diff options
Diffstat (limited to 'chromium/third_party/skia')
40 files changed, 21 insertions, 4959 deletions
diff --git a/chromium/third_party/skia/fuzz/Fuzz.cpp b/chromium/third_party/skia/fuzz/Fuzz.cpp deleted file mode 100644 index 35a00bf85a2..00000000000 --- a/chromium/third_party/skia/fuzz/Fuzz.cpp +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - - -#include "Fuzz.h" -#include "FuzzCommon.h" - -// UBSAN reminds us that bool can only legally hold 0 or 1. -void Fuzz::next(bool* b) { - uint8_t n; - this->next(&n); - *b = (n & 1) == 1; -} - -void Fuzz::next(SkImageFilter::CropRect* cropRect) { - SkRect rect; - uint8_t flags; - this->next(&rect); - this->nextRange(&flags, 0, 0xF); - *cropRect = SkImageFilter::CropRect(rect, flags); -} - -void Fuzz::nextBytes(void* n, size_t size) { - if ((fNextByte + size) > fBytes->size()) { - sk_bzero(n, size); - memcpy(n, fBytes->bytes() + fNextByte, fBytes->size() - fNextByte); - fNextByte = fBytes->size(); - return; - } - memcpy(n, fBytes->bytes() + fNextByte, size); - fNextByte += size; -} - -void Fuzz::next(SkRegion* region) { - // See FuzzCommon.h - FuzzNiceRegion(this, region, 10); -} - -void Fuzz::nextRange(float* f, float min, float max) { - this->next(f); - if (!std::isnormal(*f) && *f != 0.0f) { - // Don't deal with infinity or other strange floats. - *f = max; - } - *f = min + std::fmod(std::abs(*f), (max - min + 1)); -} diff --git a/chromium/third_party/skia/fuzz/Fuzz.h b/chromium/third_party/skia/fuzz/Fuzz.h deleted file mode 100644 index f28298ee97f..00000000000 --- a/chromium/third_party/skia/fuzz/Fuzz.h +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef Fuzz_DEFINED -#define Fuzz_DEFINED - -#include "../tools/Registry.h" -#include "SkData.h" -#include "SkImageFilter.h" -#include "SkMalloc.h" -#include "SkRegion.h" -#include "SkTypes.h" - -#include <limits> -#include <cmath> -#include <signal.h> -#include <limits> - -class Fuzz : SkNoncopyable { -public: - explicit Fuzz(sk_sp<SkData> bytes) : fBytes(bytes), fNextByte(0) {} - - // Returns the total number of "random" bytes available. - size_t size() { return fBytes->size(); } - // Returns if there are no bytes remaining for fuzzing. - bool exhausted() { - return fBytes->size() == fNextByte; - } - - size_t remaining() { - return fBytes->size() - fNextByte; - } - - void deplete() { - fNextByte = fBytes->size(); - } - - // next() loads fuzzed bytes into the variable passed in by pointer. - // We use this approach instead of T next() because different compilers - // evaluate function parameters in different orders. If fuzz->next() - // returned 5 and then 7, foo(fuzz->next(), fuzz->next()) would be - // foo(5, 7) when compiled on GCC and foo(7, 5) when compiled on Clang. - // By requiring params to be passed in, we avoid the temptation to call - // next() in a way that does not consume fuzzed bytes in a single - // platform-independent order. - template <typename T> - void next(T* t) { this->nextBytes(t, sizeof(T)); } - - // This is a convenient way to initialize more than one argument at a time. - template <typename Arg, typename... Args> - void next(Arg* first, Args... rest); - - // nextRange returns values only in [min, max]. - template <typename T, typename Min, typename Max> - void nextRange(T*, Min, Max); - - // nextN loads n * sizeof(T) bytes into ptr - template <typename T> - void nextN(T* ptr, int n); - - void signalBug(){ - // Tell the fuzzer that these inputs found a bug. - SkDebugf("Signal bug\n"); - raise(SIGSEGV); - } - - // Specialized versions for when true random doesn't quite make sense - void next(bool* b); - void next(SkImageFilter::CropRect* cropRect); - void next(SkRegion* region); - - void nextRange(float* f, float min, float max); - -private: - template <typename T> - T nextT(); - - sk_sp<SkData> fBytes; - size_t fNextByte; - friend void fuzz__MakeEncoderCorpus(Fuzz*); - - void nextBytes(void* ptr, size_t size); -}; - -template <typename Arg, typename... Args> -inline void Fuzz::next(Arg* first, Args... rest) { - this->next(first); - this->next(rest...); -} - -template <typename T, typename Min, typename Max> -inline void Fuzz::nextRange(T* value, Min min, Max max) { - this->next(value); - if (*value < (T)min) { *value = (T)min; } - if (*value > (T)max) { *value = (T)max; } -} - -template <typename T> -inline void Fuzz::nextN(T* ptr, int n) { - for (int i = 0; i < n; i++) { - this->next(ptr+i); - } -} - -struct Fuzzable { - const char* name; - void (*fn)(Fuzz*); -}; - -// Not static so that we can link these into oss-fuzz harnesses if we like. -#define DEF_FUZZ(name, f) \ - void fuzz_##name(Fuzz*); \ - sk_tools::Registry<Fuzzable> register_##name({#name, fuzz_##name}); \ - void fuzz_##name(Fuzz* f) - -#endif//Fuzz_DEFINED diff --git a/chromium/third_party/skia/fuzz/FuzzCanvas.cpp b/chromium/third_party/skia/fuzz/FuzzCanvas.cpp deleted file mode 100644 index 4cb61ce0a78..