2416f968a6
This also adds in a few small guards to prevent libfuzzer from frequently running out of memory when an image claims to have billions of pixels. Bug: skia: Change-Id: I47a9daac832c4d85a42000698482b61721c38880 Reviewed-on: https://skia-review.googlesource.com/106264 Commit-Queue: Kevin Lubick <kjlubick@google.com> Reviewed-by: Leon Scroggins <scroggo@google.com>
48 lines
1.1 KiB
C++
48 lines
1.1 KiB
C++
/*
|
|
* Copyright 2018 Google Inc.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
#include "SkAndroidCodec.h"
|
|
#include "SkAnimatedImage.h"
|
|
#include "SkPaint.h"
|
|
#include "SkCanvas.h"
|
|
#include "SkData.h"
|
|
#include "SkSurface.h"
|
|
|
|
void FuzzAnimatedImage(sk_sp<SkData> bytes) {
|
|
auto codec = SkAndroidCodec::MakeFromData(bytes);
|
|
if (nullptr == codec) {
|
|
return;
|
|
}
|
|
auto aImg = SkAnimatedImage::Make(std::move(codec));
|
|
if (nullptr == aImg) {
|
|
return;
|
|
}
|
|
|
|
auto s = SkSurface::MakeRasterN32Premul(128, 128);
|
|
if (!s) {
|
|
// May return nullptr in memory-constrained fuzzing environments
|
|
return;
|
|
}
|
|
|
|
SkPaint p;
|
|
int escape = 0;
|
|
while (!aImg->isFinished() && escape < 100) {
|
|
aImg->draw(s->getCanvas());
|
|
escape++;
|
|
aImg->decodeNextFrame();
|
|
}
|
|
|
|
}
|
|
|
|
#if defined(IS_FUZZING_WITH_LIBFUZZER)
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
auto bytes = SkData::MakeWithoutCopy(data, size);
|
|
FuzzAnimatedImage(bytes);
|
|
return 0;
|
|
}
|
|
#endif
|