/src/skia/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2018 Google Inc. |
3 | | * |
4 | | * Use of this source code is governed by a BSD-style license that can be |
5 | | * found in the LICENSE file. |
6 | | */ |
7 | | |
8 | | #include "include/core/SkCanvas.h" |
9 | | #include "include/core/SkPaint.h" |
10 | | #include "include/core/SkPath.h" |
11 | | #include "include/core/SkSurface.h" |
12 | | #include "src/core/SkReadBuffer.h" |
13 | | |
14 | 2.57k | void FuzzPathDeserialize(const uint8_t *data, size_t size) { |
15 | 2.57k | SkReadBuffer buf(data, size); |
16 | | |
17 | 2.57k | SkPath path; |
18 | 2.57k | buf.readPath(&path); |
19 | 2.57k | if (!buf.isValid()) { |
20 | 341 | return; |
21 | 341 | } |
22 | | |
23 | 2.23k | auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128)); |
24 | 2.23k | if (!s) { |
25 | | // May return nullptr in memory-constrained fuzzing environments |
26 | 0 | return; |
27 | 0 | } |
28 | 2.23k | s->getCanvas()->drawPath(path, SkPaint()); |
29 | 2.23k | } |
30 | | |
31 | | #if defined(SK_BUILD_FOR_LIBFUZZER) |
32 | 2.61k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
33 | 2.61k | if (size < 4 || size > 2000) { |
34 | 24 | return 0; |
35 | 24 | } |
36 | 2.58k | uint32_t packed; |
37 | 2.58k | memcpy(&packed, data, 4); |
38 | 2.58k | unsigned version = packed & 0xFF; |
39 | 2.58k | if (version != 4) { |
40 | | // Chrome only will produce version 4, so guide the fuzzer to |
41 | | // only focus on those branches. |
42 | 12 | return 0; |
43 | 12 | } |
44 | 2.57k | FuzzPathDeserialize(data, size); |
45 | 2.57k | return 0; |
46 | 2.58k | } |
47 | | #endif |