/src/skia/fuzz/oss_fuzz/FuzzIncrementalImage.cpp

Source (jump to first uncovered line)
/*
 * Copyright 2018 Google, LLC
 *
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

#include "include/codec/SkCodec.h"
#include "include/core/SkBitmap.h"
#include "include/core/SkStream.h"
#include "include/private/base/SkTemplates.h"

bool FuzzIncrementalImageDecode(const uint8_t *data, size_t size) {
    auto codec = SkCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
    if (!codec) {
        return false;
    }

    SkBitmap bm;
    if (!bm.tryAllocPixels(codec->getInfo())) {
        // May fail in memory-constrained fuzzing environments
        return false;
    }

    auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
    if (result != SkCodec::kSuccess) {
        return false;
    }

    // Deliberately uninitialized to verify that incrementalDecode initializes it when it
    // returns kIncompleteInput or kErrorInInput.
    int rowsDecoded;
    result = codec->incrementalDecode(&rowsDecoded);
    switch (result) {
        case SkCodec::kIncompleteInput:
        case SkCodec::kErrorInInput:
            if (rowsDecoded < bm.height()) {
                void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
                sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
            }
            return true; // decoded a partial image
         case SkCodec::kSuccess:
            return true;
         default:
            return false;
    }
}

#if defined(SK_BUILD_FOR_LIBFUZZER)
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    if (size > 10240) {
        return 0;
    }
    FuzzIncrementalImageDecode(data, size);
    return 0;
}
#endif

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2018 Google, LLC
3		*
4		* Use of this source code is governed by a BSD-style license that can be
5		* found in the LICENSE file.
6		*/
7
8		#include "include/codec/SkCodec.h"
9		#include "include/core/SkBitmap.h"
10		#include "include/core/SkStream.h"
11		#include "include/private/base/SkTemplates.h"
12
13	15.7k	bool FuzzIncrementalImageDecode(const uint8_t *data, size_t size) {
14	15.7k	auto codec = SkCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
15	15.7k	if (!codec) {
16	10.3k	return false;
17	10.3k	}
18
19	5.38k	SkBitmap bm;
20	5.38k	if (!bm.tryAllocPixels(codec->getInfo())) {
21		// May fail in memory-constrained fuzzing environments
22	1.03k	return false;
23	1.03k	}
24
25	4.34k	auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
26	4.34k	if (result != SkCodec::kSuccess) {
27	1.36k	return false;
28	1.36k	}
29
30		// Deliberately uninitialized to verify that incrementalDecode initializes it when it
31		// returns kIncompleteInput or kErrorInInput.
32	2.97k	int rowsDecoded;
33	2.97k	result = codec->incrementalDecode(&rowsDecoded);
34	2.97k	switch (result) {
35	2.42k	case SkCodec::kIncompleteInput:
36	2.67k	case SkCodec::kErrorInInput:
37	2.67k	if (rowsDecoded < bm.height()) {
38	1.80k	void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
39	1.80k	sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
40	1.80k	}
41	2.67k	return true; // decoded a partial image
42	299	case SkCodec::kSuccess:
43	299	return true;
44	0	default:
45	0	return false;
46	2.97k	}
47	2.97k	}
48
49		#if defined(SK_BUILD_FOR_LIBFUZZER)
50	190k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
51	190k	if (size > 10240) {
52	220	return 0;
53	220	}
54	190k	FuzzIncrementalImageDecode(data, size);
55	190k	return 0;
56	190k	}
57		#endif

Coverage Report

Created: 2024-05-20 07:14