1 /*
2 * Copyright 2017 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "fuzz/Fuzz.h"
9 #include "fuzz/FuzzCommon.h"
10 #include "include/core/SkBitmap.h"
11 #include "include/core/SkBlurTypes.h"
12 #include "include/core/SkCanvas.h"
13 #include "include/core/SkColorFilter.h"
14 #include "include/core/SkFontMgr.h"
15 #include "include/core/SkImageFilter.h"
16 #include "include/core/SkMaskFilter.h"
17 #include "include/core/SkPathEffect.h"
18 #include "include/core/SkPictureRecorder.h"
19 #include "include/core/SkPoint3.h"
20 #include "include/core/SkRSXform.h"
21 #include "include/core/SkRegion.h"
22 #include "include/core/SkSurface.h"
23 #include "include/core/SkTextBlob.h"
24 #include "include/core/SkTypeface.h"
25 #include "include/core/SkVertices.h"
26 #include "include/docs/SkPDFDocument.h"
27 #include "include/effects/Sk1DPathEffect.h"
28 #include "include/effects/Sk2DPathEffect.h"
29 #include "include/effects/SkCornerPathEffect.h"
30 #include "include/effects/SkDashPathEffect.h"
31 #include "include/effects/SkDiscretePathEffect.h"
32 #include "include/effects/SkGradientShader.h"
33 #include "include/effects/SkHighContrastFilter.h"
34 #include "include/effects/SkImageFilters.h"
35 #include "include/effects/SkLumaColorFilter.h"
36 #include "include/effects/SkPerlinNoiseShader.h"
37 #include "include/gpu/ganesh/SkSurfaceGanesh.h"
38 #include "include/private/base/SkTo.h"
39 #include "include/svg/SkSVGCanvas.h"
40 #include "include/utils/SkNullCanvas.h"
41 #include "src/base/SkUTF.h"
42 #include "src/core/SkFontPriv.h"
43 #include "src/core/SkOSFile.h"
44 #include "src/core/SkPaintPriv.h"
45 #include "src/core/SkPicturePriv.h"
46 #include "src/core/SkReadBuffer.h"
47 #include "src/utils/SkJSONWriter.h"
48 #include "tools/UrlDataManager.h"
49 #include "tools/debugger/DebugCanvas.h"
50 #include "tools/flags/CommandLineFlags.h"
51 #include "tools/fonts/FontToolUtils.h"
52
53 #if defined(SK_GANESH)
54 #include "include/gpu/ganesh/GrDirectContext.h"
55 #include "src/gpu/ganesh/GrDirectContextPriv.h"
56 #include "tools/gpu/GrContextFactory.h"
57 #endif
58
59 #ifdef SK_GL
60 #include "include/gpu/ganesh/gl/GrGLFunctions.h"
61 #include "src/gpu/ganesh/gl/GrGLGpu.h"
62 #include "src/gpu/ganesh/gl/GrGLUtil.h"
63 #endif
64
65 #include <iostream>
66 #include <utility>
67
68 using namespace skia_private;
69
70 static DEFINE_bool2(gpuInfo, g, false, "Display GPU information on relevant targets.");
71
72 // TODO:
73 // SkTextBlob with Unicode
74 // SkImage: more types
75
76 // be careful: `foo(make_fuzz_t<T>(f), make_fuzz_t<U>(f))` is undefined.
77 // In fact, all make_fuzz_foo() functions have this potential problem.
78 // Use sequence points!
79 template <typename T>
make_fuzz_t(Fuzz * fuzz)80 inline T make_fuzz_t(Fuzz* fuzz) {
81 T t;
82 fuzz->next(&t);
83 return t;
84 }
85
86 static sk_sp<SkImage> make_fuzz_image(Fuzz*);
87
88 static sk_sp<SkPicture> make_fuzz_picture(Fuzz*, int depth);
89
make_fuzz_colorfilter(Fuzz * fuzz,int depth)90 static sk_sp<SkColorFilter> make_fuzz_colorfilter(Fuzz* fuzz, int depth) {
91 if (depth <= 0) {
92 return nullptr;
93 }
94 int colorFilterType;
95 fuzz->nextRange(&colorFilterType, 0, 8);
96 switch (colorFilterType) {
97 case 0:
98 return nullptr;
99 case 1: {
100 SkColor color;
101 SkBlendMode mode;
102 fuzz->next(&color);
103 fuzz->nextEnum(&mode, SkBlendMode::kLastMode);
104 return SkColorFilters::Blend(color, mode);
105 }
106 case 2: {
107 sk_sp<SkColorFilter> outer = make_fuzz_colorfilter(fuzz, depth - 1);
108 if (!outer) {
109 return nullptr;
110 }
111 sk_sp<SkColorFilter> inner = make_fuzz_colorfilter(fuzz, depth - 1);
112 // makeComposed should be able to handle nullptr.
113 return outer->makeComposed(std::move(inner));
114 }
115 case 3: {
116 float array[20];
117 fuzz->nextN(array, std::size(array));
118 return SkColorFilters::Matrix(array);
119 }
120 case 4: {
121 SkColor mul, add;
122 fuzz->next(&mul, &add);
123 return SkColorFilters::Lighting(mul, add);
124 }
125 case 5: {
126 bool grayscale;
127 int invertStyle;
128 float contrast;
129 fuzz->next(&grayscale);
130 fuzz->nextRange(&invertStyle, 0, 2);
131 fuzz->nextRange(&contrast, -1.0f, 1.0f);
132 return SkHighContrastFilter::Make(SkHighContrastConfig(
133 grayscale, SkHighContrastConfig::InvertStyle(invertStyle), contrast));
134 }
135 case 6:
136 return SkLumaColorFilter::Make();
137 case 7: {
138 uint8_t table[256];
139 fuzz->nextN(table, std::size(table));
140 return SkColorFilters::Table(table);
141 }
142 case 8: {
143 uint8_t tableA[256];
144 uint8_t tableR[256];
145 uint8_t tableG[256];
146 uint8_t tableB[256];
147 fuzz->nextN(tableA, std::size(tableA));
148 fuzz->nextN(tableR, std::size(tableR));
149 fuzz->nextN(tableG, std::size(tableG));
150 fuzz->nextN(tableB, std::size(tableB));
151 return SkColorFilters::TableARGB(tableA, tableR, tableG, tableB);
152 }
153 default:
154 SkASSERT(false);
155 break;
156 }
157 return nullptr;
158 }
159
fuzz_gradient_stops(Fuzz * fuzz,SkScalar * pos,int colorCount)160 static void fuzz_gradient_stops(Fuzz* fuzz, SkScalar* pos, int colorCount) {
161 SkScalar totalPos = 0;
162 for (int i = 0; i < colorCount; ++i) {
163 fuzz->nextRange(&pos[i], 1.0f, 1024.0f);
164 totalPos += pos[i];
165 }
166 totalPos = 1.0f / totalPos;
167 for (int i = 0; i < colorCount; ++i) {
168 pos[i] *= totalPos;
169 }
170 // SkASSERT(fabs(pos[colorCount - 1] - 1.0f) < 0.00001f);
171 pos[colorCount - 1] = 1.0f;
172 }
173
make_fuzz_shader(Fuzz * fuzz,int depth)174 static sk_sp<SkShader> make_fuzz_shader(Fuzz* fuzz, int depth) {
175 sk_sp<SkShader> shader1(nullptr), shader2(nullptr);
176 sk_sp<SkColorFilter> colorFilter(nullptr);
177 SkBitmap bitmap;
178 sk_sp<SkImage> img;
179 SkTileMode tmX, tmY;
180 bool useMatrix;
181 SkColor color;
182 SkMatrix matrix;
183 SkBlendMode blendMode;
184 int shaderType;
185 if (depth <= 0) {
186 return nullptr;
187 }
188 fuzz->nextRange(&shaderType, 0, 14);
189 switch (shaderType) {
190 case 0:
191 return nullptr;
192 case 1:
193 return SkShaders::Empty();
194 case 2:
195 fuzz->next(&color);
196 return SkShaders::Color(color);
197 case 3:
198 img = make_fuzz_image(fuzz);
199 fuzz->nextEnum(&tmX, SkTileMode::kLastTileMode);
200 fuzz->nextEnum(&tmY, SkTileMode::kLastTileMode);
201 fuzz->next(&useMatrix);
202 if (useMatrix) {
203 FuzzNiceMatrix(fuzz, &matrix);
204 }
205 return img->makeShader(tmX, tmY, SkSamplingOptions(), useMatrix ? &matrix : nullptr);
206 case 5:
207 shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion.
208 FuzzNiceMatrix(fuzz, &matrix);
209 return shader1 ? shader1->makeWithLocalMatrix(matrix) : nullptr;
210 case 6:
211 shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion.
212 colorFilter = make_fuzz_colorfilter(fuzz, depth - 1);
213 return shader1 ? shader1->makeWithColorFilter(std::move(colorFilter)) : nullptr;
214 case 7:
215 shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion.
