Write SkRegion fuzzer

BUG=688987

Change-Id: I2ad1c53ea01185a77b662d2d86b0c6d36fcb63c7
Reviewed-on: https://skia-review.googlesource.com/8499
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Hal Canary <halcanary@google.com>

diff --git a/BUILD.gn b/BUILD.gn
index 5d022e0..4834836 100644 (file)
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -154,6 +154,9 @@ config("skia_private") {
   if (skia_enable_discrete_gpu) {
     defines += [ "SK_ENABLE_DISCRETE_GPU" ]
   }
+  if (is_fuzzing) {
+    defines += [ "IS_FUZZING" ]
+  }
 }
 
 # Any code that's linked into Skia-the-library should use this config via += skia_library_configs.

diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp
index 6720754..cc26b2d 100644 (file)
--- a/fuzz/fuzz.cpp
+++ b/fuzz/fuzz.cpp
@@ -14,6 +14,8 @@
 #include "SkImageEncoder.h"
 #include "SkMallocPixelRef.h"
 #include "SkPath.h"
+#include "SkRegion.h"
+#include "SkSurface.h"
 #include "SkOSFile.h"
 #include "SkOSPath.h"
 #include "SkPicture.h"
@@ -44,6 +46,7 @@ static void fuzz_color_deserialize(sk_sp<SkData>);
 static void fuzz_icc(sk_sp<SkData>);
 static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t);
 static void fuzz_path_deserialize(sk_sp<SkData>);
+static void fuzz_region_deserialize(sk_sp<SkData>);
 static void fuzz_skp(sk_sp<SkData>);
 #if SK_SUPPORT_GPU
 static void fuzz_sksl2glsl(sk_sp<SkData>);
@@ -104,6 +107,10 @@ static int fuzz_file(const char* path) {
             fuzz_path_deserialize(bytes);
             return 0;
         }
+        if (0 == strcmp("region_deserialize", FLAGS_type[0])) {
+            fuzz_region_deserialize(bytes);
+            return 0;
+        }
         if (0 == strcmp("skp", FLAGS_type[0])) {
             fuzz_skp(bytes);
             return 0;
@@ -476,6 +483,26 @@ static void fuzz_path_deserialize(sk_sp<SkData> bytes) {
     SkDebugf("[terminated] Success! Initialized SkPath.\n");
 }
 
+static void fuzz_region_deserialize(sk_sp<SkData> bytes) {
+    SkRegion region;
+    if (!region.readFromMemory(bytes->data(), bytes->size())) {
+        SkDebugf("[terminated] Couldn't initialize SkRegion.\n");
+        return;
+    }
+    region.computeRegionComplexity();
+    region.isComplex();
+    SkRegion r2;
+    if (region == r2) {
+        region.contains(0,0);
+    } else {
+        region.contains(1,1);
+    }
+    auto s = SkSurface::MakeRasterN32Premul(1024, 1024);
+    s->getCanvas()->drawRegion(region, SkPaint());
+    SkDEBUGCODE(region.validate());
+    SkDebugf("[terminated] Success! Initialized SkRegion.\n");
+}
+
 #if SK_SUPPORT_GPU
 static void fuzz_sksl2glsl(sk_sp<SkData> bytes) {
     SkSL::Compiler compiler;

diff --git a/gn/BUILDCONFIG.gn b/gn/BUILDCONFIG.gn
index a89931b..82e3e10 100644 (file)
--- a/gn/BUILDCONFIG.gn
+++ b/gn/BUILDCONFIG.gn
@@ -17,6 +17,7 @@ declare_args() {
     ndk_api = 21
   }
   sanitize = ""
+  is_fuzzing = false
 }
 declare_args() {
   is_debug = !is_official_build

diff --git a/src/ports/SkMemory_malloc.cpp b/src/ports/SkMemory_malloc.cpp
index f06dc35..5574a8a 100644 (file)
--- a/src/ports/SkMemory_malloc.cpp
+++ b/src/ports/SkMemory_malloc.cpp
@@ -15,7 +15,11 @@
 static inline void sk_out_of_memory(size_t size) {
     SK_DEBUGFAILF("sk_out_of_memory (asked for " SK_SIZE_T_SPECIFIER " bytes)",
                   size);
+#if defined(IS_FUZZING)
+    exit(1);
+#else
     abort();
+#endif
 }
 
 static inline void* throw_on_failure(size_t size, void* p) {
@@ -33,6 +37,9 @@ void sk_abort_no_print() {
 #endif
 #if defined(SK_DEBUG) && defined(SK_BUILD_FOR_WIN)
     __debugbreak();
+#endif
+#if defined(IS_FUZZING)
+    exit(1);
 #else
     abort();
 #endif
@@ -40,7 +47,11 @@ void sk_abort_no_print() {
 
 void sk_out_of_memory(void) {
     SkDEBUGFAIL("sk_out_of_memory");
+#if defined(IS_FUZZING)
+    exit(1);
+#else
     abort();
+#endif
 }
 
 void* sk_malloc_throw(size_t size) {