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzCanvas.cpp +++ /dev/null @@ -1,1731 +0,0 @@ -/* - * Copyright 2017 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "FuzzCommon.h" - -// CORE -#include "SkCanvas.h" -#include "SkColorFilter.h" -#include "SkDebugCanvas.h" -#include "SkFontMgr.h" -#include "SkImageFilter.h" -#include "SkMaskFilter.h" -#include "SkNullCanvas.h" -#include "SkOSFile.h" -#include "SkPDFDocument.h" -#include "SkPathEffect.h" -#include "SkPicturePriv.h" -#include "SkPictureRecorder.h" -#include "SkPoint3.h" -#include "SkRSXform.h" -#include "SkRegion.h" -#include "SkSurface.h" -#include "SkTo.h" -#include "SkTypeface.h" - -// EFFECTS -#include "Sk1DPathEffect.h" -#include "Sk2DPathEffect.h" -#include "SkAlphaThresholdFilter.h" -#include "SkArithmeticImageFilter.h" -#include "SkBlurImageFilter.h" -#include "SkBlurMaskFilter.h" -#include "SkColorFilterImageFilter.h" -#include "SkColorMatrixFilter.h" -#include "SkComposeImageFilter.h" -#include "SkCornerPathEffect.h" -#include "SkDashPathEffect.h" -#include "SkDiscretePathEffect.h" -#include "SkDisplacementMapEffect.h" -#include "SkDropShadowImageFilter.h" -#include "SkGradientShader.h" -#include "SkHighContrastFilter.h" -#include "SkImageSource.h" -#include "SkLightingImageFilter.h" -#include "SkLumaColorFilter.h" -#include "SkMagnifierImageFilter.h" -#include "SkMatrixConvolutionImageFilter.h" -#include "SkMergeImageFilter.h" -#include "SkMorphologyImageFilter.h" -#include "SkOffsetImageFilter.h" -#include "SkPaintImageFilter.h" -#include "SkPerlinNoiseShader.h" -#include "SkPictureImageFilter.h" -#include "SkReadBuffer.h" -#include "SkTableColorFilter.h" -#include "SkTextBlob.h" -#include "SkTileImageFilter.h" -#include "SkXfermodeImageFilter.h" - -// SRC -#include "SkCommandLineFlags.h" -#include "SkUTF.h" - -#if SK_SUPPORT_GPU -#include "GrContextFactory.h" -#include "GrContextPriv.h" -#include "gl/GrGLFunctions.h" -#include "gl/GrGLGpu.h" -#include "gl/GrGLUtil.h" -#endif - -// MISC - -#include <iostream> -#include <utility> - -DEFINE_bool2(gpuInfo, g, false, "Display GPU information on relevant targets."); - -// TODO: -// SkTextBlob with Unicode -// SkImage: more types - -// be careful: `foo(make_fuzz_t<T>(f), make_fuzz_t<U>(f))` is undefined. -// In fact, all make_fuzz_foo() functions have this potential problem. -// Use sequence points! -template <typename T> -inline T make_fuzz_t(Fuzz* fuzz) { - T t; - fuzz->next(&t); - return t; -} - -static sk_sp<SkImage> make_fuzz_image(Fuzz*); - -static SkBitmap make_fuzz_bitmap(Fuzz*); - -static sk_sp<SkPicture> make_fuzz_picture(Fuzz*, int depth); - -static sk_sp<SkColorFilter> make_fuzz_colorfilter(Fuzz* fuzz, int depth) { - if (depth <= 0) { - return nullptr; - } - int colorFilterType; - fuzz->nextRange(&colorFilterType, 0, 8); - switch (colorFilterType) { - case 0: - return nullptr; - case 1: { - SkColor color; - SkBlendMode mode; - fuzz->next(&color); - fuzz->nextRange(&mode, 0, SkBlendMode::kLastMode); - return SkColorFilter::MakeModeFilter(color, mode); - } - case 2: { - sk_sp<SkColorFilter> outer = make_fuzz_colorfilter(fuzz, depth - 1); - if (!outer) { - return nullptr; - } - sk_sp<SkColorFilter> inner = make_fuzz_colorfilter(fuzz, depth - 1); - // makeComposed should be able to handle nullptr. - return outer->makeComposed(std::move(inner)); - } - case 3: { - SkScalar array[20]; - fuzz->nextN(array, SK_ARRAY_COUNT(array)); - return SkColorFilter::MakeMatrixFilterRowMajor255(array); - } - case 4: { - SkColor mul, add; - fuzz->next(&mul, &add); - return SkColorMatrixFilter::MakeLightingFilter(mul, add); - } - case 5: { - bool grayscale; - int invertStyle; - float contrast; - fuzz->next(&grayscale); - fuzz->nextRange(&invertStyle, 0, 2); - fuzz->nextRange(&contrast, -1.0f, 1.0f); - return SkHighContrastFilter::Make(SkHighContrastConfig( - grayscale, SkHighContrastConfig::InvertStyle(invertStyle), contrast)); - } - case 6: - return SkLumaColorFilter::Make(); - case 7: { - uint8_t table[256]; - fuzz->nextN(table, SK_ARRAY_COUNT(table)); - return SkTableColorFilter::Make(table); - } - case 8: { - uint8_t tableA[256]; - uint8_t tableR[256]; - uint8_t tableG[256]; - uint8_t tableB[256]; - fuzz->nextN(tableA, SK_ARRAY_COUNT(tableA)); - fuzz->nextN(tableR, SK_ARRAY_COUNT(tableR)); - fuzz->nextN(tableG, SK_ARRAY_COUNT(tableG)); - fuzz->nextN(tableB, SK_ARRAY_COUNT(tableB)); - return SkTableColorFilter::MakeARGB(tableA, tableR, tableG, tableB); - } - default: - SkASSERT(false); - break; - } - return nullptr; -} - -static void fuzz_gradient_stops(Fuzz* fuzz, SkScalar* pos, int colorCount) { - SkScalar totalPos = 0; - for (int i = 0; i < colorCount; ++i) { - fuzz->nextRange(&pos[i], 1.0f, 1024.0f); - totalPos += pos[i]; - } - totalPos = 1.0f / totalPos; - for (int i = 0; i < colorCount; ++i) { - pos[i] *= totalPos; - } - // SkASSERT(fabs(pos[colorCount - 1] - 1.0f) < 0.00001f); - pos[colorCount - 1] = 1.0f; -} - -static sk_sp<SkShader> make_fuzz_shader(Fuzz* fuzz, int depth) { - sk_sp<SkShader> shader1(nullptr), shader2(nullptr); - sk_sp<SkColorFilter> colorFilter(nullptr); - SkBitmap bitmap; - sk_sp<SkImage> img; - SkShader::TileMode tmX, tmY; - bool useMatrix; - SkColor color; - SkMatrix matrix; - SkBlendMode blendMode; - int shaderType; - if (depth <= 0) { - return nullptr; - } - fuzz->nextRange(&shaderType, 0, 14); - switch (shaderType) { - case 0: - return nullptr; - case 1: - return SkShader::MakeEmptyShader(); - case 2: - fuzz->next(&color); - return SkShader::MakeColorShader(color); - case 3: - img = make_fuzz_image(fuzz); - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->nextRange(&tmY, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - return img->makeShader(tmX, tmY, useMatrix ? &matrix : nullptr); - case 4: - bitmap = make_fuzz_bitmap(fuzz); - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->nextRange(&tmY, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - return SkShader::MakeBitmapShader(bitmap, tmX, tmY, useMatrix ? &matrix : nullptr); - case 5: - shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion. - FuzzNiceMatrix(fuzz, &matrix); - return shader1 ? shader1->makeWithLocalMatrix(matrix) : nullptr; - case 6: - shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion. - colorFilter = make_fuzz_colorfilter(fuzz, depth - 1); - return shader1 ? shader1->makeWithColorFilter(std::move(colorFilter)) : nullptr; - case 7: - shader1 = make_fuzz_shader(fuzz, depth - 1); // limit recursion. - shader2 = make_fuzz_shader(fuzz, depth - 1); - fuzz->nextRange(&blendMode, 0, SkBlendMode::kLastMode); - return