/src/skia/fuzz/oss_fuzz/FuzzPathDeserialize.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2018 Google Inc. |
3 | | * |
4 | | * Use of this source code is governed by a BSD-style license that can be |
5 | | * found in the LICENSE file. |
6 | | */ |
7 | | |
8 | | #include "include/core/SkCanvas.h" |
9 | | #include "include/core/SkPaint.h" |
10 | | #include "include/core/SkPath.h" |
11 | | #include "include/core/SkSurface.h" |
12 | | #include "src/core/SkReadBuffer.h" |
13 | | |
14 | 2.54k | void FuzzPathDeserialize(SkReadBuffer& buf) { |
15 | 2.54k | SkPath path; |
16 | 2.54k | buf.readPath(&path); |
17 | 2.54k | if (!buf.isValid()) { |
18 | 298 | return; |
19 | 298 | } |
20 | | |
21 | 2.24k | auto s = SkSurface::MakeRasterN32Premul(128, 128); |
22 | 2.24k | if (!s) { |
23 | | // May return nullptr in memory-constrained fuzzing environments |
24 | 0 | return; |
25 | 0 | } |
26 | 2.24k | s->getCanvas()->drawPath(path, SkPaint()); |
27 | 2.24k | } |
28 | | |
29 | | // TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands |
30 | | #if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER) |
31 | 2.58k | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
32 | 2.58k | if (size < 4 || size > 2000) { |
33 | 24 | return 0; |
34 | 24 | } |
35 | 2.55k | uint32_t packed; |
36 | 2.55k | memcpy(&packed, data, 4); |
37 | 2.55k | unsigned version = packed & 0xFF; |
38 | 2.55k | if (version != 4) { |
39 | | // Chrome only will produce version 4, so guide the fuzzer to |
40 | | // only focus on those branches. |
41 | 11 | return 0; |
42 | 11 | } |
43 | 2.54k | SkReadBuffer buf(data, size); |
44 | 2.54k | FuzzPathDeserialize(buf); |
45 | 2.54k | return 0; |
46 | 2.54k | } |
47 | | #endif |