/src/skia/fuzz/oss_fuzz/FuzzIncrementalImage.cpp

Source (jump to first uncovered line)
/*
 * Copyright 2018 Google, LLC
 *
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

#include "include/codec/SkCodec.h"
#include "include/core/SkBitmap.h"
#include "include/core/SkData.h"

bool FuzzIncrementalImageDecode(sk_sp<SkData> bytes) {
    auto codec = SkCodec::MakeFromData(bytes);
    if (!codec) {
        return false;
    }

    SkBitmap bm;
    if (!bm.tryAllocPixels(codec->getInfo())) {
        // May fail in memory-constrained fuzzing environments
        return false;
    }

    auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
    if (result != SkCodec::kSuccess) {
        return false;
    }

    // Deliberately uninitialized to verify that incrementalDecode initializes it when it
    // returns kIncompleteInput or kErrorInInput.
    int rowsDecoded;
    result = codec->incrementalDecode(&rowsDecoded);
    switch (result) {
        case SkCodec::kIncompleteInput:
        case SkCodec::kErrorInInput:
            if (rowsDecoded < bm.height()) {
                void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
                sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
            }
            return true; // decoded a partial image
         case SkCodec::kSuccess:
            return true;
         default:
            return false;
    }
}

// TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands
#if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER)
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    if (size > 10240) {
        return 0;
    }
    auto bytes = SkData::MakeWithoutCopy(data, size);
    FuzzIncrementalImageDecode(bytes);
    return 0;
}
#endif

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2018 Google, LLC
3		*
4		* Use of this source code is governed by a BSD-style license that can be
5		* found in the LICENSE file.
6		*/
7
8		#include "include/codec/SkCodec.h"
9		#include "include/core/SkBitmap.h"
10		#include "include/core/SkData.h"
11
12	4.21k	bool FuzzIncrementalImageDecode(sk_sp<SkData> bytes) {
13	4.21k	auto codec = SkCodec::MakeFromData(bytes);
14	4.21k	if (!codec) {
15	3.37k	return false;
16	3.37k	}
17
18	835	SkBitmap bm;
19	835	if (!bm.tryAllocPixels(codec->getInfo())) {
20		// May fail in memory-constrained fuzzing environments
21	11	return false;
22	11	}
23
24	824	auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
25	824	if (result != SkCodec::kSuccess) {
26	301	return false;
27	301	}
28
29		// Deliberately uninitialized to verify that incrementalDecode initializes it when it
30		// returns kIncompleteInput or kErrorInInput.
31	523	int rowsDecoded;
32	523	result = codec->incrementalDecode(&rowsDecoded);
33	523	switch (result) {
34	333	case SkCodec::kIncompleteInput:
35	502	case SkCodec::kErrorInInput:
36	502	if (rowsDecoded < bm.height()) {
37	370	void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
38	370	sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
39	370	}
40	502	return true; // decoded a partial image
41	21	case SkCodec::kSuccess:
42	21	return true;
43	0	default:
44	0	return false;
45	523	}
46	523	}
47
48		// TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands
49		#if defined(SK_BUILD_FOR_LIBFUZZER) \|\| defined(IS_FUZZING_WITH_LIBFUZZER)
50	183k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
51	183k	if (size > 10240) {
52	151	return 0;
53	151	}
54	183k	auto bytes = SkData::MakeWithoutCopy(data, size);
55	183k	FuzzIncrementalImageDecode(bytes);
56	183k	return 0;
57	183k	}
58		#endif

Coverage Report

Created: 2021-08-22 09:07