SkShader::MakeComposeShader(std::move(shader1), std::move(shader2), blendMode); - case 8: { - auto pic = make_fuzz_picture(fuzz, depth - 1); - bool useTile; - SkRect tile; - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->nextRange(&tmY, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix, &useTile); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - if (useTile) { - fuzz->next(&tile); - } - return SkShader::MakePictureShader(std::move(pic), tmX, tmY, - useMatrix ? &matrix : nullptr, - useTile ? &tile : nullptr); - } - // EFFECTS: - case 9: - // Deprecated SkGaussianEdgeShader - return nullptr; - case 10: { - constexpr int kMaxColors = 12; - SkPoint pts[2]; - SkColor colors[kMaxColors]; - SkScalar pos[kMaxColors]; - int colorCount; - bool usePos; - fuzz->nextN(pts, 2); - fuzz->nextRange(&colorCount, 2, kMaxColors); - fuzz->nextN(colors, colorCount); - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix, &usePos); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - if (usePos) { - fuzz_gradient_stops(fuzz, pos, colorCount); - } - return SkGradientShader::MakeLinear(pts, colors, usePos ? pos : nullptr, colorCount, - tmX, 0, useMatrix ? &matrix : nullptr); - } - case 11: { - constexpr int kMaxColors = 12; - SkPoint center; - SkScalar radius; - int colorCount; - bool usePos; - SkColor colors[kMaxColors]; - SkScalar pos[kMaxColors]; - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix, &usePos, ¢er, &radius); - fuzz->nextRange(&colorCount, 2, kMaxColors); - fuzz->nextN(colors, colorCount); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - if (usePos) { - fuzz_gradient_stops(fuzz, pos, colorCount); - } - return SkGradientShader::MakeRadial(center, radius, colors, usePos ? pos : nullptr, - colorCount, tmX, 0, useMatrix ? &matrix : nullptr); - } - case 12: { - constexpr int kMaxColors = 12; - SkPoint start, end; - SkScalar startRadius, endRadius; - int colorCount; - bool usePos; - SkColor colors[kMaxColors]; - SkScalar pos[kMaxColors]; - fuzz->nextRange(&tmX, 0, SkShader::TileMode::kLast_TileMode); - fuzz->next(&useMatrix, &usePos, &startRadius, &endRadius, &start, &end); - fuzz->nextRange(&colorCount, 2, kMaxColors); - fuzz->nextN(colors, colorCount); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - if (usePos) { - fuzz_gradient_stops(fuzz, pos, colorCount); - } - return SkGradientShader::MakeTwoPointConical(start, startRadius, end, endRadius, colors, - usePos ? pos : nullptr, colorCount, tmX, 0, - useMatrix ? &matrix : nullptr); - } - case 13: { - constexpr int kMaxColors = 12; - SkScalar cx, cy; - int colorCount; - bool usePos; - SkColor colors[kMaxColors]; - SkScalar pos[kMaxColors]; - fuzz->next(&cx, &cy, &useMatrix, &usePos); - fuzz->nextRange(&colorCount, 2, kMaxColors); - fuzz->nextN(colors, colorCount); - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - if (usePos) { - fuzz_gradient_stops(fuzz, pos, colorCount); - } - return SkGradientShader::MakeSweep(cx, cy, colors, usePos ? pos : nullptr, colorCount, - 0, useMatrix ? &matrix : nullptr); - } - case 14: { - SkScalar baseFrequencyX, baseFrequencyY, seed; - int numOctaves; - SkISize tileSize; - bool useTileSize, turbulence; - fuzz->next(&baseFrequencyX, &baseFrequencyY, &seed, &useTileSize, &turbulence); - if (useTileSize) { - fuzz->next(&tileSize); - } - fuzz->nextRange(&numOctaves, 2, 7); - if (turbulence) { - return SkPerlinNoiseShader::MakeTurbulence(baseFrequencyX, baseFrequencyY, - numOctaves, seed, - useTileSize ? &tileSize : nullptr); - } else { - return SkPerlinNoiseShader::MakeFractalNoise(baseFrequencyX, baseFrequencyY, - numOctaves, seed, - useTileSize ? &tileSize : nullptr); - } - } - default: - SkASSERT(false); - break; - } - return nullptr; -} - -static sk_sp<SkPathEffect> make_fuzz_patheffect(Fuzz* fuzz, int depth) { - if (depth <= 0) { - return nullptr; - } - uint8_t pathEffectType; - fuzz->nextRange(&pathEffectType, 0, 8); - switch (pathEffectType) { - case 0: { - return nullptr; - } - case 1: { - sk_sp<SkPathEffect> first = make_fuzz_patheffect(fuzz, depth - 1); - sk_sp<SkPathEffect> second = make_fuzz_patheffect(fuzz, depth - 1); - return SkPathEffect::MakeSum(std::move(first), std::move(second)); - } - case 2: { - sk_sp<SkPathEffect> first = make_fuzz_patheffect(fuzz, depth - 1); - sk_sp<SkPathEffect> second = make_fuzz_patheffect(fuzz, depth - 1); - return SkPathEffect::MakeCompose(std::move(first), std::move(second)); - } - case 3: { - SkPath path; - FuzzNicePath(fuzz, &path, 20); - SkScalar advance, phase; - fuzz->next(&advance, &phase); - SkPath1DPathEffect::Style style; - fuzz->nextRange(&style, 0, SkPath1DPathEffect::kLastEnum_Style); - return SkPath1DPathEffect::Make(path, advance, phase, style); - } - case 4: { - SkScalar width; - SkMatrix matrix; - fuzz->next(&width); - FuzzNiceMatrix(fuzz, &matrix); - return SkLine2DPathEffect::Make(width, matrix); - } - case 5: { - SkPath path; - FuzzNicePath(fuzz, &path, 20); - SkMatrix matrix; - FuzzNiceMatrix(fuzz, &matrix); - return SkPath2DPathEffect::Make(matrix, path); - } - case 6: { - SkScalar radius; - fuzz->next(&radius); - return SkCornerPathEffect::Make(radius); - } - case 7: { - SkScalar phase; - fuzz->next(&phase); - SkScalar intervals[20]; - int count; - fuzz->nextRange(&count, 0, (int)SK_ARRAY_COUNT(intervals)); - fuzz->nextN(intervals, count); - return SkDashPathEffect::Make(intervals, count, phase); - } - case 8: { - SkScalar segLength, dev; - uint32_t seed; - fuzz->next(&segLength, &dev, &seed); - return SkDiscretePathEffect::Make(segLength, dev, seed); - } - default: - SkASSERT(false); - return nullptr; - } -} - -static sk_sp<SkMaskFilter> make_fuzz_maskfilter(Fuzz* fuzz) { - int maskfilterType; - fuzz->nextRange(&maskfilterType, 0, 1); - switch (maskfilterType) { - case 0: - return