::Options options;
    options.forceUnoptimized = true;
    bool result = FuzzSkRuntimeBlender_Once(shaderText, options);
 
    // ... and then with optimization enabled.
    options.forceUnoptimized = false;
    result = FuzzSkRuntimeBlender_Once(shaderText, options) || result;
 
    return result;
}

FuzzSkRuntimeBlender_Once()

static bool FuzzSkRuntimeBlender_Once ( const SkString &  shaderText, const SkRuntimeEffect::Options &  options  )

static

The fuzzer treats the input bytes as an SkSL blend program. The requested number of uniforms and children are automatically synthesized to match the program's needs.

We fuzz twice, with two different settings for inlining in the SkSL compiler. By default, the compiler inlines most small to medium functions. This can hide bugs related to function-calling. So we run the fuzzer once with inlining disabled, and again with it enabled. This gives us better coverage, and eases the burden on the fuzzer to inject useless noise into functions to suppress inlining.

Definition at line 30 of file FuzzSkRuntimeBlender.cpp.

                                                                             {
    SkRuntimeEffect::Result result = SkRuntimeEffect::MakeForBlender(shaderText, options);
    SkRuntimeEffect* effect = result.effect.get();
    if (!effect) {
        return false;
    }
 
    sk_sp<SkData> uniformBytes;
    TArray<SkRuntimeEffect::ChildPtr> children;
    FuzzCreateValidInputsForRuntimeEffect(effect, uniformBytes, children);
 
    sk_sp<SkBlender> blender = effect->makeBlender(uniformBytes, SkSpan(children));
    if (!blender) {
        return false;
    }
    SkPaint paint;
    paint.setColor(SK_ColorRED);
    paint.setBlender(std::move(blender));
 
    sk_sp<SkSurface> s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(4, 4));
    if (!s) {
        return false;
    }
    s->getCanvas()->drawPaint(paint);
 
    return true;
}