Commit Graph

11 Commits

Author SHA1 Message Date
Kevin Lubick
96d9dd8d01 Prevent exponential growth of 'nice' paths when fuzzing
Bug: oss-fuzz:11491, oss-fuzz:11514 and others
Change-Id: I60f05b889a73749ddcde7cf2bf3beabab33b0538
Reviewed-on: https://skia-review.googlesource.com/c/178180
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Auto-Submit: Kevin Lubick <kjlubick@google.com>
2018-12-17 18:27:47 +00:00
Cary Clark
3d6b438b99 remove legacy pathref validation
Chrome added a public method to validate SkPathRef,
but always called it when validating SkPath. We did too.

Remove the SkPathRef entry point, validate SkPathRef
when validating SkPath, and remove Skia's callers.
(Chrome has already been fixed.)

TBR=reed@google.com
R=fmalita@chromium.org

Bug:913930
Change-Id: I0828b00b42cc1f031b4216ddeace50f80aa21e62
Reviewed-on: https://skia-review.googlesource.com/c/177065
Commit-Queue: Cary Clark <caryclark@skia.org>
Auto-Submit: Cary Clark <caryclark@skia.org>
Reviewed-by: Florin Malita <fmalita@chromium.org>
2018-12-13 14:29:09 +00:00
Cary Clark
aa3b291717 bracket SkPath pathRefIsValid with define
Add defines around the places calls
SkPath::pathRefIsValid()

R=fmalita@chromium.org

Bug:913930
Change-Id: Iffaa85cecf127cf8cb405dffe76666f9184de76e
Reviewed-on: https://skia-review.googlesource.com/c/176583
Commit-Queue: Cary Clark <caryclark@skia.org>
Commit-Queue: Florin Malita <fmalita@chromium.org>
Auto-Submit: Cary Clark <caryclark@skia.org>
Reviewed-by: Florin Malita <fmalita@chromium.org>
2018-12-11 17:10:09 +00:00
Mike Klein
f88f5ef109 simplify nextRange(), fold in nextEnum()
Doesn't look like we need to distinguish these if we just
write them as the simple

   1) load the right number of bytes
   2) clamp to [min,max]

This makes enum fuzzing independent of its underlying type, and may make
it easier to see the mapping from fuzzed byte stream to
nextRange()/nextEnum() values.

Change-Id: I9f785f94f513a0087ad7151b5e7bc14ddbe9314a
Reviewed-on: https://skia-review.googlesource.com/c/171820
Commit-Queue: Mike Klein <mtklein@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Auto-Submit: Mike Klein <mtklein@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
2018-11-19 18:04:12 +00:00
Mike Klein
7ffa40cedb FuzzPath -> FuzzNicePath
This CL renames FuzzPath() to FuzzNicePath() to remind us that it's
meant to create paths that a user could reasonably want to create
in good faith, to pass to Skia via its API, etc.

Then, add fuzz_nice_rect(), and have FuzzNicePath() use that to create
its rectangles and use FuzzNiceMatrix() to create its matrices, just
like we already use FuzzNiceRRect() to create rounded rectangles and
FuzzNicePath() itself to create sub-paths.

Using fuzz_nice_rect() should be the fix for the attached bug.
Using FuzzNiceMatrix() is by analogy, more preemptive.

While we're at it, rename BuildPath to FuzzEvilPath, so the contrast
with FuzzNicePath is more clear.

Update the assertions that we create a valid path in FuzzNicePath()
to tell us where things went wrong if they do.

Bug: oss-fuzz:10667, skia:8384
Change-Id: I6d802182a62815cd969c65cf0479609f64b1da55
Reviewed-on: https://skia-review.googlesource.com/156840
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Auto-Submit: Mike Klein <mtklein@google.com>
2018-09-25 17:04:00 +00:00
Mike Klein
4ef464cd3c FuzzPath() should probably make a valid path
This will point out if something's gone screwy earlier in Debug builds.

Bug: oss-fuzz:10488

Change-Id: Ib091ada75344140bbe2932e5c2f1e2257f05019b
Reviewed-on: https://skia-review.googlesource.com/156660
Auto-Submit: Mike Klein <mtklein@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Mike Klein <mtklein@google.com>
2018-09-25 05:00:30 +00:00
Mike Klein
78c6015cb0 make only valid SkRRects in FuzzPath
As far as I can tell, the attached bugs are self-inflicted wounds.

Bug: skia:8383, oss-fuzz:10378
Change-Id: Ie0bee292982d9e56193b90c04fef5e43bb2e36d4
Reviewed-on: https://skia-review.googlesource.com/156249
Commit-Queue: Mike Klein <mtklein@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
2018-09-24 16:08:00 +00:00
Kevin Lubick
bc9a1a837d Make fuzz::next overloads more consistent
Some oss-fuzz bugs (like the linked one) would not reproduce
in Skia proper due to the fact that there were subtle overloads
of the various Fuzz::next() methods in FuzzCanvas.cpp that
were pulled in in Skia proper, but not oss-fuzz.

This puts all of them in to FuzzCommon.h and makes the
matrix and rrect ones opt-in (fuzz_matrix, fuzz_rrect).

Additionally, this renames fuzz.cpp -> FuzzMain.cpp so we
can properly include Fuzz.cpp in oss-fuzz without
having two mains.

Bug: oss-fuzz:10378
Change-Id: I6cf9afb471781b9fadb689482109a1e5662358b5
Reviewed-on: https://skia-review.googlesource.com/154900
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Robert Phillips <robertphillips@google.com>
2018-09-17 19:20:51 +00:00
Robert Phillips
8051d38358 Fix SkPath::reverseAddPath and fuzzing of SkPath enums
Bug: 882423
Change-Id: I2be2863574a5951b86e4d5e213094efee6081098
Reviewed-on: https://skia-review.googlesource.com/154300
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Greg Daniel <egdaniel@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
2018-09-13 13:10:33 +00:00
Robert Phillips
5e4e5451ff Expand SkPath fuzzer
Bug: 882423
Change-Id: Ib1599c84798de74b9e7ecefffb47f22fd12f5a8f
Reviewed-on: https://skia-review.googlesource.com/153889
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Robert Phillips <robertphillips@google.com>
2018-09-12 17:25:25 +00:00
Cary Clark
91390c8ace pathmeasure fuzzer
R=kjlubick@google.com, reed@google.com
Bug: skia:
Change-Id: I16a8b09312e5d1d1783bd6a4b791636ad8f63889
Reviewed-on: https://skia-review.googlesource.com/113165
Reviewed-by: Mike Reed <reed@google.com>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Commit-Queue: Cary Clark <caryclark@skia.org>
2018-03-12 15:29:18 +00:00