diff --git a/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp b/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp index d5a661df41..ba857778d1 100644 --- a/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp +++ b/fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp @@ -15,6 +15,14 @@ bool FuzzSKSL2SPIRV(sk_sp bytes) { SkSL::Compiler compiler(caps.get()); SkSL::String output; SkSL::Program::Settings settings; + + // This tells the compiler where the rt-flip uniform will live should it be required. For + // fuzzing purposes we don't care where that is, but the compiler will report an error if we + // leave them at their default invalid values, or if the offset overlaps another uniform. + settings.fRTFlipOffset = 16384; + settings.fRTFlipSet = 0; + settings.fRTFlipBinding = 0; + std::unique_ptr program = compiler.convertProgram( SkSL::ProgramKind::kFragment, SkSL::String((const char*) bytes->data(), diff --git a/gn/sksl_tests.gni b/gn/sksl_tests.gni index f43cc8e1a2..2c29eab92e 100644 --- a/gn/sksl_tests.gni +++ b/gn/sksl_tests.gni @@ -182,6 +182,7 @@ sksl_spirv_tests = [ "/sksl/spirv/LayoutMultipleOf4.sksl", "/sksl/spirv/LayoutOutOfOrder.sksl", "/sksl/spirv/OpaqueTypeInArray.sksl", + "/sksl/spirv/Ossfuzz35916.sksl", "/sksl/workarounds/RewriteMatrixVectorMultiply.sksl", "/sksl/errors/Ossfuzz36850.sksl", "/sksl/errors/UndefinedFunction.sksl", diff --git a/resources/sksl/spirv/Ossfuzz35916.sksl b/resources/sksl/spirv/Ossfuzz35916.sksl new file mode 100644 index 0000000000..129c1b4959 --- /dev/null +++ b/resources/sksl/spirv/Ossfuzz35916.sksl @@ -0,0 +1,3 @@ +void main() { + sk_FragColor.x-- + sk_FragCoord; +} diff --git a/tests/sksl/spirv/Ossfuzz35916.asm.frag b/tests/sksl/spirv/Ossfuzz35916.asm.frag new file mode 100644 index 0000000000..da115eb044 --- /dev/null +++ b/tests/sksl/spirv/Ossfuzz35916.asm.frag @@ -0,0 +1,69 @@ +OpCapability Shader +%1 = OpExtInstImport "GLSL.std.450" +OpMemoryModel Logical GLSL450 +OpEntryPoint Fragment %main "main" %sk_FragColor %sk_FragCoord %sk_Clockwise +OpExecutionMode %main OriginUpperLeft +OpName %sk_FragColor "sk_FragColor" +OpName %sk_FragCoord "sk_FragCoord" +OpName %sk_Clockwise "sk_Clockwise" +OpName %main "main" +OpName %sksl_synthetic_uniforms "sksl_synthetic_uniforms" +OpMemberName %sksl_synthetic_uniforms 0 "u_skRTFlip" +OpDecorate %sk_FragColor RelaxedPrecision +OpDecorate %sk_FragColor Location 0 +OpDecorate %sk_FragColor Index 0 +OpDecorate %sk_FragCoord BuiltIn FragCoord +OpDecorate %sk_Clockwise BuiltIn FrontFacing +OpDecorate %19 RelaxedPrecision +OpDecorate %21 RelaxedPrecision +OpMemberDecorate %sksl_synthetic_uniforms 0 Offset 16384 +OpDecorate %sksl_synthetic_uniforms Block +OpDecorate %22 Binding 0 +OpDecorate %22 DescriptorSet 0 +%float = OpTypeFloat 32 +%v4float = OpTypeVector %float 4 +%_ptr_Output_v4float = OpTypePointer Output %v4float +%sk_FragColor = OpVariable %_ptr_Output_v4float Output +%_ptr_Input_v4float = OpTypePointer Input %v4float +%sk_FragCoord = OpVariable %_ptr_Input_v4float Input +%bool = OpTypeBool +%_ptr_Input_bool = OpTypePointer Input %bool +%sk_Clockwise = OpVariable %_ptr_Input_bool Input +%void = OpTypeVoid +%13 = OpTypeFunction %void +%_ptr_Output_float = OpTypePointer Output %float +%int = OpTypeInt 32 1 +%int_0 = OpConstant %int 0 +%float_1 = OpConstant %float 1 +%v2float = OpTypeVector %float 2 +%sksl_synthetic_uniforms = OpTypeStruct %v2float +%_ptr_Uniform_sksl_synthetic_uniforms = OpTypePointer Uniform %sksl_synthetic_uniforms +%22 = OpVariable %_ptr_Uniform_sksl_synthetic_uniforms Uniform +%_ptr_Uniform_v2float = OpTypePointer Uniform %v2float +%main = OpFunction %void None %13 +%14 = OpLabel +%15 = OpAccessChain %_ptr_Output_float %sk_FragColor %int_0 +%19 = OpLoad %float %15 +%21 = OpFSub %float %19 %float_1 +OpStore %15 %21 +%26 = OpLoad %v4float %sk_FragCoord +%27 = OpCompositeExtract %float %26 0 +%28 = OpAccessChain %_ptr_Uniform_v2float %22 %int_0 +%30 = OpLoad %v2float %28 +%31 = OpCompositeExtract %float %30 0 +%32 = OpAccessChain %_ptr_Uniform_v2float %22 %int_0 +%33 = OpLoad %v2float %32 +%34 = OpCompositeExtract %float %33 1 +%35 = OpLoad %v4float %sk_FragCoord +%36 = OpCompositeExtract %float %35 1 +%37 = OpFMul %float %34 %36 +%38 = OpFAdd %float %31 %37 +%39 = OpLoad %v4float %sk_FragCoord +%40 = OpCompositeExtract %float %39 2 +%41 = OpLoad %v4float %sk_FragCoord +%42 = OpCompositeExtract %float %41 3 +%43 = OpCompositeConstruct %v4float %27 %38 %40 %42 +%44 = OpCompositeConstruct %v4float %19 %19 %19 %19 +%45 = OpFAdd %v4float %44 %43 +OpReturn +OpFunctionEnd