/src/skia/fuzz/oss_fuzz/FuzzAndroidCodec.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2018 Google, LLC |
3 | | * |
4 | | * Use of this source code is governed by a BSD-style license that can be |
5 | | * found in the LICENSE file. |
6 | | */ |
7 | | |
8 | | #include "include/codec/SkAndroidCodec.h" |
9 | | #include "include/core/SkBitmap.h" |
10 | | #include "include/core/SkCanvas.h" |
11 | | #include "include/core/SkStream.h" |
12 | | #include "include/core/SkSurface.h" |
13 | | #include "include/private/SkGainmapInfo.h" |
14 | | |
15 | | #include "fuzz/Fuzz.h" |
16 | | |
17 | 10.3k | bool FuzzAndroidCodec(const uint8_t *fuzzData, size_t fuzzSize, uint8_t sampleSize) { |
18 | 10.3k | auto codec = SkAndroidCodec::MakeFromStream(SkMemoryStream::MakeDirect(fuzzData, fuzzSize)); |
19 | 10.3k | if (!codec) { |
20 | 3.30k | return false; |
21 | 3.30k | } |
22 | | |
23 | 7.03k | auto size = codec->getSampledDimensions(sampleSize); |
24 | 7.03k | auto info = SkImageInfo::MakeN32Premul(size); |
25 | 7.03k | SkBitmap bm; |
26 | 7.03k | if (!bm.tryAllocPixels(info)) { |
27 | | // May fail in memory-constrained fuzzing environments |
28 | 86 | return false; |
29 | 86 | } |
30 | | |
31 | 6.95k | SkAndroidCodec::AndroidOptions options; |
32 | 6.95k | options.fSampleSize = sampleSize; |
33 | | |
34 | 6.95k | auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options); |
35 | 6.95k | switch (result) { |
36 | 2.91k | case SkCodec::kSuccess: |
37 | 4.50k | case SkCodec::kIncompleteInput: |
38 | 4.82k | case SkCodec::kErrorInInput: |
39 | 4.82k | break; |
40 | 2.12k | default: |
41 | 2.12k | return false; |
42 | 6.95k | } |
43 | | |
44 | 4.82k | SkGainmapInfo gainmapInfo; |
45 | 4.82k | auto gainmapImageStream = std::unique_ptr<SkStream>(); |
46 | | |
47 | 4.82k | if (codec->getAndroidGainmap(&gainmapInfo, &gainmapImageStream)) { |
48 | | // Do something with the outputs so the compiler does not optimize the call away. |
49 | 0 | if (!std::isfinite(gainmapInfo.fDisplayRatioSdr)) { |
50 | 0 | return false; |
51 | 0 | } |
52 | 0 | if (gainmapImageStream->getLength() > 100000000) { |
53 | 0 | return false; |
54 | 0 | } |
55 | 0 | } |
56 | | |
57 | 4.82k | auto surface = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(size.width(), size.height())); |
58 | 4.82k | if (!surface) { |
59 | | // May return nullptr in memory-constrained fuzzing environments |
60 | 0 | return false; |
61 | 0 | } |
62 | | |
63 | 4.82k | surface->getCanvas()->drawImage(bm.asImage(), 0, 0); |
64 | 4.82k | return true; |
65 | 4.82k | } |
66 | | |
67 | | #if defined(SK_BUILD_FOR_LIBFUZZER) |
68 | 162k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
69 | 162k | if (size > 10240) { |
70 | 207 | return 0; |
71 | 207 | } |
72 | 162k | Fuzz fuzz(data, size); |
73 | 162k | uint8_t sampleSize; |
74 | 162k | fuzz.nextRange(&sampleSize, 1, 64); |
75 | 162k | FuzzAndroidCodec(fuzz.remainingData(), fuzz.remainingSize(), sampleSize); |
76 | 162k | return 0; |
77 | 162k | } |
78 | | #endif |