216 shader2 = make_fuzz_shader(fuzz, depth - 1);
217 fuzz->nextEnum(&blendMode, SkBlendMode::kLastMode);
218 return SkShaders::Blend(blendMode, std::move(shader1), std::move(shader2));
219 case 8: {
220 auto pic = make_fuzz_picture(fuzz, depth - 1);
221 bool useTile;
222 SkRect tile;
223 fuzz->nextEnum(&tmX, SkTileMode::kLastTileMode);
224 fuzz->nextEnum(&tmY, SkTileMode::kLastTileMode);
225 fuzz->next(&useMatrix, &useTile);
226 if (useMatrix) {
227 FuzzNiceMatrix(fuzz, &matrix);
228 }
229 if (useTile) {
230 fuzz->next(&tile);
231 }
232 return pic->makeShader(tmX, tmY, SkFilterMode::kNearest,
233 useMatrix ? &matrix : nullptr, useTile ? &tile : nullptr);
234 }
235 // EFFECTS:
236 case 9:
237 // Deprecated SkGaussianEdgeShader
238 return nullptr;
239 case 10: {
240 constexpr int kMaxColors = 12;
241 SkPoint pts[2];
242 SkColor colors[kMaxColors];
243 SkScalar pos[kMaxColors];
244 int colorCount;
245 bool usePos;
246 fuzz->nextN(pts, 2);
247 fuzz->nextRange(&colorCount, 2, kMaxColors);
248 fuzz->nextN(colors, colorCount);
249 fuzz->nextEnum(&tmX, SkTileMode::kLastTileMode);
250 fuzz->next(&useMatrix, &usePos);
251 if (useMatrix) {
252 FuzzNiceMatrix(fuzz, &matrix);
253 }
254 if (usePos) {
255 fuzz_gradient_stops(fuzz, pos, colorCount);
256 }
257 return SkGradientShader::MakeLinear(pts, colors, usePos ? pos : nullptr, colorCount,
258 tmX, 0, useMatrix ? &matrix : nullptr);
259 }
260 case 11: {
261 constexpr int kMaxColors = 12;
262 SkPoint center;
263 SkScalar radius;
264 int colorCount;
265 bool usePos;
266 SkColor colors[kMaxColors];
267 SkScalar pos[kMaxColors];
268 fuzz->nextEnum(&tmX, SkTileMode::kLastTileMode);
269 fuzz->next(&useMatrix, &usePos, ¢er, &radius);
270 fuzz->nextRange(&colorCount, 2, kMaxColors);
271 fuzz->nextN(colors, colorCount);
272 if (useMatrix) {
273 FuzzNiceMatrix(fuzz, &matrix);
274 }
275 if (usePos) {
276 fuzz_gradient_stops(fuzz, pos, colorCount);
277 }
278 return SkGradientShader::MakeRadial(center, radius, colors, usePos ? pos : nullptr,
279 colorCount, tmX, 0, useMatrix ? &matrix : nullptr);
280 }
281 case 12: {
282 constexpr int kMaxColors = 12;
283 SkPoint start, end;
284 SkScalar startRadius, endRadius;
285 int colorCount;
286 bool usePos;
287 SkColor colors[kMaxColors];
288 SkScalar pos[kMaxColors];
289 fuzz->nextEnum(&tmX, SkTileMode::kLastTileMode);
290 fuzz->next(&useMatrix, &usePos, &startRadius, &endRadius, &start, &end);
291 fuzz->nextRange(&colorCount, 2, kMaxColors);
292 fuzz->nextN(colors, colorCount);
293 if (useMatrix) {
294 FuzzNiceMatrix(fuzz, &matrix);
295 }
296 if (usePos) {
297 fuzz_gradient_stops(fuzz, pos, colorCount);
298 }
299 return SkGradientShader::MakeTwoPointConical(start, startRadius, end, endRadius, colors,
300 usePos ? pos : nullptr, colorCount, tmX, 0,
301 useMatrix ? &matrix : nullptr);
302 }
303 case 13: {
304 constexpr int kMaxColors = 12;
305 SkScalar cx, cy;
306 int colorCount;
307 bool usePos;
308 SkColor colors[kMaxColors];
309 SkScalar pos[kMaxColors];
310 fuzz->next(&cx, &cy, &useMatrix, &usePos);
311 fuzz->nextRange(&colorCount, 2, kMaxColors);
312 fuzz->nextN(colors, colorCount);
313 if (useMatrix) {
314 FuzzNiceMatrix(fuzz, &matrix);
315 }
316 if (usePos) {
317 fuzz_gradient_stops(fuzz, pos, colorCount);
318 }
319 return SkGradientShader::MakeSweep(cx, cy, colors, usePos ? pos : nullptr, colorCount,
320 0, useMatrix ? &matrix : nullptr);
321 }
322 case 14: {
323 SkScalar baseFrequencyX, baseFrequencyY, seed;
324 int numOctaves;
325 SkISize tileSize;
326 bool useTileSize, turbulence;
327 fuzz->next(&baseFrequencyX, &baseFrequencyY, &seed, &useTileSize, &turbulence);
328 if (useTileSize) {
329 fuzz->next(&tileSize);
330 }
331 fuzz->nextRange(&numOctaves, 2, 7);
332 if (turbulence) {
333 return SkShaders::MakeTurbulence(baseFrequencyX,
334 baseFrequencyY,
335 numOctaves,
336 seed,
337 useTileSize ? &tileSize : nullptr);
338 } else {
339 return SkShaders::MakeFractalNoise(baseFrequencyX,
340 baseFrequencyY,
341 numOctaves,
342 seed,
343 useTileSize ? &tileSize : nullptr);
344 }
345 }
346 default:
347 SkASSERT(false);
348 break;
349 }
350 return nullptr;
351 }
352
make_fuzz_patheffect(Fuzz * fuzz,int depth)353 static sk_sp<SkPathEffect> make_fuzz_patheffect(Fuzz* fuzz, int depth) {
354 if (depth <= 0) {
355 return nullptr;
356 }
357 uint8_t pathEffectType;
358 fuzz->nextRange(&pathEffectType, 0, 8);
359 switch (pathEffectType) {
360 case 0: {
361 return nullptr;
362 }
363 case 1: {
364 sk_sp<SkPathEffect> first = make_fuzz_patheffect(fuzz, depth - 1);
365 sk_sp<SkPathEffect> second = make_fuzz_patheffect(fuzz, depth - 1);
366 return SkPathEffect::MakeSum(std::move(first), std::move(second));
367 }
368 case 2: {
369 sk_sp<SkPathEffect> first = make_fuzz_patheffect(fuzz, depth - 1);
370 sk_sp<SkPathEffect> second = make_fuzz_patheffect(fuzz, depth - 1);
371 return SkPathEffect::MakeCompose(std::move(first), std::move(second));
372 }
373 case 3: {
374 SkPath path;
375 FuzzNicePath(fuzz, &path, 20);
376 SkScalar advance, phase;
377 fuzz->next(&advance, &phase);
378 SkPath1DPathEffect::Style style;
379 fuzz->nextEnum(&style, SkPath1DPathEffect::kLastEnum_Style);
380 return SkPath1DPathEffect::Make(path, advance, phase, style);
381 }
382 case 4: {
383 SkScalar width;
384 SkMatrix matrix;
385 fuzz->next(&width);
386 FuzzNiceMatrix(fuzz, &matrix);
387 return SkLine2DPathEffect::Make(width, matrix);
388 }
389 case 5: {
390 SkPath path;
391 FuzzNicePath(fuzz, &path, 20);
392 SkMatrix matrix;
393 FuzzNiceMatrix(fuzz, &matrix);
394 return SkPath2DPathEffect::Make(matrix, path);
395 }
396 case 6: {
397 SkScalar radius;
398 fuzz->next(&radius);
399 return SkCornerPathEffect::Make(radius);
400 }
401 case 7: {
402 SkScalar phase;
403 fuzz->next(&phase);
404 SkScalar intervals[20];
405 int count;
406 fuzz->nextRange(&count, 0, (int)std::size(intervals));
407 fuzz->nextN(intervals, count);
408 return SkDashPathEffect::Make(intervals, count, phase);
409 }
410 case 8: {
411 SkScalar segLength, dev;
412 uint32_t seed;
413 fuzz->next(&segLength, &dev, &seed);
414 return SkDiscretePathEffect::Make(segLength, dev, seed);
415 }
416 default:
417 SkASSERT(false);
418 return nullptr;
419 }
420 }
421
make_fuzz_maskfilter(Fuzz * fuzz)422 static sk_sp<SkMaskFilter> make_fuzz_maskfilter(Fuzz* fuzz) {
423 int maskfilterType;
424 fuzz->nextRange(&maskfilterType, 0, 1);
425 switch (maskfilterType) {
426 case 0:
427 return nullptr;
428 case 1: {
429 SkBlurStyle blurStyle;
430 fuzz->nextEnum(&blurStyle, kLastEnum_SkBlurStyle);
431 SkScalar sigma;
432 fuzz->next(&sigma);
433 bool respectCTM;
434 fuzz->next(&respectCTM);
435 return SkMaskFilter::MakeBlur(blurStyle, sigma, respectCTM);
436 }
437 default:
438 SkASSERT(false);
439 return nullptr;
440 }
441 }
442
make_fuzz_typeface(Fuzz * fuzz)443 static sk_sp<SkTypeface> make_fuzz_typeface(Fuzz* fuzz) {
444 if (make_fuzz_t<bool>(fuzz)) {
445 return nullptr;
446 }
447 sk_sp<SkFontMgr> mgr = ToolUtils::TestFontMgr();
448 int familyCount = mgr->countFamilies();
449 int i, j;
450 fuzz->nextRange(&i, 0, familyCount - 1);
451 sk_sp<SkFontStyleSet> family(mgr->createStyleSet(i));
452 int styleCount = family->count();
453 fuzz->nextRange(&j, 0, styleCount - 1);
454 return sk_sp<SkTypeface>(family->createTypeface(j));
455 }
456
457 static sk_sp<SkImageFilter> make_fuzz_imageFilter(Fuzz* fuzz, int depth);
458
