updated skp fuzzer

Change-Id: If7f770c25e9a2cd9b8f3feb07c1756889f870431 Reviewed-on: https://skia-review.googlesource.com/c/skia/+/306338 Reviewed-by: Mike Reed <reed@google.com> Commit-Queue: Zepeng Hu <zepenghu@google.com>
2020-07-31 17:21:29 +00:00 · 2020-07-31 17:21:29 +00:00 · fcb7ba035a
commit fcb7ba035a
parent fada8bda13
3 changed files with 41 additions and 18 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -2124,6 +2124,7 @@ if (skia_enable_tools) {
      "fuzz/oss_fuzz/FuzzPathDeserialize.cpp",
      "fuzz/oss_fuzz/FuzzRegionDeserialize.cpp",
      "fuzz/oss_fuzz/FuzzRegionSetPath.cpp",
+      "fuzz/oss_fuzz/FuzzSKP.cpp",
      "fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp",
      "fuzz/oss_fuzz/FuzzSKSL2Metal.cpp",
      "fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp",
--- a/fuzz/FuzzMain.cpp
+++ b/fuzz/FuzzMain.cpp
@ -19,7 +19,6 @@
 #include "include/core/SkTextBlob.h"
 #include "src/core/SkFontMgrPriv.h"
 #include "src/core/SkOSFile.h"
-#include "src/core/SkPicturePriv.h"
 #include "src/core/SkReadBuffer.h"
 #include "src/utils/SkOSPath.h"
 #include "tools/ToolUtils.h"
@ -294,6 +293,7 @@ static std::map<std::string, std::string> cf_map = {
    {"region_set_path", "region_set_path"},
    {"skdescriptor_deserialize", "skdescriptor_deserialize"},
    {"skjson", "json"},
+    {"skp", "skp"},
    {"skruntimeeffect", "skruntimeeffect"},
    {"sksl2glsl", "sksl2glsl"},
    {"sksl2metal", "sksl2metal"},
@ -693,24 +693,10 @@ static void fuzz_img(sk_sp<SkData> bytes, uint8_t scale, uint8_t mode) {
    dump_png(bitmap);
 }

+void FuzzSKP(sk_sp<SkData> bytes);
 static void fuzz_skp(sk_sp<SkData> bytes) {
-    SkReadBuffer buf(bytes->data(), bytes->size());
-    SkDebugf("Decoding\n");
-    sk_sp<SkPicture> pic(SkPicturePriv::MakeFromBuffer(buf));
-    if (!pic) {
-        SkDebugf("[terminated] Couldn't decode as a picture.\n");
-        return;
-    }
-    SkDebugf("Rendering\n");
-    SkBitmap bitmap;
-    if (!FLAGS_dump.isEmpty()) {
-        SkIRect size = pic->cullRect().roundOut();
-        bitmap.allocN32Pixels(size.width(), size.height());
-    }
-    SkCanvas canvas(bitmap);
-    canvas.drawPicture(pic);
-    SkDebugf("[terminated] Success! Decoded and rendered an SkPicture!\n");
-    dump_png(bitmap);
+    FuzzSKP(bytes);
+    SkDebugf("[terminated] Finished SKP\n");
 }

 static void fuzz_color_deserialize(sk_sp<SkData> bytes) {
--- a/fuzz/oss_fuzz/FuzzSKP.cpp
+++ b/fuzz/oss_fuzz/FuzzSKP.cpp
@ -0,0 +1,36 @@
+/*
+ * Copyright 2020 Google, LLC
+ *
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "include/core/SkCanvas.h"
+#include "include/core/SkData.h"
+#include "include/core/SkPicture.h"
+#include "include/core/SkStream.h"
+#include "include/core/SkSurface.h"
+
+constexpr static SkISize kCanvasSize= {128, 160};
+
+void FuzzSKP(sk_sp<SkData> bytes) {
+    sk_sp<SkPicture> pic = SkPicture::MakeFromData(bytes->data(), bytes->size());
+    if (!pic) {
+        SkDebugf("[terminated] Couldn't decode as a picture.\n");
+        return;
+    }
+    sk_sp<SkSurface> surface = SkSurface::MakeRasterN32Premul(kCanvasSize.width(),
+                                                              kCanvasSize.height());
+    surface->getCanvas()->drawPicture(pic);
+    pic->approximateBytesUsed();
+    pic->approximateOpCount();
+    return;
+}
+
+#if defined(IS_FUZZING_WITH_LIBFUZZER)
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    auto bytes = SkData::MakeWithoutCopy(data, size);
+    FuzzSKP(bytes);
+    return 0;
+}
+#endif