• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2018 Google, LLC
3  *
4  * Use of this source code is governed by a BSD-style license that can be
5  * found in the LICENSE file.
6  */
7 
8 #include "include/codec/SkAndroidCodec.h"
9 #include "include/core/SkBitmap.h"
10 #include "include/core/SkCanvas.h"
11 #include "include/core/SkData.h"
12 #include "include/core/SkStream.h"
13 #include "include/core/SkSurface.h"
14 #include "include/private/SkGainmapInfo.h"
15 
16 #include "fuzz/Fuzz.h"
17 
FuzzAndroidCodec(sk_sp<SkData> bytes,uint8_t sampleSize)18 bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize) {
19     auto codec = SkAndroidCodec::MakeFromData(bytes);
20     if (!codec) {
21         return false;
22     }
23 
24     auto size = codec->getSampledDimensions(sampleSize);
25     auto info = SkImageInfo::MakeN32Premul(size);
26     SkBitmap bm;
27     if (!bm.tryAllocPixels(info)) {
28         // May fail in memory-constrained fuzzing environments
29         return false;
30     }
31 
32     SkAndroidCodec::AndroidOptions options;
33     options.fSampleSize = sampleSize;
34 
35     auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options);
36     switch (result) {
37         case SkCodec::kSuccess:
38         case SkCodec::kIncompleteInput:
39         case SkCodec::kErrorInInput:
40             break;
41         default:
42             return false;
43     }
44 
45     SkGainmapInfo gainmapInfo;
46     auto gainmapImageStream = std::unique_ptr<SkStream>();
47 
48     if (codec->getAndroidGainmap(&gainmapInfo, &gainmapImageStream)) {
49         // Do something with the outputs so the compiler does not optimize the call away.
50         if (!std::isfinite(gainmapInfo.fDisplayRatioSdr)) {
51             return false;
52         }
53         if (gainmapImageStream->getLength() > 100000000) {
54             return false;
55         }
56     }
57 
58     auto surface = SkSurface::MakeRasterN32Premul(size.width(), size.height());
59     if (!surface) {
60         // May return nullptr in memory-constrained fuzzing environments
61         return false;
62     }
63 
64     surface->getCanvas()->drawImage(bm.asImage(), 0, 0);
65     return true;
66 }
67 
68 #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)69 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
70     if (size > 10240) {
71         return 0;
72     }
73     auto bytes = SkData::MakeWithoutCopy(data, size);
74     Fuzz fuzz(bytes);
75     uint8_t sampleSize;
76     fuzz.nextRange(&sampleSize, 1, 64);
77     bytes = SkData::MakeSubset(bytes.get(), 1, size - 1);
78     FuzzAndroidCodec(bytes, sampleSize);
79     return 0;
80 }
81 #endif
82