make_fuzz_lighting_imagefilter(Fuzz * fuzz,int depth)459 static sk_sp<SkImageFilter> make_fuzz_lighting_imagefilter(Fuzz* fuzz, int depth) {
460 if (depth <= 0) {
461 return nullptr;
462 }
463 uint8_t imageFilterType;
464 fuzz->nextRange(&imageFilterType, 1, 6);
465 SkPoint3 p, q;
466 SkColor lightColor;
467 SkScalar surfaceScale, k, specularExponent, cutoffAngle, shininess;
468 sk_sp<SkImageFilter> input;
469 SkIRect cropRect;
470 bool useCropRect;
471 fuzz->next(&useCropRect);
472 if (useCropRect) {
473 fuzz->next(&cropRect);
474 }
475 switch (imageFilterType) {
476 case 1:
477 fuzz->next(&p, &lightColor, &surfaceScale, &k);
478 input = make_fuzz_imageFilter(fuzz, depth - 1);
479 return SkImageFilters::DistantLitDiffuse(p, lightColor, surfaceScale, k,
480 std::move(input),
481 useCropRect ? &cropRect : nullptr);
482 case 2:
483 fuzz->next(&p, &lightColor, &surfaceScale, &k);
484 input = make_fuzz_imageFilter(fuzz, depth - 1);
485 return SkImageFilters::PointLitDiffuse(p, lightColor, surfaceScale, k,
486 std::move(input),
487 useCropRect ? &cropRect : nullptr);
488 case 3:
489 fuzz->next(&p, &q, &specularExponent, &cutoffAngle, &lightColor, &surfaceScale, &k);
490 input = make_fuzz_imageFilter(fuzz, depth - 1);
491 return SkImageFilters::SpotLitDiffuse(
492 p, q, specularExponent, cutoffAngle, lightColor, surfaceScale, k,
493 std::move(input), useCropRect ? &cropRect : nullptr);
494 case 4:
495 fuzz->next(&p, &lightColor, &surfaceScale, &k, &shininess);
496 input = make_fuzz_imageFilter(fuzz, depth - 1);
497 return SkImageFilters::DistantLitSpecular(p, lightColor, surfaceScale, k,
498 shininess, std::move(input),
499 useCropRect ? &cropRect : nullptr);
500 case 5:
501 fuzz->next(&p, &lightColor, &surfaceScale, &k, &shininess);
502 input = make_fuzz_imageFilter(fuzz, depth - 1);
503 return SkImageFilters::PointLitSpecular(p, lightColor, surfaceScale, k,
504 shininess, std::move(input),
505 useCropRect ? &cropRect : nullptr);
506 case 6:
507 fuzz->next(&p, &q, &specularExponent, &cutoffAngle, &lightColor, &surfaceScale, &k,
508 &shininess);
509 input = make_fuzz_imageFilter(fuzz, depth - 1);
510 return SkImageFilters::SpotLitSpecular(
511 p, q, specularExponent, cutoffAngle, lightColor, surfaceScale, k, shininess,
512 std::move(input), useCropRect ? &cropRect : nullptr);
513 default:
514 SkASSERT(false);
515 return nullptr;
516 }
517 }
518
519 static void fuzz_paint(Fuzz* fuzz, SkPaint* paint, int depth);
520
next_sampling(Fuzz * fuzz)521 static SkSamplingOptions next_sampling(Fuzz* fuzz) {
522 if (fuzz->nextBool()) {
523 float B, C;
524 fuzz->next(&B, &C);
525 return SkSamplingOptions({B, C});
526 } else {
527 SkFilterMode fm;
528 SkMipmapMode mm;
529 fuzz->nextEnum(&fm, SkFilterMode::kLast);
530 fuzz->nextEnum(&mm, SkMipmapMode::kLast);
531 return SkSamplingOptions(fm, mm);
532 }
533 }
534
make_fuzz_imageFilter(Fuzz * fuzz,int depth)535 static sk_sp<SkImageFilter> make_fuzz_imageFilter(Fuzz* fuzz, int depth) {
536 if (depth <= 0) {
537 return nullptr;
538 }
539 uint8_t imageFilterType;
540 fuzz->nextRange(&imageFilterType, 0, 22);
541 switch (imageFilterType) {
542 case 0:
543 return nullptr;
544 case 1: {
545 SkScalar sigmaX, sigmaY;
546 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
547 bool useCropRect;
548 fuzz->next(&sigmaX, &sigmaY, &useCropRect);
549 SkIRect cropRect;
550 if (useCropRect) {
551 fuzz->next(&cropRect);
552 }
553 return SkImageFilters::Blur(sigmaX, sigmaY, std::move(input),
554 useCropRect ? &cropRect : nullptr);
555 }
556 case 2: {
557 SkMatrix matrix;
558 FuzzNiceMatrix(fuzz, &matrix);
559 const auto sampling = next_sampling(fuzz);
560 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
561 return SkImageFilters::MatrixTransform(matrix, sampling, std::move(input));
562 }
563 case 3: {
564 float k1, k2, k3, k4;
565 bool enforcePMColor;
566 bool useCropRect;
567 fuzz->next(&k1, &k2, &k3, &k4, &enforcePMColor, &useCropRect);
568 sk_sp<SkImageFilter> background = make_fuzz_imageFilter(fuzz, depth - 1);
569 sk_sp<SkImageFilter> foreground = make_fuzz_imageFilter(fuzz, depth - 1);
570 SkIRect cropRect;
571 if (useCropRect) {
572 fuzz->next(&cropRect);
573 }
574 return SkImageFilters::Arithmetic(k1, k2, k3, k4, enforcePMColor,
575 std::move(background), std::move(foreground),
576 useCropRect ? &cropRect : nullptr);
577 }
578 case 4: {
579 sk_sp<SkColorFilter> cf = make_fuzz_colorfilter(fuzz, depth - 1);
580 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
581 bool useCropRect;
582 SkIRect cropRect;
583 fuzz->next(&useCropRect);
584 if (useCropRect) {
585 fuzz->next(&cropRect);
586 }
587 return SkImageFilters::ColorFilter(std::move(cf), std::move(input),
588 useCropRect ? &cropRect : nullptr);
589 }
590 case 5: {
591 sk_sp<SkImageFilter> ifo = make_fuzz_imageFilter(fuzz, depth - 1);
592 sk_sp<SkImageFilter> ifi = make_fuzz_imageFilter(fuzz, depth - 1);
593 return SkImageFilters::Compose(std::move(ifo), std::move(ifi));
594 }
595 case 6: {
596 SkColorChannel xChannelSelector, yChannelSelector;
597 fuzz->nextEnum(&xChannelSelector, SkColorChannel::kLastEnum);
598 fuzz->nextEnum(&yChannelSelector, SkColorChannel::kLastEnum);
599 SkScalar scale;
600 bool useCropRect;
601 fuzz->next(&scale, &useCropRect);
602 SkIRect cropRect;
603 if (useCropRect) {
604 fuzz->next(&cropRect);
605 }
606 sk_sp<SkImageFilter> displacement = make_fuzz_imageFilter(fuzz, depth - 1);
607 sk_sp<SkImageFilter> color = make_fuzz_imageFilter(fuzz, depth - 1);
608 return SkImageFilters::DisplacementMap(xChannelSelector, yChannelSelector, scale,
609 std::move(displacement), std::move(color),
610 useCropRect ? &cropRect : nullptr);
611 }
612 case 7: {
613 SkScalar dx, dy, sigmaX, sigmaY;
614 SkColor color;
615 bool shadowOnly, useCropRect;
616 fuzz->next(&dx, &dy, &sigmaX, &sigmaY, &color, &shadowOnly, &useCropRect);
617 SkIRect cropRect;
618 if (useCropRect) {
619 fuzz->next(&cropRect);
620 }
621 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
622 if (shadowOnly) {
623 return SkImageFilters::DropShadowOnly(dx, dy, sigmaX, sigmaY, color,
624 std::move(input),
625 useCropRect ? &cropRect : nullptr);
626 } else {
627 return SkImageFilters::DropShadow(dx, dy, sigmaX, sigmaY, color, std::move(input),
628 useCropRect ? &cropRect : nullptr);
629 }
630 }
631 case 8:
632 return SkImageFilters::Image(make_fuzz_image(fuzz), SkCubicResampler::Mitchell());
633 case 9: {
634 sk_sp<SkImage> image = make_fuzz_image(fuzz);
635 SkRect srcRect, dstRect;
636 fuzz->next(&srcRect, &dstRect);
637 return SkImageFilters::Image(std::move(image), srcRect, dstRect, next_sampling(fuzz));
638 }
639 case 10:
640 return make_fuzz_lighting_imagefilter(fuzz, depth - 1);
641 case 11: {
642 SkRect lensBounds;
643 SkScalar zoomAmount;
644 SkScalar inset;
645 bool useCropRect;
646 SkIRect cropRect;
647 fuzz->next(&lensBounds, &zoomAmount, &inset, &useCropRect);
648 if (useCropRect) {
649 fuzz->next(&cropRect);
650 }
651 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
652 const auto sampling = next_sampling(fuzz);
653 return SkImageFilters::Magnifier(lensBounds, zoomAmount, inset, sampling,
654 std::move(input), useCropRect ? &cropRect : nullptr);
655 }
656 case 12: {
657 constexpr int kMaxKernelSize = 5;
658 int32_t n, m;
659 fuzz->nextRange(&n, 1, kMaxKernelSize);
660 fuzz->nextRange(&m, 1, kMaxKernelSize);
661 SkScalar kernel[kMaxKernelSize * kMaxKernelSize];
662 fuzz->nextN(kernel, n * m);
663 int32_t offsetX, offsetY;