nullptr; - case 1: { - SkBlurStyle blurStyle; - fuzz->nextRange(&blurStyle, 0, kLastEnum_SkBlurStyle); - SkScalar sigma; - fuzz->next(&sigma); - bool respectCTM; - fuzz->next(&respectCTM); - return SkMaskFilter::MakeBlur(blurStyle, sigma, respectCTM); - } - default: - SkASSERT(false); - return nullptr; - } -} - -static sk_sp<SkTypeface> make_fuzz_typeface(Fuzz* fuzz) { - if (make_fuzz_t<bool>(fuzz)) { - return nullptr; - } - auto fontMugger = SkFontMgr::RefDefault(); - SkASSERT(fontMugger); - int familyCount = fontMugger->countFamilies(); - int i, j; - fuzz->nextRange(&i, 0, familyCount - 1); - sk_sp<SkFontStyleSet> family(fontMugger->createStyleSet(i)); - int styleCount = family->count(); - fuzz->nextRange(&j, 0, styleCount - 1); - return sk_sp<SkTypeface>(family->createTypeface(j)); -} - -static sk_sp<SkImageFilter> make_fuzz_imageFilter(Fuzz* fuzz, int depth); - -static sk_sp<SkImageFilter> make_fuzz_lighting_imagefilter(Fuzz* fuzz, int depth) { - if (depth <= 0) { - return nullptr; - } - uint8_t imageFilterType; - fuzz->nextRange(&imageFilterType, 1, 6); - SkPoint3 p, q; - SkColor lightColor; - SkScalar surfaceScale, k, specularExponent, cutoffAngle, shininess; - sk_sp<SkImageFilter> input; - SkImageFilter::CropRect cropRect; - bool useCropRect; - fuzz->next(&useCropRect); - if (useCropRect) { - fuzz->next(&cropRect); - } - switch (imageFilterType) { - case 1: - fuzz->next(&p, &lightColor, &surfaceScale, &k); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakeDistantLitDiffuse(p, lightColor, surfaceScale, k, - std::move(input), - useCropRect ? &cropRect : nullptr); - case 2: - fuzz->next(&p, &lightColor, &surfaceScale, &k); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakePointLitDiffuse(p, lightColor, surfaceScale, k, - std::move(input), - useCropRect ? &cropRect : nullptr); - case 3: - fuzz->next(&p, &q, &specularExponent, &cutoffAngle, &lightColor, &surfaceScale, &k); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakeSpotLitDiffuse( - p, q, specularExponent, cutoffAngle, lightColor, surfaceScale, k, - std::move(input), useCropRect ? &cropRect : nullptr); - case 4: - fuzz->next(&p, &lightColor, &surfaceScale, &k, &shininess); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakeDistantLitSpecular(p, lightColor, surfaceScale, k, - shininess, std::move(input), - useCropRect ? &cropRect : nullptr); - case 5: - fuzz->next(&p, &lightColor, &surfaceScale, &k, &shininess); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakePointLitSpecular(p, lightColor, surfaceScale, k, - shininess, std::move(input), - useCropRect ? &cropRect : nullptr); - case 6: - fuzz->next(&p, &q, &specularExponent, &cutoffAngle, &lightColor, &surfaceScale, &k, - &shininess); - input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkLightingImageFilter::MakeSpotLitSpecular( - p, q, specularExponent, cutoffAngle, lightColor, surfaceScale, k, shininess, - std::move(input), useCropRect ? &cropRect : nullptr); - default: - SkASSERT(false); - return nullptr; - } -} - -static void fuzz_paint(Fuzz* fuzz, SkPaint* paint, int depth); - -static sk_sp<SkImageFilter> make_fuzz_imageFilter(Fuzz* fuzz, int depth) { - if (depth <= 0) { - return nullptr; - } - uint8_t imageFilterType; - fuzz->nextRange(&imageFilterType, 0, 23); - switch (imageFilterType) { - case 0: - return nullptr; - case 1: { - SkScalar sigmaX, sigmaY; - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - bool useCropRect; - fuzz->next(&sigmaX, &sigmaY, &useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkBlurImageFilter::Make(sigmaX, sigmaY, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 2: { - SkMatrix matrix; - FuzzNiceMatrix(fuzz, &matrix); - SkFilterQuality quality; - fuzz->nextRange(&quality, 0, SkFilterQuality::kLast_SkFilterQuality); - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkImageFilter::MakeMatrixFilter(matrix, quality, std::move(input)); - } - case 3: { - SkRegion region; - SkScalar innerMin, outerMax; - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - bool useCropRect; - fuzz->next(®ion, &innerMin, &outerMax, &useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkAlphaThresholdFilter::Make(region, innerMin, outerMax, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 4: { - float k1, k2, k3, k4; - bool enforcePMColor; - bool useCropRect; - fuzz->next(&k1, &k2, &k3, &k4, &enforcePMColor, &useCropRect); - sk_sp<SkImageFilter> background = make_fuzz_imageFilter(fuzz, depth - 1); - sk_sp<SkImageFilter> foreground = make_fuzz_imageFilter(fuzz, depth - 1); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkArithmeticImageFilter::Make(k1, k2, k3, k4, enforcePMColor, - std::move(background), std::move(foreground), - useCropRect ? &cropRect : nullptr); - } - case 5: { - sk_sp<SkColorFilter> cf = make_fuzz_colorfilter(fuzz, depth - 1); - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - bool useCropRect; - SkImageFilter::CropRect cropRect; - fuzz->next(&useCropRect); - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkColorFilterImageFilter::Make(std::move(cf), std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 6: { - sk_sp<SkImageFilter> ifo = make_fuzz_imageFilter(fuzz, depth - 1); - sk_sp<SkImageFilter> ifi = make_fuzz_imageFilter(fuzz, depth - 1); - return SkComposeImageFilter::Make(std::move(ifo), std::move(ifi)); - } - case 7: { - SkDisplacementMapEffect::ChannelSelectorType xChannelSelector, yChannelSelector; - fuzz->nextRange(&xChannelSelector, 1, 4); - fuzz->nextRange(&yChannelSelector, 1, 4); - SkScalar scale; - bool useCropRect; - fuzz->next(&scale, &useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> displacement = make_fuzz_imageFilter(fuzz, depth - 1); - sk_sp<SkImageFilter> color = make_fuzz_imageFilter(fuzz, depth - 