From a839fc0b63bd68682dcf51abc77078bfea48c1a1 Mon Sep 17 00:00:00 2001 From: Herb Derby Date: Thu, 16 Mar 2017 12:30:43 -0400 Subject: [PATCH] Add Chromium's fuzz_fileter_fuzz to skia. Move the fuzzer in chromium/src/skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc to Skia's fuzzer. I recommend removing filter_fuzz_stub from chromium and only using Skia's fuzzer. BUG=chromium:700836 Change-Id: Ibab1a9b696e54a3042ee61f5524d196c12df2888 Reviewed-on: https://skia-review.googlesource.com/9802 Commit-Queue: Herb Derby Reviewed-by: Kevin Lubick --- fuzz/fuzz.cpp | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/fuzz/fuzz.cpp b/fuzz/fuzz.cpp index ea385ad..d156680 100644 --- a/fuzz/fuzz.cpp +++ b/fuzz/fuzz.cpp @@ -10,11 +10,14 @@ #include "SkCodec.h" #include "SkCommandLineFlags.h" #include "SkData.h" +#include "SkFlattenableSerialization.h" #include "SkImage.h" #include "SkImageEncoder.h" +#include "SkImageFilter.h" #include "SkMallocPixelRef.h" #include "SkOSFile.h" #include "SkOSPath.h" +#include "SkPaint.h" #include "SkPath.h" #include "SkPicture.h" #include "SkRegion.h" @@ -55,6 +58,8 @@ static void fuzz_img(sk_sp, uint8_t, uint8_t); static void fuzz_path_deserialize(sk_sp); static void fuzz_region_deserialize(sk_sp); static void fuzz_skp(sk_sp); +static void fuzz_filter_fuzz(sk_sp); + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp); #endif @@ -122,6 +127,10 @@ static int fuzz_file(const char* path) { fuzz_skp(bytes); return 0; } + if (0 == strcmp("filter_fuzz", FLAGS_type[0])) { + fuzz_filter_fuzz(bytes); + return 0; + } #if SK_SUPPORT_GPU if (0 == strcmp("sksl2glsl", FLAGS_type[0])) { fuzz_sksl2glsl(bytes); @@ -512,6 +521,40 @@ static void fuzz_region_deserialize(sk_sp bytes) { SkDebugf("[terminated] Success! Initialized SkRegion.\n"); } +static void fuzz_filter_fuzz(sk_sp bytes) { + + const int BitmapSize = 24; + SkBitmap bitmap; + bitmap.allocN32Pixels(BitmapSize, BitmapSize); + SkCanvas canvas(bitmap); + canvas.clear(0x00000000); + + sk_sp flattenable = SkValidatingDeserializeImageFilter( + bytes->data(), bytes->size()); + + // Adding some info, but the test passed if we got here without any trouble + if (flattenable != NULL) { + SkDebugf("Valid stream detected.\n"); + // Let's see if using the filters can cause any trouble... + SkPaint paint; + paint.setImageFilter(flattenable); + canvas.save(); + canvas.clipRect(SkRect::MakeXYWH( + 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); + + // This call shouldn't crash or cause ASAN to flag any memory issues + // If nothing bad happens within this call, everything is fine + canvas.drawBitmap(bitmap, 0, 0, &paint); + + SkDebugf("Filter DAG rendered successfully\n"); + canvas.restore(); + } else { + SkDebugf("Invalid stream detected.\n"); + } + + SkDebugf("[terminated] Done\n"); +} + #if SK_SUPPORT_GPU static void fuzz_sksl2glsl(sk_sp bytes) { SkSL::Compiler compiler; -- 2.7.4