664 fuzz->nextRange(&offsetX, 0, n - 1);
665 fuzz->nextRange(&offsetY, 0, m - 1);
666 SkScalar gain, bias;
667 bool convolveAlpha, useCropRect;
668 fuzz->next(&gain, &bias, &convolveAlpha, &useCropRect);
669 SkTileMode tileMode;
670 fuzz->nextEnum(&tileMode, SkTileMode::kLastTileMode);
671 SkIRect cropRect;
672 if (useCropRect) {
673 fuzz->next(&cropRect);
674 }
675 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
676 return SkImageFilters::MatrixConvolution(
677 SkISize{n, m}, kernel, gain, bias, SkIPoint{offsetX, offsetY}, tileMode,
678 convolveAlpha, std::move(input), useCropRect ? &cropRect : nullptr);
679 }
680 case 13: {
681 sk_sp<SkImageFilter> first = make_fuzz_imageFilter(fuzz, depth - 1);
682 sk_sp<SkImageFilter> second = make_fuzz_imageFilter(fuzz, depth - 1);
683 bool useCropRect;
684 fuzz->next(&useCropRect);
685 SkIRect cropRect;
686 if (useCropRect) {
687 fuzz->next(&cropRect);
688 }
689 return SkImageFilters::Merge(std::move(first), std::move(second),
690 useCropRect ? &cropRect : nullptr);
691 }
692 case 14: {
693 constexpr int kMaxCount = 4;
694 sk_sp<SkImageFilter> ifs[kMaxCount];
695 int count;
696 fuzz->nextRange(&count, 1, kMaxCount);
697 for (int i = 0; i < count; ++i) {
698 ifs[i] = make_fuzz_imageFilter(fuzz, depth - 1);
699 }
700 bool useCropRect;
701 fuzz->next(&useCropRect);
702 SkIRect cropRect;
703 if (useCropRect) {
704 fuzz->next(&cropRect);
705 }
706 return SkImageFilters::Merge(ifs, count, useCropRect ? &cropRect : nullptr);
707 }
708 case 15: {
709 int rx, ry;
710 fuzz->next(&rx, &ry);
711 bool useCropRect;
712 fuzz->next(&useCropRect);
713 SkIRect cropRect;
714 if (useCropRect) {
715 fuzz->next(&cropRect);
716 }
717 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
718 return SkImageFilters::Dilate(rx, ry, std::move(input),
719 useCropRect ? &cropRect : nullptr);
720 }
721 case 16: {
722 int rx, ry;
723 fuzz->next(&rx, &ry);
724 bool useCropRect;
725 fuzz->next(&useCropRect);
726 SkIRect cropRect;
727 if (useCropRect) {
728 fuzz->next(&cropRect);
729 }
730 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
731 return SkImageFilters::Erode(rx, ry, std::move(input),
732 useCropRect ? &cropRect : nullptr);
733 }
734 case 17: {
735 SkScalar dx, dy;
736 fuzz->next(&dx, &dy);
737 bool useCropRect;
738 fuzz->next(&useCropRect);
739 SkIRect cropRect;
740 if (useCropRect) {
741 fuzz->next(&cropRect);
742 }
743 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
744 return SkImageFilters::Offset(dx, dy, std::move(input),
745 useCropRect ? &cropRect : nullptr);
746 }
747 case 18: {
748 sk_sp<SkPicture> picture = make_fuzz_picture(fuzz, depth - 1);
749 return SkImageFilters::Picture(std::move(picture));
750 }
751 case 19: {
752 SkRect cropRect;
753 fuzz->next(&cropRect);
754 sk_sp<SkPicture> picture = make_fuzz_picture(fuzz, depth - 1);
755 return SkImageFilters::Picture(std::move(picture), cropRect);
756 }
757 case 20: {
758 SkRect src, dst;
759 fuzz->next(&src, &dst);
760 sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1);
761 return SkImageFilters::Tile(src, dst, std::move(input));
762 }
763 case 21: {
764 SkBlendMode blendMode;
765 bool useCropRect;
766 fuzz->next(&useCropRect);
767 fuzz->nextEnum(&blendMode, SkBlendMode::kLastMode);
768 SkIRect cropRect;
769 if (useCropRect) {
770 fuzz->next(&cropRect);
771 }
772 sk_sp<SkImageFilter> bg = make_fuzz_imageFilter(fuzz, depth - 1);
773 sk_sp<SkImageFilter> fg = make_fuzz_imageFilter(fuzz, depth - 1);
774 return SkImageFilters::Blend(blendMode, std::move(bg), std::move(fg),
775 useCropRect ? &cropRect : nullptr);
776 }
777 case 22: {
778 sk_sp<SkShader> shader = make_fuzz_shader(fuzz, depth - 1);
779 bool useCropRect;
780 fuzz->next(&useCropRect);
781 SkIRect cropRect;
782 if (useCropRect) {
783 fuzz->next(&cropRect);
784 }
785 return SkImageFilters::Shader(std::move(shader), useCropRect ? &cropRect : nullptr);
786 }
787 default:
788 SkASSERT(false);
789 return nullptr;
790 }
791 }
792
make_fuzz_image(Fuzz * fuzz)793 static sk_sp<SkImage> make_fuzz_image(Fuzz* fuzz) {
794 int w, h;
795 fuzz->nextRange(&w, 1, 1024);
796 fuzz->nextRange(&h, 1, 1024);
797 AutoTMalloc<SkPMColor> data(w * h);
798 SkPixmap pixmap(SkImageInfo::MakeN32Premul(w, h), data.get(), w * sizeof(SkPMColor));
799 int n = w * h;
800 for (int i = 0; i < n; ++i) {
801 SkColor c;
802 fuzz->next(&c);
803 data[i] = SkPreMultiplyColor(c);
804 }
805 (void)data.release();
806 return SkImages::RasterFromPixmap(
807 pixmap, [](const void* p, void*) { sk_free(const_cast<void*>(p)); }, nullptr);
808 }
809
810 template <typename T>
make_fuzz_enum_range(Fuzz * fuzz,T maxv)811 static T make_fuzz_enum_range(Fuzz* fuzz, T maxv) {
812 T value;
813 fuzz->nextEnum(&value, maxv);
814 return value;
815 }
816
fuzz_paint(Fuzz * fuzz,SkPaint * paint,int depth)817 static void fuzz_paint(Fuzz* fuzz, SkPaint* paint, int depth) {
818 if (!fuzz || !paint || depth <= 0) {
819 return;
820 }
821
822 paint->setAntiAlias( make_fuzz_t<bool>(fuzz));
823 paint->setDither( make_fuzz_t<bool>(fuzz));
824 paint->setColor( make_fuzz_t<SkColor>(fuzz));
825 paint->setBlendMode( make_fuzz_enum_range<SkBlendMode>(fuzz, SkBlendMode::kLastMode));
826 paint->setStyle( make_fuzz_enum_range<SkPaint::Style>(fuzz,
827 SkPaint::Style::kStrokeAndFill_Style));
828 paint->setShader( make_fuzz_shader(fuzz, depth - 1));
829 paint->setPathEffect( make_fuzz_patheffect(fuzz, depth - 1));
830 paint->setMaskFilter( make_fuzz_maskfilter(fuzz));
831 paint->setImageFilter( make_fuzz_imageFilter(fuzz, depth - 1));
832 paint->setColorFilter( make_fuzz_colorfilter(fuzz, depth - 1));
833
834 if (paint->getStyle() != SkPaint::kFill_Style) {
835 paint->setStrokeWidth(make_fuzz_t<SkScalar>(fuzz));
836 paint->setStrokeMiter(make_fuzz_t<SkScalar>(fuzz));
837 paint->setStrokeCap( make_fuzz_enum_range<SkPaint::Cap>(fuzz, SkPaint::kLast_Cap));
838 paint->setStrokeJoin( make_fuzz_enum_range<SkPaint::Join>(fuzz, SkPaint::kLast_Join));
839 }
840 }
841
fuzz_font(Fuzz * fuzz)842 static SkFont fuzz_font(Fuzz* fuzz) {
843 SkFont font;
844 font.setTypeface( make_fuzz_typeface(fuzz));
845 font.setSize( make_fuzz_t<SkScalar>(fuzz));
846 font.setScaleX( make_fuzz_t<SkScalar>(fuzz));
847 font.setSkewX( make_fuzz_t<SkScalar>(fuzz));
848 font.setLinearMetrics( make_fuzz_t<bool>(fuzz));
849 font.setSubpixel( make_fuzz_t<bool>(fuzz));
850 font.setEmbeddedBitmaps( make_fuzz_t<bool>(fuzz));
851 font.setForceAutoHinting( make_fuzz_t<bool>(fuzz));
852 font.setEmbolden( make_fuzz_t<bool>(fuzz));
853 font.setHinting( make_fuzz_enum_range<SkFontHinting>(fuzz, SkFontHinting::kFull));
854 font.setEdging( make_fuzz_enum_range<SkFont::Edging>(fuzz,
855 SkFont::Edging::kSubpixelAntiAlias));
856 return font;
857 }
858
fuzz_paint_text_encoding(Fuzz * fuzz)859 static SkTextEncoding fuzz_paint_text_encoding(Fuzz* fuzz) {
860 return make_fuzz_enum_range<SkTextEncoding>(fuzz, SkTextEncoding::kUTF32);
861 }
862
863 constexpr int kMaxGlyphCount = 30;
864
make_fuzz_text(Fuzz * fuzz,const SkFont & font,SkTextEncoding encoding)865 static SkTDArray<uint8_t> make_fuzz_text(Fuzz* fuzz, const SkFont& font, SkTextEncoding encoding) {
866 SkTDArray<uint8_t> array;
867 if (SkTextEncoding::kGlyphID == encoding) {
868 int glyphRange = font.getTypeface()->countGlyphs();
869 if (glyphRange == 0) {
870 // Some fuzzing environments have no fonts, so empty array is the best
871 // we can do.