1); - return SkDisplacementMapEffect::Make(xChannelSelector, yChannelSelector, scale, - std::move(displacement), std::move(color), - useCropRect ? &cropRect : nullptr); - } - case 8: { - SkScalar dx, dy, sigmaX, sigmaY; - SkColor color; - SkDropShadowImageFilter::ShadowMode shadowMode; - fuzz->nextRange(&shadowMode, 0, 1); - bool useCropRect; - fuzz->next(&dx, &dy, &sigmaX, &sigmaY, &color, &useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkDropShadowImageFilter::Make(dx, dy, sigmaX, sigmaY, color, shadowMode, - std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 9: - return SkImageSource::Make(make_fuzz_image(fuzz)); - case 10: { - sk_sp<SkImage> image = make_fuzz_image(fuzz); - SkRect srcRect, dstRect; - SkFilterQuality filterQuality; - fuzz->next(&srcRect, &dstRect); - fuzz->nextRange(&filterQuality, 0, SkFilterQuality::kLast_SkFilterQuality); - return SkImageSource::Make(std::move(image), srcRect, dstRect, filterQuality); - } - case 11: - return make_fuzz_lighting_imagefilter(fuzz, depth - 1); - case 12: { - SkRect srcRect; - SkScalar inset; - bool useCropRect; - SkImageFilter::CropRect cropRect; - fuzz->next(&srcRect, &inset, &useCropRect); - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkMagnifierImageFilter::Make(srcRect, inset, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 13: { - constexpr int kMaxKernelSize = 5; - int32_t n, m; - fuzz->nextRange(&n, 1, kMaxKernelSize); - fuzz->nextRange(&m, 1, kMaxKernelSize); - SkScalar kernel[kMaxKernelSize * kMaxKernelSize]; - fuzz->nextN(kernel, n * m); - int32_t offsetX, offsetY; - fuzz->nextRange(&offsetX, 0, n - 1); - fuzz->nextRange(&offsetY, 0, m - 1); - SkScalar gain, bias; - bool convolveAlpha, useCropRect; - fuzz->next(&gain, &bias, &convolveAlpha, &useCropRect); - SkMatrixConvolutionImageFilter::TileMode tileMode; - fuzz->nextRange(&tileMode, 0, SkMatrixConvolutionImageFilter::TileMode::kLast_TileMode); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkMatrixConvolutionImageFilter::Make( - SkISize{n, m}, kernel, gain, bias, SkIPoint{offsetX, offsetY}, tileMode, - convolveAlpha, std::move(input), useCropRect ? &cropRect : nullptr); - } - case 14: { - sk_sp<SkImageFilter> first = make_fuzz_imageFilter(fuzz, depth - 1); - sk_sp<SkImageFilter> second = make_fuzz_imageFilter(fuzz, depth - 1); - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkMergeImageFilter::Make(std::move(first), std::move(second), - useCropRect ? &cropRect : nullptr); - } - case 15: { - constexpr int kMaxCount = 4; - sk_sp<SkImageFilter> ifs[kMaxCount]; - int count; - fuzz->nextRange(&count, 1, kMaxCount); - for (int i = 0; i < count; ++i) { - ifs[i] = make_fuzz_imageFilter(fuzz, depth - 1); - } - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkMergeImageFilter::Make(ifs, count, useCropRect ? &cropRect : nullptr); - } - case 16: { - int rx, ry; - fuzz->next(&rx, &ry); - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkDilateImageFilter::Make(rx, ry, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 17: { - int rx, ry; - fuzz->next(&rx, &ry); - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkErodeImageFilter::Make(rx, ry, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 18: { - SkScalar dx, dy; - fuzz->next(&dx, &dy); - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkOffsetImageFilter::Make(dx, dy, std::move(input), - useCropRect ? &cropRect : nullptr); - } - case 19: { - SkPaint paint; - fuzz_paint(fuzz, &paint, depth - 1); - bool useCropRect; - fuzz->next(&useCropRect); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - return SkPaintImageFilter::Make(paint, useCropRect ? &cropRect : nullptr); - } - case 20: { - sk_sp<SkPicture> picture = make_fuzz_picture(fuzz, depth - 1); - return SkPictureImageFilter::Make(std::move(picture)); - } - case 21: { - SkRect cropRect; - fuzz->next(&cropRect); - sk_sp<SkPicture> picture = make_fuzz_picture(fuzz, depth - 1); - return SkPictureImageFilter::Make(std::move(picture), cropRect); - } - case 22: { - SkRect src, dst; - fuzz->next(&src, &dst); - sk_sp<SkImageFilter> input = make_fuzz_imageFilter(fuzz, depth - 1); - return SkTileImageFilter::Make(src, dst, std::move(input)); - } - case 23: { - SkBlendMode blendMode; - bool useCropRect; - fuzz->next(&useCropRect); - fuzz->nextRange(&blendMode, 0, SkBlendMode::kLastMode); - SkImageFilter::CropRect cropRect; - if (useCropRect) { - fuzz->next(&cropRect); - } - sk_sp<SkImageFilter> bg = make_fuzz_imageFilter(fuzz, depth - 1); - sk_sp<SkImageFilter> fg = make_fuzz_imageFilter(fuzz, depth - 1); - return SkXfermodeImageFilter::Make(blendMode, std::move(bg), std::move(fg), - useCropRect ? &cropRect : nullptr); - } - default: - SkASSERT(false); - return nullptr; - } -} - -static sk_sp<SkImage> make_fuzz_image(Fuzz* fuzz) { - int w, h; - fuzz->nextRange(&w, 1, 1024); - fuzz->nextRange(&h, 1, 1024); - SkAutoTMalloc<SkPMColor> data(w * h); - SkPixmap pixmap(SkImageInfo::MakeN32Premul(w, h), data.get(), w * sizeof(SkPMColor)); - int n = w * h; - for (int i = 0; i < n; ++i) { - SkColor c; - fuzz->next(&c); - data[i] = SkPreMultiplyColor(c); - } - (void)data.release(); - return SkImage::MakeFromRaster(pixmap, [](const void* p, void*) { sk_free((void*)p); }, - nullptr); -} - -static SkBitmap make_fuzz_bitmap(Fuzz* fuzz) { - SkBitmap bitmap; - int w, h; - fuzz->nextRange(&w, 1, 1024); - fuzz->nextRange(&h, 1, 1024); - if (!bitmap.tryAllocN32Pixels(w, h)) { - SkDEBUGF("Could not allocate pixels %d x %d", w, h); - return bitmap; - } - for (int y = 0; y < h; ++y) { - for (int x = 0; x < w; ++x) { - SkColor c; - fuzz->next(&c); - *bitmap.getAddr32(x, y) = SkPreMultiplyColor(c); - } - } - return bitmap; -} - -template <typename T, typename Min, typename Max> -inline T make_fuzz_t_range(Fuzz* fuzz, Min