1 /* 2 * Copyright 2018 Google, LLC 3 * 4 * Use of this source code is governed by a BSD-style license that can be 5 * found in the LICENSE file. 6 */ 7 8 #include "include/codec/SkCodec.h" 9 #include "include/core/SkBitmap.h" 10 #include "include/core/SkData.h" 11 #include "include/private/base/SkTemplates.h" 12 FuzzIncrementalImageDecode(sk_sp<SkData> bytes)13bool FuzzIncrementalImageDecode(sk_sp<SkData> bytes) { 14 auto codec = SkCodec::MakeFromData(bytes); 15 if (!codec) { 16 return false; 17 } 18 19 SkBitmap bm; 20 if (!bm.tryAllocPixels(codec->getInfo())) { 21 // May fail in memory-constrained fuzzing environments 22 return false; 23 } 24 25 auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes()); 26 if (result != SkCodec::kSuccess) { 27 return false; 28 } 29 30 // Deliberately uninitialized to verify that incrementalDecode initializes it when it 31 // returns kIncompleteInput or kErrorInInput. 32 int rowsDecoded; 33 result = codec->incrementalDecode(&rowsDecoded); 34 switch (result) { 35 case SkCodec::kIncompleteInput: 36 case SkCodec::kErrorInInput: 37 if (rowsDecoded < bm.height()) { 38 void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes()); 39 sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes()); 40 } 41 return true; // decoded a partial image 42 case SkCodec::kSuccess: 43 return true; 44 default: 45 return false; 46 } 47 } 48 49 // TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands 50 #if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER) LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)51extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 52 if (size > 10240) { 53 return 0; 54 } 55 auto bytes = SkData::MakeWithoutCopy(data, size); 56 FuzzIncrementalImageDecode(bytes); 57 return 0; 58 } 59 #endif 60