skia2/fuzz/oss_fuzz/FuzzAnimatedImage.cpp
Kevin Lubick 2416f968a6 Add 2 fuzz targets for image decoding (oss-fuzz)
This also adds in a few small guards to prevent libfuzzer from frequently
running out of memory when an image claims to have billions of pixels.

Bug: skia:
Change-Id: I47a9daac832c4d85a42000698482b61721c38880
Reviewed-on: https://skia-review.googlesource.com/106264
Commit-Queue: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Leon Scroggins <scroggo@google.com>
2018-02-12 15:25:59 +00:00

48 lines
1.1 KiB
C++

/*
* Copyright 2018 Google Inc.
*
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "SkAndroidCodec.h"
#include "SkAnimatedImage.h"
#include "SkPaint.h"
#include "SkCanvas.h"
#include "SkData.h"
#include "SkSurface.h"
void FuzzAnimatedImage(sk_sp<SkData> bytes) {
auto codec = SkAndroidCodec::MakeFromData(bytes);
if (nullptr == codec) {
return;
}
auto aImg = SkAnimatedImage::Make(std::move(codec));
if (nullptr == aImg) {
return;
}
auto s = SkSurface::MakeRasterN32Premul(128, 128);
if (!s) {
// May return nullptr in memory-constrained fuzzing environments
return;
}
SkPaint p;
int escape = 0;
while (!aImg->isFinished() && escape < 100) {
aImg->draw(s->getCanvas());
escape++;
aImg->decodeNextFrame();
}
}
#if defined(IS_FUZZING_WITH_LIBFUZZER)
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
auto bytes = SkData::MakeWithoutCopy(data, size);
FuzzAnimatedImage(bytes);
return 0;
}
#endif