minv, Max maxv) { - T value; - fuzz->nextRange(&value, minv, maxv); - return value; -} - -static void fuzz_paint(Fuzz* fuzz, SkPaint* paint, int depth) { - if (!fuzz || !paint || depth <= 0) { - return; - } - - paint->setAntiAlias( make_fuzz_t<bool>(fuzz)); - paint->setDither( make_fuzz_t<bool>(fuzz)); - paint->setColor( make_fuzz_t<SkColor>(fuzz)); - paint->setBlendMode( make_fuzz_t_range<SkBlendMode>(fuzz, 0, SkBlendMode::kLastMode)); - paint->setFilterQuality(make_fuzz_t_range<SkFilterQuality>(fuzz, 0, kLast_SkFilterQuality)); - paint->setStyle( make_fuzz_t_range<SkPaint::Style>(fuzz, 0, 2)); - paint->setShader( make_fuzz_shader(fuzz, depth - 1)); - paint->setPathEffect( make_fuzz_patheffect(fuzz, depth - 1)); - paint->setMaskFilter( make_fuzz_maskfilter(fuzz)); - paint->setImageFilter( make_fuzz_imageFilter(fuzz, depth - 1)); - paint->setColorFilter( make_fuzz_colorfilter(fuzz, depth - 1)); - - if (paint->getStyle() != SkPaint::kFill_Style) { - paint->setStrokeWidth(make_fuzz_t<SkScalar>(fuzz)); - paint->setStrokeMiter(make_fuzz_t<SkScalar>(fuzz)); - paint->setStrokeCap( make_fuzz_t_range<SkPaint::Cap>(fuzz, 0, SkPaint::kLast_Cap)); - paint->setStrokeJoin( make_fuzz_t_range<SkPaint::Join>(fuzz, 0, SkPaint::kLast_Join)); - } -} - -static SkFont fuzz_font(Fuzz* fuzz) { - SkFont font; - font.setTypeface( make_fuzz_typeface(fuzz)); - font.setSize( make_fuzz_t<SkScalar>(fuzz)); - font.setScaleX( make_fuzz_t<SkScalar>(fuzz)); - font.setSkewX( make_fuzz_t<SkScalar>(fuzz)); - font.setLinearMetrics( make_fuzz_t<bool>(fuzz)); - font.setSubpixel( make_fuzz_t<bool>(fuzz)); - font.setEmbeddedBitmaps( make_fuzz_t<bool>(fuzz)); - font.setForceAutoHinting( make_fuzz_t<bool>(fuzz)); - font.setEmbolden( make_fuzz_t<bool>(fuzz)); - font.setHinting( make_fuzz_t_range<SkFontHinting>(fuzz, 0, kFull_SkFontHinting)); - font.setEdging( make_fuzz_t_range<SkFont::Edging>(fuzz, 0, - (int)SkFont::Edging::kSubpixelAntiAlias)); - return font; -} - -static SkTextEncoding fuzz_paint_text_encoding(Fuzz* fuzz) { - return make_fuzz_t_range<SkTextEncoding>(fuzz, 0, 3); -} - -constexpr int kMaxGlyphCount = 30; - -static SkTDArray<uint8_t> make_fuzz_text(Fuzz* fuzz, const SkFont& font, SkTextEncoding encoding) { - SkTDArray<uint8_t> array; - if (kGlyphID_SkTextEncoding == encoding) { - int glyphRange = font.getTypefaceOrDefault()->countGlyphs(); - if (glyphRange == 0) { - // Some fuzzing environments have no fonts, so empty array is the best - // we can do. - return array; - } - int glyphCount; - fuzz->nextRange(&glyphCount, 1, kMaxGlyphCount); - SkGlyphID* glyphs = (SkGlyphID*)array.append(glyphCount * sizeof(SkGlyphID)); - for (int i = 0; i < glyphCount; ++i) { - fuzz->nextRange(&glyphs[i], 0, glyphRange - 1); - } - return array; - } - static const SkUnichar ranges[][2] = { - {0x0020, 0x007F}, - {0x00A1, 0x0250}, - {0x0400, 0x0500}, - }; - int32_t count = 0; - for (size_t i = 0; i < SK_ARRAY_COUNT(ranges); ++i) { - count += (ranges[i][1] - ranges[i][0]); - } - constexpr int kMaxLength = kMaxGlyphCount; - SkUnichar buffer[kMaxLength]; - int length; - fuzz->nextRange(&length, 1, kMaxLength); - for (int j = 0; j < length; ++j) { - int32_t value; - fuzz->nextRange(&value, 0, count - 1); - for (size_t i = 0; i < SK_ARRAY_COUNT(ranges); ++i) { - if (value + ranges[i][0] < ranges[i][1]) { - buffer[j] = value + ranges[i][0]; - break; - } else { - value -= (ranges[i][1] - ranges[i][0]); - } - } - } - switch (encoding) { - case kUTF8_SkTextEncoding: { - size_t utf8len = 0; - for (int j = 0; j < length; ++j) { - utf8len += SkUTF::ToUTF8(buffer[j], nullptr); - } - char* ptr = (char*)array.append(utf8len); - for (int j = 0; j < length; ++j) { - ptr += SkUTF::ToUTF8(buffer[j], ptr); - } - } break; - case kUTF16_SkTextEncoding: { - size_t utf16len = 0; - for (int j = 0; j < length; ++j) { - utf16len += SkUTF::ToUTF16(buffer[j]); - } - uint16_t* ptr = (uint16_t*)array.append(utf16len * sizeof(uint16_t)); - for (int j = 0; j < length; ++j) { - ptr += SkUTF::ToUTF16(buffer[j], ptr); - } - } break; - case kUTF32_SkTextEncoding: - memcpy(array.append(length * sizeof(SkUnichar)), buffer, length * sizeof(SkUnichar)); - break; - default: - SkASSERT(false); - break; - } - return array; -} - -static sk_sp<SkTextBlob> make_fuzz_textblob(Fuzz* fuzz) { - SkTextBlobBuilder textBlobBuilder; - int8_t runCount; - fuzz->nextRange(&runCount, (int8_t)1, (int8_t)8); - while (runCount-- > 0) { - SkFont font; - SkTextEncoding encoding = fuzz_paint_text_encoding(fuzz); - font.setEdging(make_fuzz_t<bool>(fuzz) ? SkFont::Edging::kAlias : SkFont::Edging::kAntiAlias); - SkTDArray<uint8_t> text = make_fuzz_text(fuzz, font, encoding); - int glyphCount = font.countText(text.begin(), SkToSizeT(text.count()), encoding); - SkASSERT(glyphCount <= kMaxGlyphCount); - SkScalar x, y; - const SkTextBlobBuilder::RunBuffer* buffer; - uint8_t runType; - fuzz->nextRange(&runType, (uint8_t)0, (uint8_t)2); - const void* textPtr = text.begin(); - size_t textLen = SkToSizeT(text.count()); - switch (runType) { - case 0: - fuzz->next(&x, &y); - // TODO: Test other variations of this. - buffer = &textBlobBuilder.allocRun(font, glyphCount, x, y); - (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount); - break; - case 1: - fuzz->next(&y); - // TODO: Test other variations of this. - buffer = &textBlobBuilder.allocRunPosH(font, glyphCount, y); - (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount); - fuzz->nextN(buffer->pos, glyphCount); - break; - case 2: - // TODO: Test other variations of this. - buffer = &textBlobBuilder.allocRunPos(font, glyphCount); - (void)font.textToGlyphs(textPtr, textLen, encoding, buffer->glyphs, glyphCount); - fuzz->nextN(buffer->pos, glyphCount * 2); - break; - default: - SkASSERT(false); - break; - } - } - return