872 return array;
873 }
874 int glyphCount;
875 fuzz->nextRange(&glyphCount, 1, kMaxGlyphCount);
876 SkGlyphID* glyphs = (SkGlyphID*)array.append(glyphCount * sizeof(SkGlyphID));
877 for (int i = 0; i < glyphCount; ++i) {
878 fuzz->nextRange(&glyphs[i], 0, glyphRange - 1);
879 }
880 return array;
881 }
882 static const SkUnichar ranges[][2] = {
883 {0x0020, 0x007F},
884 {0x00A1, 0x0250},
885 {0x0400, 0x0500},
886 };
887 int32_t count = 0;
888 for (size_t i = 0; i < std::size(ranges); ++i) {
889 count += (ranges[i][1] - ranges[i][0]);
890 }
891 constexpr int kMaxLength = kMaxGlyphCount;
892 SkUnichar buffer[kMaxLength];
893 int length;
894 fuzz->nextRange(&length, 1, kMaxLength);
895 for (int j = 0; j < length; ++j) {
896 int32_t value;
897 fuzz->nextRange(&value, 0, count - 1);
898 for (size_t i = 0; i < std::size(ranges); ++i) {
899 if (value + ranges[i][0] < ranges[i][1]) {
900 buffer[j] = value + ranges[i][0];
901 break;
902 } else {
903 value -= (ranges[i][1] - ranges[i][0]);
904 }
905 }
906 }
907 switch (encoding) {
908 case SkTextEncoding::kUTF8: {
909 size_t utf8len = 0;
910 for (int j = 0; j < length; ++j) {
911 utf8len += SkUTF::ToUTF8(buffer[j], nullptr);
912 }
913 char* ptr = (char*)array.append(utf8len);
914 for (int j = 0; j < length; ++j) {
915 ptr += SkUTF::ToUTF8(buffer[j], ptr);
916 }
917 } break;
918 case SkTextEncoding::kUTF16: {
919 size_t utf16len = 0;
920 for (int j = 0; j < length; ++j) {
921 utf16len += SkUTF::ToUTF16(buffer[j]);
922 }
923 uint16_t* ptr = (uint16_t*)array.append(utf16len * sizeof(uint16_t));
924 for (int j = 0; j < length; ++j) {
925 ptr += SkUTF::ToUTF16(buffer[j], ptr);
926 }
927 } break;
928 case SkTextEncoding::kUTF32:
929 memcpy(array.append(length * sizeof(SkUnichar)), buffer, length * sizeof(SkUnichar));
930 break;
931 default:
932 SkASSERT(false);
933 break;
934 }
935 return array;
936 }
937
make_fuzz_string(Fuzz * fuzz)938 static std::string make_fuzz_string(Fuzz* fuzz) {
939 int len;
940 fuzz->nextRange(&len, 0, kMaxGlyphCount);
941 std::string str(len, 0);
942 for (int i = 0; i < len; i++) {
943 fuzz->next(&str[i]);
944 }
945 return str;
946 }
947
make_fuzz_textblob(Fuzz * fuzz)948 static sk_sp<SkTextBlob> make_fuzz_textblob(Fuzz* fuzz) {
949 SkTextBlobBuilder textBlobBuilder;
950 int8_t runCount;
951 fuzz->nextRange(&runCount, (int8_t)1, (int8_t)8);
952 while (runCount-- > 0) {
953 SkFont font = ToolUtils::DefaultFont();
954 SkTextEncoding encoding = fuzz_paint_text_encoding(fuzz);
955 font.setEdging(make_fuzz_t<bool>(fuzz) ? SkFont::Edging::kAlias : SkFont::Edging::kAntiAlias);
956 SkTDArray<uint8_t> text = make_fuzz_text(fuzz, font, encoding);
957 int glyphCount = font.countText(text.begin(), SkToSizeT(text.size()), encoding);
958 SkASSERT(glyphCount <= kMaxGlyphCount);
959 SkScalar x, y;
960 const SkTextBlobBuilder::RunBuffer* buffer;
961 uint8_t runType;
962 fuzz->nextRange(&runType, (uint8_t)0, (uint8_t)2);
963 const void* textPtr = text.begin();
964 size_t textLen = SkToSizeT(text.size());
965 switch (runType) {
966 case 0:
967 fuzz->next(&x, &y);
968 // TODO: Test other variations of this.
969 buffer = &textBlobBuilder.allocRun(font, glyphCount, x, y);
970 (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount);
971 break;
972 case 1:
973 fuzz->next(&y);
974 // TODO: Test other variations of this.
975 buffer = &textBlobBuilder.allocRunPosH(font, glyphCount, y);
976 (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount);
977 fuzz->nextN(buffer->pos, glyphCount);
978 break;
979 case 2:
980 // TODO: Test other variations of this.
981 buffer = &textBlobBuilder.allocRunPos(font, glyphCount);
982 (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount);
983 fuzz->nextN(buffer->pos, glyphCount * 2);
984 break;
985 default:
986 SkASSERT(false);
987 break;
988 }
989 }
990 return textBlobBuilder.make();
991 }
992
fuzz_canvas(Fuzz * fuzz,SkCanvas * canvas,int depth=9)993 static void fuzz_canvas(Fuzz* fuzz, SkCanvas* canvas, int depth = 9) {
994 if (!fuzz || !canvas || depth <= 0) {
995 return;
996 }
997 SkAutoCanvasRestore autoCanvasRestore(canvas, false);
998 unsigned N;
999 fuzz->nextRange(&N, 0, 2000);
1000 for (unsigned loop = 0; loop < N; ++loop) {
1001 if (fuzz->exhausted()) {
1002 return;
1003 }
1004 SkPaint paint;
1005 SkFont font = ToolUtils::DefaultFont();
1006 unsigned drawCommand;
1007 fuzz->nextRange(&drawCommand, 0, 62);
1008 switch (drawCommand) {
1009 case 0:
1010 #if defined(SK_GANESH)
1011 if (auto dContext = GrAsDirectContext(canvas->recordingContext())) {
1012 dContext->flushAndSubmit();
1013 }
1014 #endif
1015 break;
1016 case 1:
1017 canvas->save();
1018 break;
1019 case 2: {
1020 SkRect bounds;
1021 fuzz->next(&bounds);
1022 fuzz_paint(fuzz, &paint, depth - 1);
1023 canvas->saveLayer(&bounds, &paint);
1024 break;
1025 }
1026 case 3: {
1027 SkRect bounds;
1028 fuzz->next(&bounds);
1029 canvas->saveLayer(&bounds, nullptr);
1030 break;
1031 }
1032 case 4:
1033 fuzz_paint(fuzz, &paint, depth - 1);
1034 canvas->saveLayer(nullptr, &paint);
1035 break;
1036 case 5:
1037 canvas->saveLayer(nullptr, nullptr);
1038 break;
1039 case 6: {
1040 uint8_t alpha;
1041 fuzz->next(&alpha);
1042 canvas->saveLayerAlpha(nullptr, (U8CPU)alpha);
1043 break;
1044 }
1045 case 7: {
1046 SkRect bounds;
1047 uint8_t alpha;
1048 fuzz->next(&bounds, &alpha);
1049 canvas->saveLayerAlpha(&bounds, (U8CPU)alpha);
1050 break;
1051 }
1052 case 8: {
1053 SkCanvas::SaveLayerRec saveLayerRec;
1054 SkRect bounds;
1055 if (make_fuzz_t<bool>(fuzz)) {
1056 fuzz->next(&bounds);
1057 saveLayerRec.fBounds = &bounds;
1058 }
1059 if (make_fuzz_t<bool>(fuzz)) {
1060 fuzz_paint(fuzz, &paint, depth - 1);
1061 saveLayerRec.fPaint = &paint;
1062 }
1063 sk_sp<SkImageFilter> imageFilter;
1064 if (make_fuzz_t<bool>(fuzz)) {
1065 imageFilter = make_fuzz_imageFilter(fuzz, depth - 1);
1066 saveLayerRec.fBackdrop = imageFilter.get();
1067 }
1068 // _DumpCanvas can't handle this.
