2 * Copyright 2016 Google Inc.
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
11 #include "include/core/SkData.h"
12 #include "include/core/SkImageFilter.h"
13 #include "include/core/SkRegion.h"
14 #include "include/core/SkTypes.h"
15 #include "include/private/SkMalloc.h"
16 #include "include/private/SkTFitsIn.h"
17 #include "tools/Registry.h"
24 class Fuzz : SkNoncopyable {
26 explicit Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {}
28 // Returns the total number of "random" bytes available.
29 size_t size() { return fBytes->size(); }
30 // Returns if there are no bytes remaining for fuzzing.
32 return fBytes->size() == fNextByte;
36 return fBytes->size() - fNextByte;
40 fNextByte = fBytes->size();
43 // next() loads fuzzed bytes into the variable passed in by pointer.
44 // We use this approach instead of T next() because different compilers
45 // evaluate function parameters in different orders. If fuzz->next()
46 // returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
47 // foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
48 // By requiring params to be passed in, we avoid the temptation to call
49 // next() in a way that does not consume fuzzed bytes in a single
50 // platform-independent order.
52 void next(T* t) { this->nextBytes(t, sizeof(T)); }
54 // This is a convenient way to initialize more than one argument at a time.
55 template <typename Arg, typename... Args>
56 void next(Arg* first, Args... rest);
58 // nextRange returns values only in [min, max].
59 template <typename T, typename Min, typename Max>
60 void nextRange(T*, Min, Max);
62 // nextEnum is a wrapper around nextRange for enums.
64 void nextEnum(T* ptr, T max);
66 // nextN loads n * sizeof(T) bytes into ptr
68 void nextN(T* ptr, int n);
71 // Tell the fuzzer that these inputs found a bug.
72 SkDebugf("Signal bug\n");
76 // Specialized versions for when true random doesn't quite make sense
78 void next(SkRegion* region);
86 void nextRange(float* f, float min, float max);
94 friend void fuzz__MakeEncoderCorpus(Fuzz*);
96 void nextBytes(void* ptr, size_t size);
99 template <typename Arg, typename... Args>
100 inline void Fuzz::next(Arg* first, Args... rest) {
105 template <typename T, typename Min, typename Max>
106 inline void Fuzz::nextRange(T* value, Min min, Max max) {
107 // UBSAN worries if we make an enum with out of range values, even temporarily.
108 using Raw = typename sk_strip_enum<T>::type;
112 if (raw < (Raw)min) { raw = (Raw)min; }
113 if (raw > (Raw)max) { raw = (Raw)max; }
117 template <typename T>
118 inline void Fuzz::nextEnum(T* value, T max) {
119 // This works around the fact that UBSAN will assert if we put an invalid
120 // value into an enum. We might see issues with enums being represented
121 // on Windows differently than Linux, but that's not a thing we can fix here.
122 using U = typename std::underlying_type<T>::type;
125 if (v < (U)0) { *value = (T)0; return;}
126 if (v > (U)max) { *value = (T)max; return;}
130 template <typename T>
131 inline void Fuzz::nextN(T* ptr, int n) {
132 for (int i = 0; i < n; i++) {
142 // Not static so that we can link these into oss-fuzz harnesses if we like.
143 #define DEF_FUZZ(name, f) \
144 void fuzz_##name(Fuzz*); \
145 sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
146 void fuzz_##name(Fuzz* f)