textBlobBuilder.make(); -} - -extern std::atomic<bool> gSkUseDeltaAA; -extern std::atomic<bool> gSkForceDeltaAA; - -static void fuzz_canvas(Fuzz* fuzz, SkCanvas* canvas, int depth = 9) { - if (!fuzz || !canvas || depth <= 0) { - return; - } - SkAutoCanvasRestore autoCanvasRestore(canvas, false); - bool useDAA; - fuzz->next(&useDAA); - if (useDAA) { - gSkForceDeltaAA = true; - gSkUseDeltaAA = true; - } - unsigned N; - fuzz->nextRange(&N, 0, 2000); - for (unsigned i = 0; i < N; ++i) { - if (fuzz->exhausted()) { - return; - } - SkPaint paint; - SkFont font; - unsigned drawCommand; - fuzz->nextRange(&drawCommand, 0, 53); - switch (drawCommand) { - case 0: - canvas->flush(); - break; - case 1: - canvas->save(); - break; - case 2: { - SkRect bounds; - fuzz->next(&bounds); - fuzz_paint(fuzz, &paint, depth - 1); - canvas->saveLayer(&bounds, &paint); - break; - } - case 3: { - SkRect bounds; - fuzz->next(&bounds); - canvas->saveLayer(&bounds, nullptr); - break; - } - case 4: - fuzz_paint(fuzz, &paint, depth - 1); - canvas->saveLayer(nullptr, &paint); - break; - case 5: - canvas->saveLayer(nullptr, nullptr); - break; - case 6: { - uint8_t alpha; - fuzz->next(&alpha); - canvas->saveLayerAlpha(nullptr, (U8CPU)alpha); - break; - } - case 7: { - SkRect bounds; - uint8_t alpha; - fuzz->next(&bounds, &alpha); - canvas->saveLayerAlpha(&bounds, (U8CPU)alpha); - break; - } - case 8: { - SkCanvas::SaveLayerRec saveLayerRec; - SkRect bounds; - if (make_fuzz_t<bool>(fuzz)) { - fuzz->next(&bounds); - saveLayerRec.fBounds = &bounds; - } - if (make_fuzz_t<bool>(fuzz)) { - fuzz_paint(fuzz, &paint, depth - 1); - saveLayerRec.fPaint = &paint; - } - sk_sp<SkImageFilter> imageFilter; - if (make_fuzz_t<bool>(fuzz)) { - imageFilter = make_fuzz_imageFilter(fuzz, depth - 1); - saveLayerRec.fBackdrop = imageFilter.get(); - } - // _DumpCanvas can't handle this. - // if (make_fuzz_t<bool>(fuzz)) { - // saveLayerRec.fSaveLayerFlags |= SkCanvas::kPreserveLCDText_SaveLayerFlag; - // } - - canvas->saveLayer(saveLayerRec); - break; - } - case 9: - canvas->restore(); - break; - case 10: { - int saveCount; - fuzz->next(&saveCount); - canvas->restoreToCount(saveCount); - break; - } - case 11: { - SkScalar x, y; - fuzz->next(&x, &y); - canvas->translate(x, y); - break; - } - case 12: { - SkScalar x, y; - fuzz->next(&x, &y); - canvas->scale(x, y); - break; - } - case 13: { - SkScalar v; - fuzz->next(&v); - canvas->rotate(v); - break; - } - case 14: { - SkScalar x, y, v; - fuzz->next(&x, &y, &v); - canvas->rotate(v, x, y); - break; - } - case 15: { - SkScalar x, y; - fuzz->next(&x, &y); - canvas->skew(x, y); - break; - } - case 16: { - SkMatrix mat; - FuzzNiceMatrix(fuzz, &mat); - canvas->concat(mat); - break; - } - case 17: { - SkMatrix mat; - FuzzNiceMatrix(fuzz, &mat); - canvas->setMatrix(mat); - break; - } - case 18: - canvas->resetMatrix(); - break; - case 19: { - SkRect r; - int op; - bool doAntiAlias; - fuzz->next(&r, &doAntiAlias); - fuzz->nextRange(&op, 0, 1); - r.sort(); - canvas->clipRect(r, (SkClipOp)op, doAntiAlias); - break; - } - case 20: { - SkRRect rr; - int op; - bool doAntiAlias; - FuzzNiceRRect(fuzz, &rr); - fuzz->next(&doAntiAlias); - fuzz->nextRange(&op, 0, 1); - canvas->clipRRect(rr, (SkClipOp)op, doAntiAlias); - break; - } - case 21: { - SkPath path; - FuzzNicePath(fuzz, &path, 30); - int op; - bool doAntiAlias; - fuzz->next(&doAntiAlias); - fuzz->nextRange(&op, 0, 1); - canvas->clipPath(path, (SkClipOp)op, doAntiAlias); - break; - } - case 22: { - SkRegion region; - int op; - fuzz->next(®ion); - fuzz->nextRange(&op, 0, 1); - canvas->clipRegion(region, (SkClipOp)op); - break; - } - case 23: - fuzz_paint(fuzz, &paint, depth - 1); - canvas->drawPaint(paint); - break; - case 24: { - fuzz_paint(fuzz, &paint, depth - 1); - SkCanvas::PointMode pointMode; - fuzz->nextRange(&pointMode, - SkCanvas::kPoints_PointMode, SkCanvas::kPolygon_PointMode); - size_t count; - constexpr int kMaxCount = 30; - fuzz->nextRange(&count, 0, kMaxCount); - SkPoint pts[kMaxCount]; - fuzz->nextN(pts, count); - canvas->drawPoints(pointMode, count, pts, paint); - break; - } - case 25: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRect r; - fuzz->next(&r); - if (!r.isFinite()) { - break; - } - canvas->drawRect(r, paint); - break; - } - case 26: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRegion region; - fuzz->next(®ion); - canvas->drawRegion(region, paint); - break; - } - case 27: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRect r; - fuzz->next(&r); - if (!r.isFinite()) { - break; - } - canvas->drawOval(r, paint); - break; - } - case 28: break; // must have deleted this some time earlier - case 29: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRRect rr; - FuzzNiceRRect(fuzz, &rr); - canvas->drawRRect(rr, paint); - break; - } - case 30: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRRect orr, irr; - FuzzNiceRRect(fuzz, &orr); - FuzzNiceRRect(fuzz, &irr); - if (orr.getBounds().contains(irr.getBounds())) { - canvas->drawDRRect(orr, irr, paint); - } - break; - } - case 31: { - fuzz_paint(fuzz, &paint, depth - 1); - SkRect r; - SkScalar start, sweep; - bool useCenter; - fuzz->next(&r, &start, &sweep, &useCenter); - canvas->drawArc(r, start, sweep, useCenter, paint); - break; - } - case 32: { - fuzz_paint(fuzz, &paint, depth - 1); - SkPath path; - FuzzNicePath(fuzz, &path, 60); - canvas->drawPath(path, paint); - break; - } - case 33: { - sk_sp<SkImage> img = make_fuzz_image(fuzz); - SkScalar left, top; - bool usePaint; - fuzz->next(&left, &top, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - canvas->drawImage(img.get(), left, top, usePaint ? &paint : nullptr); - break; - } - case 34: { - auto img = make_fuzz_image(fuzz); - SkRect src, dst; - bool