1069 // if (make_fuzz_t<bool>(fuzz)) {
1070 // saveLayerRec.fSaveLayerFlags |= SkCanvas::kPreserveLCDText_SaveLayerFlag;
1071 // }
1072
1073 canvas->saveLayer(saveLayerRec);
1074 break;
1075 }
1076 case 9:
1077 canvas->restore();
1078 break;
1079 case 10: {
1080 int saveCount;
1081 fuzz->next(&saveCount);
1082 canvas->restoreToCount(saveCount);
1083 break;
1084 }
1085 case 11: {
1086 SkScalar x, y;
1087 fuzz->next(&x, &y);
1088 canvas->translate(x, y);
1089 break;
1090 }
1091 case 12: {
1092 SkScalar x, y;
1093 fuzz->next(&x, &y);
1094 canvas->scale(x, y);
1095 break;
1096 }
1097 case 13: {
1098 SkScalar v;
1099 fuzz->next(&v);
1100 canvas->rotate(v);
1101 break;
1102 }
1103 case 14: {
1104 SkScalar x, y, v;
1105 fuzz->next(&x, &y, &v);
1106 canvas->rotate(v, x, y);
1107 break;
1108 }
1109 case 15: {
1110 SkScalar x, y;
1111 fuzz->next(&x, &y);
1112 canvas->skew(x, y);
1113 break;
1114 }
1115 case 16: {
1116 SkMatrix mat;
1117 FuzzNiceMatrix(fuzz, &mat);
1118 canvas->concat(mat);
1119 break;
1120 }
1121 case 17: {
1122 SkMatrix mat;
1123 FuzzNiceMatrix(fuzz, &mat);
1124 canvas->setMatrix(mat);
1125 break;
1126 }
1127 case 18:
1128 canvas->resetMatrix();
1129 break;
1130 case 19: {
1131 SkRect r;
1132 int op;
1133 bool doAntiAlias;
1134 fuzz->next(&r, &doAntiAlias);
1135 fuzz->nextRange(&op, 0, 1);
1136 r.sort();
1137 canvas->clipRect(r, (SkClipOp)op, doAntiAlias);
1138 break;
1139 }
1140 case 20: {
1141 SkRRect rr;
1142 int op;
1143 bool doAntiAlias;
1144 FuzzNiceRRect(fuzz, &rr);
1145 fuzz->next(&doAntiAlias);
1146 fuzz->nextRange(&op, 0, 1);
1147 canvas->clipRRect(rr, (SkClipOp)op, doAntiAlias);
1148 break;
1149 }
1150 case 21: {
1151 SkPath path;
1152 FuzzNicePath(fuzz, &path, 30);
1153 int op;
1154 bool doAntiAlias;
1155 fuzz->next(&doAntiAlias);
1156 fuzz->nextRange(&op, 0, 1);
1157 canvas->clipPath(path, (SkClipOp)op, doAntiAlias);
1158 break;
1159 }
1160 case 22: {
1161 SkRegion region;
1162 int op;
1163 fuzz->next(®ion);
1164 fuzz->nextRange(&op, 0, 1);
1165 canvas->clipRegion(region, (SkClipOp)op);
1166 break;
1167 }
1168 case 23:
1169 fuzz_paint(fuzz, &paint, depth - 1);
1170 canvas->drawPaint(paint);
1171 break;
1172 case 24: {
1173 fuzz_paint(fuzz, &paint, depth - 1);
1174 SkCanvas::PointMode pointMode;
1175 fuzz->nextRange(&pointMode,
1176 SkCanvas::kPoints_PointMode, SkCanvas::kPolygon_PointMode);
1177 size_t count;
1178 constexpr int kMaxCount = 30;
1179 fuzz->nextRange(&count, 0, kMaxCount);
1180 SkPoint pts[kMaxCount];
1181 fuzz->nextN(pts, count);
1182 canvas->drawPoints(pointMode, count, pts, paint);
1183 break;
1184 }
1185 case 25: {
1186 fuzz_paint(fuzz, &paint, depth - 1);
1187 SkRect r;
1188 fuzz->next(&r);
1189 if (!r.isFinite()) {
1190 break;
1191 }
1192 canvas->drawRect(r, paint);
1193 break;
1194 }
1195 case 26: {
1196 fuzz_paint(fuzz, &paint, depth - 1);
1197 SkRegion region;
1198 fuzz->next(®ion);
1199 canvas->drawRegion(region, paint);
1200 break;
1201 }
1202 case 27: {
1203 fuzz_paint(fuzz, &paint, depth - 1);
1204 SkRect r;
1205 fuzz->next(&r);
1206 if (!r.isFinite()) {
1207 break;
1208 }
1209 canvas->drawOval(r, paint);
1210 break;
1211 }
1212 case 28: break; // must have deleted this some time earlier
1213 case 29: {
1214 fuzz_paint(fuzz, &paint, depth - 1);
1215 SkRRect rr;
1216 FuzzNiceRRect(fuzz, &rr);
1217 canvas->drawRRect(rr, paint);
1218 break;
1219 }
1220 case 30: {
1221 fuzz_paint(fuzz, &paint, depth - 1);
1222 SkRRect orr, irr;
1223 FuzzNiceRRect(fuzz, &orr);
1224 FuzzNiceRRect(fuzz, &irr);
1225 if (orr.getBounds().contains(irr.getBounds())) {
1226 canvas->drawDRRect(orr, irr, paint);
1227 }
1228 break;
1229 }
1230 case 31: {
1231 fuzz_paint(fuzz, &paint, depth - 1);
1232 SkRect r;
1233 SkScalar start, sweep;
1234 bool useCenter;
1235 fuzz->next(&r, &start, &sweep, &useCenter);
1236 canvas->drawArc(r, start, sweep, useCenter, paint);
1237 break;
1238 }
1239 case 32: {
1240 fuzz_paint(fuzz, &paint, depth - 1);
1241 SkPath path;
1242 FuzzNicePath(fuzz, &path, 60);
1243 canvas->drawPath(path, paint);
1244 break;
1245 }
1246 case 33: {
1247 sk_sp<SkImage> img = make_fuzz_image(fuzz);
1248 SkScalar left, top;
1249 bool usePaint;
1250 fuzz->next(&left, &top, &usePaint);
1251 if (usePaint) {
1252 fuzz_paint(fuzz, &paint, depth - 1);
1253 }
1254 canvas->drawImage(img.get(), left, top, SkSamplingOptions(),
1255 usePaint ? &paint : nullptr);
1256 break;
1257 }
1258 case 35: {
1259 auto img = make_fuzz_image(fuzz);
1260 SkIRect src;
1261 SkRect dst;
1262 bool usePaint;
1263 fuzz->next(&src, &dst, &usePaint);
1264 if (usePaint) {
1265 fuzz_paint(fuzz, &paint, depth - 1);
1266 }
1267 SkCanvas::SrcRectConstraint constraint =
1268 make_fuzz_t<bool>(fuzz) ? SkCanvas::kStrict_SrcRectConstraint
1269 : SkCanvas::kFast_SrcRectConstraint;
1270 canvas->drawImageRect(img.get(), SkRect::Make(src), dst, SkSamplingOptions(),
1271 usePaint ? &paint : nullptr, constraint);
1272 break;
1273 }
1274 case 37: {
1275 auto img = make_fuzz_image(fuzz);
1276 SkIRect center;
1277 SkRect dst;
1278 bool usePaint;
1279 fuzz->next(&usePaint);
1280 if (usePaint) {
1281 fuzz_paint(fuzz, &paint, depth - 1);
1282 }
1283 if (make_fuzz_t<bool>(fuzz)) {
1284 fuzz->next(¢er);
1285 } else { // Make valid center, see SkLatticeIter::Valid().
