d9/d6b/FuzzSkRuntimeBlender_8cpp_source.html

/*

 * Copyright 2023 Google, LLC

 *

 * Use of this source code is governed by a BSD-style license that can be

 * found in the LICENSE file.

 */


#include "fuzz/Fuzz.h"

#include "fuzz/FuzzCommon.h"

#include "include/core/SkCanvas.h"

#include "include/core/SkPaint.h"

#include "include/core/SkShader.h"

#include "include/core/SkSurface.h"

#include "include/effects/SkRuntimeEffect.h"

#include "include/private/base/SkTArray.h"

#include "src/gpu/ganesh/GrShaderCaps.h"


using namespace skia_private;


/**

 * The fuzzer treats the input bytes as an SkSL blend program. The requested number of

 * uniforms and children are automatically synthesized to match the program's needs.

 *

 * We fuzz twice, with two different settings for inlining in the SkSL compiler. By default, the

 * compiler inlines most small to medium functions. This can hide bugs related to function-calling.

 * So we run the fuzzer once with inlining disabled, and again with it enabled.

 * This gives us better coverage, and eases the burden on the fuzzer to inject useless noise into

 * functions to suppress inlining.

 */

static bool FuzzSkRuntimeBlender_Once(const SkString& shaderText,

                                      const SkRuntimeEffect::Options& options) {

    SkRuntimeEffect::Result result = SkRuntimeEffect::MakeForBlender(shaderText, options);

    SkRuntimeEffect* effect = result.effect.get();

    if (!effect) {

        return false;

    }


    sk_sp<SkData> uniformBytes;

    TArray<SkRuntimeEffect::ChildPtr> children;

    FuzzCreateValidInputsForRuntimeEffect(effect, uniformBytes, children);


    sk_sp<SkBlender> blender = effect->makeBlender(uniformBytes, SkSpan(children));

    if (!blender) {

        return false;

    }

    SkPaint paint;

    paint.setColor(SK_ColorRED);

    paint.setBlender(std::move(blender));


    sk_sp<SkSurface> s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(4, 4));

    if (!s) {

        return false;

    }

    s->getCanvas()->drawPaint(paint);


    return true;

}


bool FuzzSkRuntimeBlender(const uint8_t *data, size_t size) {

    // Test once with optimization disabled...

    SkString shaderText{reinterpret_cast<const char*>(data), size};

    SkRuntimeEffect::Options options;

    options.forceUnoptimized = true;

    bool result = FuzzSkRuntimeBlender_Once(shaderText, options);


    // ... and then with optimization enabled.

    options.forceUnoptimized = false;

    result = FuzzSkRuntimeBlender_Once(shaderText, options) || result;


    return result;

}


#if defined(SK_BUILD_FOR_LIBFUZZER)

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

    if (size > 3000) {

        return 0;

    }

    FuzzSkRuntimeBlender(data, size);

    return 0;

}

#endif

options
const char * options
Definition: CommonFlagsConfig.cpp:43

FuzzCreateValidInputsForRuntimeEffect
void FuzzCreateValidInputsForRuntimeEffect(SkRuntimeEffect *effect, sk_sp< SkData > &uniformBytes, TArray< SkRuntimeEffect::ChildPtr > &children)
Definition: FuzzCommon.cpp:352

FuzzCommon.h

FuzzSkRuntimeBlender_Once
static bool FuzzSkRuntimeBlender_Once(const SkString &shaderText, const SkRuntimeEffect::Options &options)
Definition: FuzzSkRuntimeBlender.cpp:30

FuzzSkRuntimeBlender
bool FuzzSkRuntimeBlender(const uint8_t *data, size_t size)
Definition: FuzzSkRuntimeBlender.cpp:59

Fuzz.h

GrShaderCaps.h

SkCanvas.h

SK_ColorRED
constexpr SkColor SK_ColorRED
Definition: SkColor.h:126

SkPaint.h

SkRuntimeEffect.h

SkShader.h

SkSpan
SkSpan(Container &&) -> SkSpan< std::remove_pointer_t< decltype(std::data(std::declval< Container >()))> >

SkSurface.h

SkTArray.h

SkPaint
Definition: SkPaint.h:44

SkRuntimeEffect::Options
Definition: SkRuntimeEffect.h:123

SkRuntimeEffect
Definition: SkRuntimeEffect.h:59

SkRuntimeEffect::makeBlender
sk_sp< SkBlender > makeBlender(sk_sp< const SkData > uniforms, SkSpan< const ChildPtr > children={}) const
Definition: SkRuntimeEffect.cpp:885

SkRuntimeEffect::MakeForBlender
static Result MakeForBlender(SkString sksl, const Options &)
Definition: SkRuntimeEffect.cpp:672

SkString
Definition: SkString.h:118

sk_sp< SkData >

skia_private::TArray
Definition: SkTArray.h:40

paint
const Paint & paint
Definition: color_source.cc:38

LLVMFuzzerTestOneInput
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
Definition: dart_libfuzzer.cc:85

s
struct MyStruct s

result
GAsyncResult * result
Definition: fl_text_input_plugin.cc:106

SkSurfaces::Raster
SK_API sk_sp< SkSurface > Raster(const SkImageInfo &imageInfo, size_t rowBytes, const SkSurfaceProps *surfaceProps)
Definition: SkSurface_Raster.cpp:186

flutter::size
it will be possible to load the file into Perfetto s trace viewer disable asset Prevents usage of any non test fonts unless they were explicitly Loaded via prefetched default font Indicates whether the embedding started a prefetch of the default font manager before creating the engine run In non interactive keep the shell running after the Dart script has completed enable serial On low power devices with low core running concurrent GC tasks on threads can cause them to contend with the UI thread which could potentially lead to jank This option turns off all concurrent GC activities domain network JSON encoded network policy per domain This overrides the DisallowInsecureConnections switch Embedder can specify whether to allow or disallow insecure connections at a domain level old gen heap size
Definition: switches.h:259

skia_private
Definition: SkTArray.h:32

SkImageInfo::MakeN32Premul
static SkImageInfo MakeN32Premul(int width, int height)
Definition: SkImageInfo.cpp:157

SkRuntimeEffect::Result
Definition: SkRuntimeEffect.h:150

data
std::shared_ptr< const fml::Mapping > data
Definition: texture_gles.cc:63