1 /*
2 * Copyright 2018 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8
9 #include "include/core/SkBitmap.h"
10 #include "include/core/SkCanvas.h"
11 #include "include/core/SkData.h"
12 #include "include/core/SkImage.h"
13 #include "include/core/SkImageFilter.h"
14 #include "include/core/SkPaint.h"
15 #include "src/core/SkFontMgrPriv.h"
16 #include "tools/fonts/TestFontMgr.h"
17
FuzzImageFilterDeserialize(sk_sp<SkData> bytes)18 void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) {
19 const int BitmapSize = 24;
20 SkBitmap bitmap;
21 bitmap.allocN32Pixels(BitmapSize, BitmapSize);
22 SkCanvas canvas(bitmap);
23 canvas.clear(0x00000000);
24
25 auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size());
26
27 if (flattenable != nullptr) {
28 // Let's see if using the filters can cause any trouble...
29 SkPaint paint;
30 paint.setImageFilter(flattenable);
31 canvas.save();
32 canvas.clipIRect(bitmap.bounds());
33
34 // This call shouldn't crash or cause ASAN to flag any memory issues
35 // If nothing bad happens within this call, everything is fine
36 canvas.drawImage(bitmap.asImage(), 0, 0, SkSamplingOptions(), &paint);
37
38 canvas.restore();
39 }
40 }
41
42 // TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands
43 #if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)44 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
45 if (size > 10024) {
46 return 0;
47 }
48 gSkFontMgr_DefaultFactory = &ToolUtils::MakePortableFontMgr;
49 auto bytes = SkData::MakeWithoutCopy(data, size);
50 FuzzImageFilterDeserialize(bytes);
51 return 0;
52 }
53 #endif
54