fuzz/Fuzz.h - skia.git - Git at Google

 /*
  * Copyright 2016 Google Inc.
  *
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  */

 #ifndef Fuzz_DEFINED
 #define Fuzz_DEFINED

 #include "include/core/SkData.h"
 #include "include/core/SkImageFilter.h"
 #include "include/core/SkRegion.h"
 #include "include/core/SkTypes.h"
 #include "include/private/base/SkMalloc.h"
 #include "include/private/base/SkTFitsIn.h"
 #include "tools/Registry.h"

 #include <limits>
 #include <cmath>
 #include <signal.h>
 #include <limits>

 class Fuzz {
 public:
     explicit Fuzz(const uint8_t* data, size_t size) : fData(data), fSize(size), fNextByte(0) {}
     Fuzz() = delete;

     // Make noncopyable
     Fuzz(Fuzz&) = delete;
     Fuzz& operator=(Fuzz&) = delete;

     // Returns the total number of "random" bytes available.
     size_t size() const {
         return fSize;
     }

     // Returns if there are no bytes remaining for fuzzing.
     bool exhausted() const {
         return fSize == fNextByte;
     }

     void deplete() {
         fNextByte = fSize;
     }

     size_t remainingSize() const {
         return fSize - fNextByte;
     }

     const uint8_t *remainingData() const {
         return fData + fNextByte;
     }

     // next() loads fuzzed bytes into the variable passed in by pointer.
     // We use this approach instead of T next() because different compilers
     // evaluate function parameters in different orders. If fuzz->next()
     // returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
     // foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
     // By requiring params to be passed in, we avoid the temptation to call
     // next() in a way that does not consume fuzzed bytes in a single
     // platform-independent order.
     template <typename T>
     void next(T* t) { this->nextBytes(t, sizeof(T)); }

     // This is a convenient way to initialize more than one argument at a time.
     template <typename Arg, typename... Args>
     void next(Arg* first, Args... rest);

     // nextRange returns values only in [min, max].
     template <typename T, typename Min, typename Max>
     void nextRange(T*, Min, Max);

     // nextEnum is a wrapper around nextRange for enums.
     template <typename T>
     void nextEnum(T* ptr, T max);

     // nextN loads n * sizeof(T) bytes into ptr
     template <typename T>
     void nextN(T* ptr, int n);

     void signalBug() {
         // Tell the fuzzer that these inputs found a bug.
         SkDebugf("Signal bug\n");
         raise(SIGSEGV);
     }

     // Specialized versions for when true random doesn't quite make sense
     void next(bool* b);
     void next(SkRegion* region);

     bool nextBool() {
         bool b;
         this->next(&b);
         return b;
     }

     void nextRange(float* f, float min, float max);

 private:
     template <typename T>
     T nextT();

     const uint8_t *fData;
     size_t fSize;
     size_t fNextByte;
     friend void fuzz__MakeEncoderCorpus(Fuzz*);

     void nextBytes(void* ptr, size_t size);
 };

 template <typename Arg, typename... Args>
 inline void Fuzz::next(Arg* first, Args... rest) {
    this->next(first);
    this->next(rest...);
 }

 template <typename T, typename Min, typename Max>
 inline void Fuzz::nextRange(T* value, Min min, Max max) {
     // UBSAN worries if we make an enum with out of range values, even temporarily.
     using Raw = typename sk_strip_enum<T>::type;
     Raw raw;
     this->next(&raw);

     if (raw < (Raw)min) { raw = (Raw)min; }
     if (raw > (Raw)max) { raw = (Raw)max; }
     *value = (T)raw;
 }

 template <typename T>
 inline void Fuzz::nextEnum(T* value, T max) {
     // This works around the fact that UBSAN will assert if we put an invalid
     // value into an enum. We might see issues with enums being represented
     // on Windows differently than Linux, but that's not a thing we can fix here.
     using U = typename std::underlying_type<T>::type;
     U v;
     this->next(&v);
     if (v < (U)0) { *value = (T)0; return;}
     if (v > (U)max) { *value = (T)max; return;}
     *value = (T)v;
 }

 template <typename T>
 inline void Fuzz::nextN(T* ptr, int n) {
    for (int i = 0; i < n; i++) {
        this->next(ptr+i);
    }
 }

 struct Fuzzable {
     const char* name;
     void (*fn)(Fuzz*);
 };

 // Not static so that we can link these into oss-fuzz harnesses if we like.
 #define DEF_FUZZ(name, f)                                               \
     void fuzz_##name(Fuzz*);                                            \
     sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
     void fuzz_##name(Fuzz* f)