1286 fuzz->nextRange(¢er.fLeft, 0, img->width() - 1);
1287 fuzz->nextRange(¢er.fTop, 0, img->height() - 1);
1288 fuzz->nextRange(¢er.fRight, center.fLeft + 1, img->width());
1289 fuzz->nextRange(¢er.fBottom, center.fTop + 1, img->height());
1290 }
1291 fuzz->next(&dst);
1292 canvas->drawImageNine(img.get(), center, dst, SkFilterMode::kNearest,
1293 usePaint ? &paint : nullptr);
1294 break;
1295 }
1296 case 44: {
1297 auto img = make_fuzz_image(fuzz);
1298 bool usePaint;
1299 SkRect dst;
1300 fuzz->next(&usePaint, &dst);
1301 if (usePaint) {
1302 fuzz_paint(fuzz, &paint, depth - 1);
1303 }
1304 constexpr int kMax = 6;
1305 int xDivs[kMax], yDivs[kMax];
1306 SkCanvas::Lattice lattice{xDivs, yDivs, nullptr, 0, 0, nullptr, nullptr};
1307 fuzz->nextRange(&lattice.fXCount, 2, kMax);
1308 fuzz->nextRange(&lattice.fYCount, 2, kMax);
1309 fuzz->nextN(xDivs, lattice.fXCount);
1310 fuzz->nextN(yDivs, lattice.fYCount);
1311 canvas->drawImageLattice(img.get(), lattice, dst, SkFilterMode::kLinear,
1312 usePaint ? &paint : nullptr);
1313 break;
1314 }
1315 case 45: {
1316 fuzz_paint(fuzz, &paint, depth - 1);
1317 font = fuzz_font(fuzz);
1318 SkTextEncoding encoding = fuzz_paint_text_encoding(fuzz);
1319 SkScalar x, y;
1320 fuzz->next(&x, &y);
1321 SkTDArray<uint8_t> text = make_fuzz_text(fuzz, font, encoding);
1322 canvas->drawSimpleText(text.begin(), SkToSizeT(text.size()), encoding, x, y,
1323 font, paint);
1324 break;
1325 }
1326 case 46: {
1327 // was drawPosText
1328 break;
1329 }
1330 case 47: {
1331 // was drawPosTextH
1332 break;
1333 }
1334 case 48: {
1335 // was drawtextonpath
1336 break;
1337 }
1338 case 49: {
1339 // was drawtextonpath
1340 break;
1341 }
1342 case 50: {
1343 // was drawTextRSXform
1344 break;
1345 }
1346 case 51: {
1347 sk_sp<SkTextBlob> blob = make_fuzz_textblob(fuzz);
1348 fuzz_paint(fuzz, &paint, depth - 1);
1349 SkScalar x, y;
1350 fuzz->next(&x, &y);
1351 canvas->drawTextBlob(blob, x, y, paint);
1352 break;
1353 }
1354 case 52: {
1355 SkMatrix matrix;
1356 bool usePaint, useMatrix;
1357 fuzz->next(&usePaint, &useMatrix);
1358 if (usePaint) {
1359 fuzz_paint(fuzz, &paint, depth - 1);
1360 }
1361 if (useMatrix) {
1362 FuzzNiceMatrix(fuzz, &matrix);
1363 }
1364 auto pic = make_fuzz_picture(fuzz, depth - 1);
1365 canvas->drawPicture(pic, useMatrix ? &matrix : nullptr,
1366 usePaint ? &paint : nullptr);
1367 break;
1368 }
1369 case 53: {
1370 fuzz_paint(fuzz, &paint, depth - 1);
1371 SkVertices::VertexMode vertexMode;
1372 SkBlendMode blendMode;
1373 fuzz->nextRange(&vertexMode, 0, SkVertices::kTriangleFan_VertexMode);
1374 fuzz->nextRange(&blendMode, 0, SkBlendMode::kLastMode);
1375 constexpr int kMaxCount = 100;
1376 int vertexCount;
1377 SkPoint vertices[kMaxCount];
1378 SkPoint texs[kMaxCount];
1379 SkColor colors[kMaxCount];
1380 fuzz->nextRange(&vertexCount, 3, kMaxCount);
1381 fuzz->nextN(vertices, vertexCount);
1382 bool useTexs, useColors;
1383 fuzz->next(&useTexs, &useColors);
1384 if (useTexs) {
1385 fuzz->nextN(texs, vertexCount);
1386 }
1387 if (useColors) {
1388 fuzz->nextN(colors, vertexCount);
1389 }
1390 int indexCount = 0;
1391 uint16_t indices[kMaxCount * 2];
1392 if (make_fuzz_t<bool>(fuzz)) {
1393 fuzz->nextRange(&indexCount, vertexCount, vertexCount + kMaxCount);
1394 for (int index = 0; index < indexCount; ++index) {
1395 fuzz->nextRange(&indices[index], 0, vertexCount - 1);
1396 }
1397 }
1398 canvas->drawVertices(SkVertices::MakeCopy(vertexMode, vertexCount, vertices,
1399 useTexs ? texs : nullptr,
1400 useColors ? colors : nullptr,
1401 indexCount, indices),
1402 blendMode, paint);
1403 break;
1404 }
1405 case 54: {
1406 SkColor color;
1407 SkBlendMode blendMode;
1408 fuzz->nextRange(&blendMode, 0, SkBlendMode::kSrcOver);
1409 fuzz->next(&color);
1410 canvas->drawColor(color, blendMode);
1411 break;
1412 }
1413 case 55: {
1414 SkColor4f color;
1415 SkBlendMode blendMode;
1416 float R, G, B, Alpha;
1417 fuzz->nextRange(&blendMode, 0, SkBlendMode::kSrcOver);
1418 fuzz->nextRange(&R, -1, 2);
1419 fuzz->nextRange(&G, -1, 2);
1420 fuzz->nextRange(&B, -1, 2);
1421 fuzz->nextRange(&Alpha, 0, 1);
1422 color = {R, G, B, Alpha};
1423 canvas->drawColor(color, blendMode);
1424 break;
1425 }
1426 case 56: {
1427 fuzz_paint(fuzz, &paint, depth - 1);
1428 SkPoint p0, p1;
1429 fuzz->next(&p0, &p1);
1430 canvas->drawLine(p0, p1, paint);
1431 break;
1432 }
1433 case 57: {
1434 fuzz_paint(fuzz, &paint, depth - 1);
1435 SkIRect r;
1436 fuzz->next(&r);
1437 canvas->drawIRect(r, paint);
1438 break;
1439 }
1440 case 58: {
1441 fuzz_paint(fuzz, &paint, depth - 1);
1442 SkScalar radius;
1443 SkPoint center;
1444 fuzz->next(&radius, ¢er);
1445 canvas->drawCircle(center, radius, paint);
1446 break;
1447 }
1448 case 59: {
1449 fuzz_paint(fuzz, &paint, depth - 1);
1450 SkRect oval;
1451 SkScalar startAngle, sweepAngle;
1452 bool useCenter;
1453 fuzz->next(&oval, &startAngle, &sweepAngle, &useCenter);
1454 canvas->drawArc(oval, startAngle, sweepAngle, useCenter, paint);
1455 break;
1456 }
1457 case 60: {
1458 fuzz_paint(fuzz, &paint, depth - 1);
1459 SkRect rect;
1460 SkScalar rx, ry;
1461 fuzz->next(&rect, &rx, &ry);
1462 canvas->drawRoundRect(rect, rx, ry, paint);
1463 break;
1464 }
1465 case 61: {
1466 fuzz_paint(fuzz, &paint, depth - 1);
1467 font = fuzz_font(fuzz);
1468 std::string str = make_fuzz_string(fuzz);
1469 SkScalar x, y;
1470 fuzz->next(&x, &y);
1471 canvas->drawString(str.c_str(), x, y, font, paint);
1472 break;
1473 }
1474 case 62: {
1475 fuzz_paint(fuzz, &paint, depth - 1);
1476 SkPoint cubics[12];
1477 SkColor colors[4];
1478 SkPoint texCoords[4];
1479 bool useTexCoords;
1480 fuzz->nextN(cubics, 12);
1481 fuzz->nextN(colors, 4);
1482 fuzz->next(&useTexCoords);
1483 if (useTexCoords) {
1484 fuzz->nextN(texCoords, 4);
1485 }
1486 SkBlendMode mode;
1487 fuzz->nextEnum(&mode, SkBlendMode::kLastMode);
1488 canvas->drawPatch(cubics, colors, useTexCoords ? texCoords : nullptr
1489 , mode, paint);
1490 break;
1491 }
1492 default:
1493 SkASSERT(false);
1494 break;
1495 }
1496 }
1497 }
1498
make_fuzz_picture(Fuzz * fuzz,int depth)1499 static sk_sp<SkPicture> make_fuzz_picture(Fuzz* fuzz, int depth) {
1500 SkScalar w, h;
1501 fuzz->next(&w, &h);
1502 SkPictureRecorder pictureRecorder;
1503 fuzz_canvas(fuzz, pictureRecorder.beginRecording(w, h), depth - 1);
1504 return pictureRecorder.finishRecordingAsPicture();
1505 }
1506
DEF_FUZZ(NullCanvas,fuzz)1507 DEF_FUZZ(NullCanvas, fuzz) {
1508 fuzz_canvas(fuzz, SkMakeNullCanvas().get());
1509 }
1510
1511 constexpr SkISize kCanvasSize = {128, 160};
1512
DEF_FUZZ(RasterN32Canvas,fuzz)1513 DEF_FUZZ(RasterN32Canvas, fuzz) {
1514 auto surface = SkSurfaces::Raster(
