2016-01-13 20:57:57 +00:00
|
|
|
/*
|
|
|
|
|
* Copyright 2016 Google Inc.
|
|
|
|
|
*
|
|
|
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
|
|
|
* found in the LICENSE file.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef Fuzz_DEFINED
|
|
|
|
|
#define Fuzz_DEFINED
|
|
|
|
|
|
|
|
|
|
#include "SkData.h"
|
|
|
|
|
#include "SkTRegistry.h"
|
|
|
|
|
#include "SkTypes.h"
|
|
|
|
|
|
2016-11-01 19:01:12 +00:00
|
|
|
#include <cmath>
|
2016-10-25 13:11:05 +00:00
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
class Fuzz : SkNoncopyable {
|
|
|
|
|
public:
|
2016-09-12 19:01:44 +00:00
|
|
|
explicit Fuzz(sk_sp<SkData>);
|
2016-01-13 20:57:57 +00:00
|
|
|
|
2016-07-19 23:50:03 +00:00
|
|
|
// Returns the total number of "random" bytes available.
|
|
|
|
|
size_t size();
|
2016-11-01 19:01:12 +00:00
|
|
|
// Returns if there are no bytes remaining for fuzzing.
|
|
|
|
|
bool exhausted();
|
2016-07-19 23:50:03 +00:00
|
|
|
|
|
|
|
|
template <typename T>
|
2016-11-01 19:01:12 +00:00
|
|
|
T next();
|
2016-07-19 23:50:03 +00:00
|
|
|
|
2016-11-01 19:01:12 +00:00
|
|
|
// nextRange returns values only in [min, max].
|
|
|
|
|
template <typename T>
|
|
|
|
|
T nextRange(T min, T max);
|
2016-10-24 18:53:35 +00:00
|
|
|
|
2016-11-01 19:01:12 +00:00
|
|
|
void signalBug(); // Tell afl-fuzz these inputs found a bug.
|
2016-01-15 13:46:54 +00:00
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
private:
|
2016-01-15 13:46:54 +00:00
|
|
|
template <typename T>
|
|
|
|
|
T nextT();
|
|
|
|
|
|
2016-08-03 20:32:32 +00:00
|
|
|
sk_sp<SkData> fBytes;
|
2016-11-01 19:01:12 +00:00
|
|
|
size_t fNextByte;
|
2016-01-13 20:57:57 +00:00
|
|
|
};
|
|
|
|
|
|
2016-11-01 19:01:12 +00:00
|
|
|
// UBSAN reminds us that bool can only legally hold 0 or 1.
|
|
|
|
|
template <>
|
|
|
|
|
inline bool Fuzz::next<bool>() {
|
|
|
|
|
return (this->next<uint8_t>() & 1) == 1;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-19 23:50:03 +00:00
|
|
|
template <typename T>
|
2016-11-01 19:01:12 +00:00
|
|
|
T Fuzz::next() {
|
|
|
|
|
if ((fNextByte + sizeof(T)) > fBytes->size()) {
|
|
|
|
|
T n = 0;
|
|
|
|
|
memcpy(&n, fBytes->bytes() + fNextByte, fBytes->size() - fNextByte);
|
|
|
|
|
fNextByte = fBytes->size();
|
|
|
|
|
return n;
|
2016-07-19 23:50:03 +00:00
|
|
|
}
|
2016-11-01 19:01:12 +00:00
|
|
|
T n;
|
|
|
|
|
memcpy(&n, fBytes->bytes() + fNextByte, sizeof(T));
|
2016-07-19 23:50:03 +00:00
|
|
|
fNextByte += sizeof(T);
|
2016-11-01 19:01:12 +00:00
|
|
|
return n;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template <>
|
|
|
|
|
inline float Fuzz::nextRange(float min, float max) {
|
|
|
|
|
if (min > max) {
|
|
|
|
|
SkDebugf("Check mins and maxes (%f, %f)\n", min, max);
|
|
|
|
|
this->signalBug();
|
|
|
|
|
}
|
|
|
|
|
float f = this->next<float>();
|
|
|
|
|
if (!std::isnormal(f) && f != 0.0f) {
|
|
|
|
|
// Don't deal with infinity or other strange floats.
|
|
|
|
|
return max;
|
|
|
|
|
}
|
|
|
|
|
return min + std::fmod(std::abs(f), (max - min + 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
template <typename T>
|
|
|
|
|
T Fuzz::nextRange(T min, T max) {
|
|
|
|
|
if (min > max) {
|
|
|
|
|
SkDebugf("Check mins and maxes (%d, %d)\n", min, max);
|
|
|
|
|
this->signalBug();
|
|
|
|
|
}
|
|
|
|
|
T n = this->next<T>();
|
|
|
|
|
T range = max - min + 1;
|
|
|
|
|
if (0 == range) {
|
|
|
|
|
return n;
|
|
|
|
|
} else {
|
|
|
|
|
n = abs(n);
|
|
|
|
|
if (n < 0) {
|
|
|
|
|
// abs(INT_MIN) = INT_MIN, so we check this to avoid accidental negatives.
|
|
|
|
|
return min;
|
|
|
|
|
}
|
|
|
|
|
return min + n % range;
|
|
|
|
|
}
|
2016-07-19 23:50:03 +00:00
|
|
|
}
|
|
|
|
|
|
2016-01-13 20:57:57 +00:00
|
|
|
struct Fuzzable {
|
|
|
|
|
const char* name;
|
|
|
|
|
void (*fn)(Fuzz*);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define DEF_FUZZ(name, f) \
|
|
|
|
|
static void fuzz_##name(Fuzz*); \
|
|
|
|
|
SkTRegistry<Fuzzable> register_##name({#name, fuzz_##name}); \
|
|
|
|
|
static void fuzz_##name(Fuzz* f)
|
|
|
|
|
|
|
|
|
|
#endif//Fuzz_DEFINED
|
