updated skp fuzzer
Change-Id: If7f770c25e9a2cd9b8f3feb07c1756889f870431
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/306338
Reviewed-by: Mike Reed <reed@google.com>
Commit-Queue: Zepeng Hu <zepenghu@google.com>
diff --git a/BUILD.gn b/BUILD.gn
index 7b669ea..4d5380d 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -2124,6 +2124,7 @@
"fuzz/oss_fuzz/FuzzPathDeserialize.cpp",
"fuzz/oss_fuzz/FuzzRegionDeserialize.cpp",
"fuzz/oss_fuzz/FuzzRegionSetPath.cpp",
+ "fuzz/oss_fuzz/FuzzSKP.cpp",
"fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp",
"fuzz/oss_fuzz/FuzzSKSL2Metal.cpp",
"fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp",
diff --git a/fuzz/FuzzMain.cpp b/fuzz/FuzzMain.cpp
index 094f8a0..b5973de 100644
--- a/fuzz/FuzzMain.cpp
+++ b/fuzz/FuzzMain.cpp
@@ -19,7 +19,6 @@
#include "include/core/SkTextBlob.h"
#include "src/core/SkFontMgrPriv.h"
#include "src/core/SkOSFile.h"
-#include "src/core/SkPicturePriv.h"
#include "src/core/SkReadBuffer.h"
#include "src/utils/SkOSPath.h"
#include "tools/ToolUtils.h"
@@ -294,6 +293,7 @@
{"region_set_path", "region_set_path"},
{"skdescriptor_deserialize", "skdescriptor_deserialize"},
{"skjson", "json"},
+ {"skp", "skp"},
{"skruntimeeffect", "skruntimeeffect"},
{"sksl2glsl", "sksl2glsl"},
{"sksl2metal", "sksl2metal"},
@@ -693,24 +693,10 @@
dump_png(bitmap);
}
+void FuzzSKP(sk_sp<SkData> bytes);
static void fuzz_skp(sk_sp<SkData> bytes) {
- SkReadBuffer buf(bytes->data(), bytes->size());
- SkDebugf("Decoding\n");
- sk_sp<SkPicture> pic(SkPicturePriv::MakeFromBuffer(buf));
- if (!pic) {
- SkDebugf("[terminated] Couldn't decode as a picture.\n");
- return;
- }
- SkDebugf("Rendering\n");
- SkBitmap bitmap;
- if (!FLAGS_dump.isEmpty()) {
- SkIRect size = pic->cullRect().roundOut();
- bitmap.allocN32Pixels(size.width(), size.height());
- }
- SkCanvas canvas(bitmap);
- canvas.drawPicture(pic);
- SkDebugf("[terminated] Success! Decoded and rendered an SkPicture!\n");
- dump_png(bitmap);
+ FuzzSKP(bytes);
+ SkDebugf("[terminated] Finished SKP\n");
}
static void fuzz_color_deserialize(sk_sp<SkData> bytes) {
diff --git a/fuzz/oss_fuzz/FuzzSKP.cpp b/fuzz/oss_fuzz/FuzzSKP.cpp
new file mode 100644
index 0000000..79c0308
--- /dev/null
+++ b/fuzz/oss_fuzz/FuzzSKP.cpp
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2020 Google, LLC
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "include/core/SkCanvas.h"
+#include "include/core/SkData.h"
+#include "include/core/SkPicture.h"
+#include "include/core/SkStream.h"
+#include "include/core/SkSurface.h"
+
+constexpr static SkISize kCanvasSize= {128, 160};
+
+void FuzzSKP(sk_sp<SkData> bytes) {
+ sk_sp<SkPicture> pic = SkPicture::MakeFromData(bytes->data(), bytes->size());
+ if (!pic) {
+ SkDebugf("[terminated] Couldn't decode as a picture.\n");
+ return;
+ }
+ sk_sp<SkSurface> surface = SkSurface::MakeRasterN32Premul(kCanvasSize.width(),
+ kCanvasSize.height());
+ surface->getCanvas()->drawPicture(pic);
+ pic->approximateBytesUsed();
+ pic->approximateOpCount();
+ return;
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ auto bytes = SkData::MakeWithoutCopy(data, size);
+ FuzzSKP(bytes);
+ return 0;
+}
+#endif