1515 SkImageInfo::MakeN32Premul(kCanvasSize.width(), kCanvasSize.height()));
1516 if (!surface || !surface->getCanvas()) { fuzz->signalBug(); }
1517 fuzz_canvas(fuzz, surface->getCanvas());
1518 }
1519
1520 #if defined(SK_CODEC_DECODES_PNG_WITH_LIBPNG) && defined(SK_CODEC_ENCODES_PNG_WITH_LIBPNG)
1521 #include "include/codec/SkPngDecoder.h"
1522 #include "include/encode/SkPngEncoder.h"
1523
DEF_FUZZ(RasterN32CanvasViaSerialization,fuzz)1524 DEF_FUZZ(RasterN32CanvasViaSerialization, fuzz) {
1525 SkPictureRecorder recorder;
1526 fuzz_canvas(fuzz, recorder.beginRecording(SkIntToScalar(kCanvasSize.width()),
1527 SkIntToScalar(kCanvasSize.height())));
1528 sk_sp<SkPicture> pic(recorder.finishRecordingAsPicture());
1529 if (!pic) { fuzz->signalBug(); }
1530 SkSerialProcs sProcs;
1531 sProcs.fImageProc = [](SkImage* img, void*) -> sk_sp<SkData> {
1532 return SkPngEncoder::Encode(nullptr, img, SkPngEncoder::Options{});
1533 };
1534 sk_sp<SkData> data = pic->serialize(&sProcs);
1535 if (!data) { fuzz->signalBug(); }
1536 SkReadBuffer rb(data->data(), data->size());
1537 SkCodecs::Register(SkPngDecoder::Decoder());
1538 auto deserialized = SkPicturePriv::MakeFromBuffer(rb);
1539 if (!deserialized) { fuzz->signalBug(); }
1540 auto surface = SkSurfaces::Raster(
1541 SkImageInfo::MakeN32Premul(kCanvasSize.width(), kCanvasSize.height()));
1542 SkASSERT(surface && surface->getCanvas());
1543 surface->getCanvas()->drawPicture(deserialized);
1544 }
1545
1546 #endif
1547
DEF_FUZZ(ImageFilter,fuzz)1548 DEF_FUZZ(ImageFilter, fuzz) {
1549 SkBitmap bitmap;
1550 if (!bitmap.tryAllocN32Pixels(256, 256)) {
1551 SkDEBUGF("Could not allocate 256x256 bitmap in ImageFilter");
1552 return;
1553 }
1554
1555 auto fil = make_fuzz_imageFilter(fuzz, 20);
1556
1557 SkPaint paint;
1558 paint.setImageFilter(fil);
1559 SkCanvas canvas(bitmap);
1560 canvas.saveLayer(SkRect::MakeWH(500, 500), &paint);
1561 }
1562
1563
1564 //SkRandom _rand;
1565 #define SK_ADD_RANDOM_BIT_FLIPS
1566
DEF_FUZZ(SerializedImageFilter,fuzz)1567 DEF_FUZZ(SerializedImageFilter, fuzz) {
1568 SkBitmap bitmap;
1569 if (!bitmap.tryAllocN32Pixels(256, 256)) {
1570 SkDEBUGF("Could not allocate 256x256 bitmap in SerializedImageFilter");
1571 return;
1572 }
1573
1574 auto filter = make_fuzz_imageFilter(fuzz, 20);
1575 if (!filter) {
1576 return;
1577 }
1578 auto data = filter->serialize();
1579 const unsigned char* ptr = static_cast<const unsigned char*>(data->data());
1580 size_t len = data->size();
1581 #ifdef SK_ADD_RANDOM_BIT_FLIPS
1582 unsigned char* p = const_cast<unsigned char*>(ptr);
1583 for (size_t i = 0; i < len; ++i, ++p) {
1584 uint8_t j;
1585 fuzz->nextRange(&j, 1, 250);
1586 if (j == 1) { // 0.4% of the time, flip a bit or byte
1587 uint8_t k;
1588 fuzz->nextRange(&k, 1, 10);
1589 if (k == 1) { // Then 10% of the time, change a whole byte
1590 uint8_t s;
1591 fuzz->nextRange(&s, 0, 2);
1592 switch(s) {
1593 case 0:
1594 *p ^= 0xFF; // Flip entire byte
1595 break;
1596 case 1:
1597 *p = 0xFF; // Set all bits to 1
1598 break;
1599 case 2:
1600 *p = 0x00; // Set all bits to 0
1601 break;
1602 }
1603 } else {
1604 uint8_t s;
1605 fuzz->nextRange(&s, 0, 7);
1606 *p ^= (1 << 7);
1607 }
1608 }
1609 }
1610 #endif // SK_ADD_RANDOM_BIT_FLIPS
1611 auto deserializedFil = SkImageFilter::Deserialize(ptr, len);
1612
1613 // uncomment below to write out a serialized image filter (to make corpus
1614 // for -t filter_fuzz)
1615 // SkString s("./serialized_filters/sf");
1616 // s.appendU32(_rand.nextU());
1617 // auto file = sk_fopen(s.c_str(), SkFILE_Flags::kWrite_SkFILE_Flag);
1618 // sk_fwrite(data->bytes(), data->size(), file);
1619 // sk_fclose(file);
1620
1621 SkPaint paint;
1622 paint.setImageFilter(deserializedFil);
1623
1624 SkCanvas canvas(bitmap);
1625 canvas.saveLayer(SkRect::MakeWH(256, 256), &paint);
1626 canvas.restore();
1627 }
1628
1629 #if defined(SK_GANESH)
fuzz_ganesh(Fuzz * fuzz,GrDirectContext * context)1630 static void fuzz_ganesh(Fuzz* fuzz, GrDirectContext* context) {
1631 SkASSERT(context);
1632 auto surface = SkSurfaces::RenderTarget(
1633 context,
1634 skgpu::Budgeted::kNo,
1635 SkImageInfo::Make(kCanvasSize, kRGBA_8888_SkColorType, kPremul_SkAlphaType));
1636 SkASSERT(surface && surface->getCanvas());
1637 fuzz_canvas(fuzz, surface->getCanvas());
1638 }
1639
DEF_FUZZ(MockGPUCanvas,fuzz)1640 DEF_FUZZ(MockGPUCanvas, fuzz) {
1641 sk_gpu_test::GrContextFactory f;
1642 fuzz_ganesh(fuzz, f.get(skgpu::ContextType::kMock));
1643 }
1644 #endif
1645
1646 #ifdef SK_GL
dump_GPU_info(GrDirectContext * context)1647 static void dump_GPU_info(GrDirectContext* context) {
1648 const GrGLInterface* gl = static_cast<GrGLGpu*>(context->priv().getGpu())
1649 ->glInterface();
1650 const GrGLubyte* output;
1651 GR_GL_CALL_RET(gl, output, GetString(GR_GL_RENDERER));
1652 SkDebugf("GL_RENDERER %s\n", (const char*) output);
1653
1654 GR_GL_CALL_RET(gl, output, GetString(GR_GL_VENDOR));
1655 SkDebugf("GL_VENDOR %s\n", (const char*) output);
1656
1657 GR_GL_CALL_RET(gl, output, GetString(GR_GL_VERSION));
1658 SkDebugf("GL_VERSION %s\n", (const char*) output);
1659 }
1660
DEF_FUZZ(NativeGLCanvas,fuzz)1661 DEF_FUZZ(NativeGLCanvas, fuzz) {
1662 sk_gpu_test::GrContextFactory f;
1663 auto context = f.get(skgpu::ContextType::kGL);
1664 if (!context) {
1665 context = f.get(skgpu::ContextType::kGLES);
1666 }
1667 if (FLAGS_gpuInfo) {
1668 dump_GPU_info(context);
1669 }
1670 fuzz_ganesh(fuzz, context);
1671 }
1672 #endif
1673
DEF_FUZZ(PDFCanvas,fuzz)1674 DEF_FUZZ(PDFCanvas, fuzz) {
1675 SkNullWStream stream;
1676 auto doc = SkPDF::MakeDocument(&stream);
1677 fuzz_canvas(fuzz, doc->beginPage(SkIntToScalar(kCanvasSize.width()),
1678 SkIntToScalar(kCanvasSize.height())));
1679 }
1680
1681 // not a "real" thing to fuzz, used to debug errors found while fuzzing.
DEF_FUZZ(_DumpCanvas,fuzz)1682 DEF_FUZZ(_DumpCanvas, fuzz) {
1683 DebugCanvas debugCanvas(kCanvasSize.width(), kCanvasSize.height());
1684 fuzz_canvas(fuzz, &debugCanvas);
1685 std::unique_ptr<SkCanvas> nullCanvas = SkMakeNullCanvas();
1686 UrlDataManager dataManager(SkString("data"));
1687 SkDynamicMemoryWStream stream;
1688 SkJSONWriter writer(&stream, SkJSONWriter::Mode::kPretty);
1689 writer.beginObject(); // root
1690 debugCanvas.toJSON(writer, dataManager, nullCanvas.get());
1691 writer.endObject(); // root
1692 writer.flush();
1693 sk_sp<SkData> json = stream.detachAsData();
1694 fwrite(json->data(), json->size(), 1, stdout);
1695 }
1696
DEF_FUZZ(SVGCanvas,fuzz)1697 DEF_FUZZ(SVGCanvas, fuzz) {
1698 SkNullWStream stream;
1699 SkRect bounds = SkRect::MakeIWH(150, 150);
1700 std::unique_ptr<SkCanvas> canvas = SkSVGCanvas::Make(bounds, &stream);
1701 fuzz_canvas(fuzz, canvas.get());
1702 }
1703