 #endif  // Fuzz_DEFINED
	/*
	* Copyright 2016 Google Inc.
	*
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*/

	#ifndef Fuzz_DEFINED
	#define Fuzz_DEFINED

	#include "include/core/SkData.h"
	#include "include/core/SkImageFilter.h"
	#include "include/core/SkRegion.h"
	#include "include/core/SkTypes.h"
	#include "include/private/base/SkMalloc.h"
	#include "include/private/base/SkTFitsIn.h"
	#include "tools/Registry.h"

	#include <limits>
	#include <cmath>
	#include <signal.h>
	#include <limits>

	class Fuzz {
	public:
	explicit Fuzz(const uint8_t* data, size_t size) : fData(data), fSize(size), fNextByte(0) {}
	Fuzz() = delete;

	// Make noncopyable
	Fuzz(Fuzz&) = delete;
	Fuzz& operator=(Fuzz&) = delete;

	// Returns the total number of "random" bytes available.
	size_t size() const {
	return fSize;
	}

	// Returns if there are no bytes remaining for fuzzing.
	bool exhausted() const {
	return fSize == fNextByte;
	}

	void deplete() {
	fNextByte = fSize;
	}

	size_t remainingSize() const {
	return fSize - fNextByte;
	}

	const uint8_t *remainingData() const {
	return fData + fNextByte;
	}

	// next() loads fuzzed bytes into the variable passed in by pointer.
	// We use this approach instead of T next() because different compilers
	// evaluate function parameters in different orders. If fuzz->next()
	// returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be
	// foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang.
	// By requiring params to be passed in, we avoid the temptation to call
	// next() in a way that does not consume fuzzed bytes in a single
	// platform-independent order.
	template <typename T>
	void next(T* t) { this->nextBytes(t, sizeof(T)); }

	// This is a convenient way to initialize more than one argument at a time.
	template <typename Arg, typename... Args>
	void next(Arg* first, Args... rest);

	// nextRange returns values only in [min, max].
	template <typename T, typename Min, typename Max>
	void nextRange(T*, Min, Max);

	// nextEnum is a wrapper around nextRange for enums.
	template <typename T>
	void nextEnum(T* ptr, T max);

	// nextN loads n * sizeof(T) bytes into ptr
	template <typename T>
	void nextN(T* ptr, int n);

	void signalBug() {
	// Tell the fuzzer that these inputs found a bug.
	SkDebugf("Signal bug\n");
	raise(SIGSEGV);
	}

	// Specialized versions for when true random doesn't quite make sense
	void next(bool* b);
	void next(SkRegion* region);

	bool nextBool() {
	bool b;
	this->next(&b);
	return b;
	}

	void nextRange(float* f, float min, float max);

	private:
	template <typename T>
	T nextT();

	const uint8_t *fData;
	size_t fSize;
	size_t fNextByte;
	friend void fuzz__MakeEncoderCorpus(Fuzz*);

	void nextBytes(void* ptr, size_t size);
	};

	template <typename Arg, typename... Args>
	inline void Fuzz::next(Arg* first, Args... rest) {
	this->next(first);
	this->next(rest...);
	}

	template <typename T, typename Min, typename Max>
	inline void Fuzz::nextRange(T* value, Min min, Max max) {
	// UBSAN worries if we make an enum with out of range values, even temporarily.
	using Raw = typename sk_strip_enum<T>::type;
	Raw raw;
	this->next(&raw);

	if (raw < (Raw)min) { raw = (Raw)min; }
	if (raw > (Raw)max) { raw = (Raw)max; }
	*value = (T)raw;
	}

	template <typename T>
	inline void Fuzz::nextEnum(T* value, T max) {
	// This works around the fact that UBSAN will assert if we put an invalid
	// value into an enum. We might see issues with enums being represented
	// on Windows differently than Linux, but that's not a thing we can fix here.
	using U = typename std::underlying_type<T>::type;
	U v;
	this->next(&v);
	if (v < (U)0) { *value = (T)0; return;}
	if (v > (U)max) { *value = (T)max; return;}
	*value = (T)v;
	}

	template <typename T>
	inline void Fuzz::nextN(T* ptr, int n) {
	for (int i = 0; i < n; i++) {
	this->next(ptr+i);
	}
	}

	struct Fuzzable {
	const char* name;
	void (fn)(Fuzz);
	};

	// Not static so that we can link these into oss-fuzz harnesses if we like.
	#define DEF_FUZZ(name, f) \
	void fuzz_##name(Fuzz*); \
	sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \
	void fuzz_##name(Fuzz* f)

	#endif // Fuzz_DEFINED