1 /*
2 * Copyright 2018 Google, LLC
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "SkAndroidCodec.h"
9 #include "SkBitmap.h"
10 #include "SkCanvas.h"
11 #include "SkData.h"
12 #include "SkSurface.h"
13
14 #include "../Fuzz.h"
15
FuzzAndroidCodec(sk_sp<SkData> bytes,uint8_t sampleSize)16 bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize) {
17 auto codec = SkAndroidCodec::MakeFromData(bytes);
18 if (!codec) {
19 return false;
20 }
21
22 auto size = codec->getSampledDimensions(sampleSize);
23 auto info = SkImageInfo::MakeN32Premul(size);
24 SkBitmap bm;
25 if (!bm.tryAllocPixels(info)) {
26 // May fail in memory-constrained fuzzing environments
27 return false;
28 }
29
30 SkAndroidCodec::AndroidOptions options;
31 options.fSampleSize = sampleSize;
32
33 auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options);
34 switch (result) {
35 case SkCodec::kSuccess:
36 case SkCodec::kIncompleteInput:
37 case SkCodec::kErrorInInput:
38 break;
39 default:
40 return false;
41 }
42
43 auto surface = SkSurface::MakeRasterN32Premul(size.width(), size.height());
44 if (!surface) {
45 // May return nullptr in memory-constrained fuzzing environments
46 return false;
47 }
48
49 surface->getCanvas()->drawBitmap(bm, 0, 0);
50 return true;
51 }
52
53 #if defined(IS_FUZZING_WITH_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)54 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
55 auto bytes = SkData::MakeWithoutCopy(data, size);
56 Fuzz fuzz(bytes);
57 uint8_t sampleSize;
58 fuzz.nextRange(&sampleSize, 1, 64);
59 bytes = SkData::MakeSubset(bytes.get(), 1, size - 1);
60 FuzzAndroidCodec(bytes, sampleSize);
61 return 0;
62 }
63 #endif
64