usePaint; - fuzz->next(&src, &dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - canvas->drawImageRect(img, src, dst, usePaint ? &paint : nullptr); - break; - } - case 35: { - auto img = make_fuzz_image(fuzz); - SkIRect src; - SkRect dst; - bool usePaint; - fuzz->next(&src, &dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - SkCanvas::SrcRectConstraint constraint = - make_fuzz_t<bool>(fuzz) ? SkCanvas::kStrict_SrcRectConstraint - : SkCanvas::kFast_SrcRectConstraint; - canvas->drawImageRect(img, src, dst, usePaint ? &paint : nullptr, constraint); - break; - } - case 36: { - bool usePaint; - auto img = make_fuzz_image(fuzz); - SkRect dst; - fuzz->next(&dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - canvas->drawImageRect(img, dst, usePaint ? &paint : nullptr); - break; - } - case 37: { - auto img = make_fuzz_image(fuzz); - SkIRect center; - SkRect dst; - bool usePaint; - fuzz->next(&usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - if (make_fuzz_t<bool>(fuzz)) { - fuzz->next(¢er); - } else { // Make valid center, see SkLatticeIter::Valid(). - fuzz->nextRange(¢er.fLeft, 0, img->width() - 1); - fuzz->nextRange(¢er.fTop, 0, img->height() - 1); - fuzz->nextRange(¢er.fRight, center.fLeft + 1, img->width()); - fuzz->nextRange(¢er.fBottom, center.fTop + 1, img->height()); - } - fuzz->next(&dst); - canvas->drawImageNine(img, center, dst, usePaint ? &paint : nullptr); - break; - } - case 38: { - SkBitmap bitmap = make_fuzz_bitmap(fuzz); - SkScalar left, top; - bool usePaint; - fuzz->next(&left, &top, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - canvas->drawBitmap(bitmap, left, top, usePaint ? &paint : nullptr); - break; - } - case 39: { - SkBitmap bitmap = make_fuzz_bitmap(fuzz); - SkRect src, dst; - bool usePaint; - fuzz->next(&src, &dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - SkCanvas::SrcRectConstraint constraint = - make_fuzz_t<bool>(fuzz) ? SkCanvas::kStrict_SrcRectConstraint - : SkCanvas::kFast_SrcRectConstraint; - canvas->drawBitmapRect(bitmap, src, dst, usePaint ? &paint : nullptr, constraint); - break; - } - case 40: { - SkBitmap img = make_fuzz_bitmap(fuzz); - SkIRect src; - SkRect dst; - bool usePaint; - fuzz->next(&src, &dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - SkCanvas::SrcRectConstraint constraint = - make_fuzz_t<bool>(fuzz) ? SkCanvas::kStrict_SrcRectConstraint - : SkCanvas::kFast_SrcRectConstraint; - canvas->drawBitmapRect(img, src, dst, usePaint ? &paint : nullptr, constraint); - break; - } - case 41: { - SkBitmap img = make_fuzz_bitmap(fuzz); - SkRect dst; - bool usePaint; - fuzz->next(&dst, &usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - SkCanvas::SrcRectConstraint constraint = - make_fuzz_t<bool>(fuzz) ? SkCanvas::kStrict_SrcRectConstraint - : SkCanvas::kFast_SrcRectConstraint; - canvas->drawBitmapRect(img, dst, usePaint ? &paint : nullptr, constraint); - break; - } - case 42: { - SkBitmap img = make_fuzz_bitmap(fuzz); - SkIRect center; - SkRect dst; - bool usePaint; - fuzz->next(&usePaint); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - if (make_fuzz_t<bool>(fuzz)) { - fuzz->next(¢er); - } else { // Make valid center, see SkLatticeIter::Valid(). - if (img.width() == 0 || img.height() == 0) { - // bitmap may not have had its pixels initialized. - break; - } - fuzz->nextRange(¢er.fLeft, 0, img.width() - 1); - fuzz->nextRange(¢er.fTop, 0, img.height() - 1); - fuzz->nextRange(¢er.fRight, center.fLeft + 1, img.width()); - fuzz->nextRange(¢er.fBottom, center.fTop + 1, img.height()); - } - fuzz->next(&dst); - canvas->drawBitmapNine(img, center, dst, usePaint ? &paint : nullptr); - break; - } - case 43: { - SkBitmap img = make_fuzz_bitmap(fuzz); - bool usePaint; - SkRect dst; - fuzz->next(&usePaint, &dst); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - constexpr int kMax = 6; - int xDivs[kMax], yDivs[kMax]; - SkCanvas::Lattice lattice{xDivs, yDivs, nullptr, 0, 0, nullptr, nullptr}; - fuzz->nextRange(&lattice.fXCount, 2, kMax); - fuzz->nextRange(&lattice.fYCount, 2, kMax); - fuzz->nextN(xDivs, lattice.fXCount); - fuzz->nextN(yDivs, lattice.fYCount); - canvas->drawBitmapLattice(img, lattice, dst, usePaint ? &paint : nullptr); - break; - } - case 44: { - auto img = make_fuzz_image(fuzz); - bool usePaint; - SkRect dst; - fuzz->next(&usePaint, &dst); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - constexpr int kMax = 6; - int xDivs[kMax], yDivs[kMax]; - SkCanvas::Lattice lattice{xDivs, yDivs, nullptr, 0, 0, nullptr, nullptr}; - fuzz->nextRange(&lattice.fXCount, 2, kMax); - fuzz->nextRange(&lattice.fYCount, 2, kMax); - fuzz->nextN(xDivs, lattice.fXCount); - fuzz->nextN(yDivs, lattice.fYCount); - canvas->drawImageLattice(img.get(), lattice, dst, usePaint ? &paint : nullptr); - break; - } - case 45: { - fuzz_paint(fuzz, &paint, depth - 1); - font = fuzz_font(fuzz); - SkTextEncoding encoding = fuzz_paint_text_encoding(fuzz); - SkScalar x, y; - fuzz->next(&x, &y); - SkTDArray<uint8_t> text = make_fuzz_text(fuzz, font, encoding); - canvas->drawSimpleText(text.begin(), SkToSizeT(text.count()), encoding, x, y, - font, paint); - break; - } - case 46: { - // was drawPosText - break; - } - case 47: { - // was drawPosTextH - break; - } - case 48: { - // was drawtextonpath - break; - } - case 49: { - // was drawtextonpath - break; - } - case 50: { - // was drawTextRSXform - break; - } - case 51: { - sk_sp<SkTextBlob> blob = make_fuzz_textblob(fuzz); - fuzz_paint(fuzz, &paint, depth - 1); - SkScalar x, y; - fuzz->next(&x, &y); - canvas->drawTextBlob(blob, x, y, paint); - break; - } - case 52: { - SkMatrix matrix; - bool usePaint, useMatrix; - fuzz->next(&usePaint, &useMatrix); - if (usePaint) { - fuzz_paint(fuzz, &paint, depth - 1); - } - if (useMatrix) { - FuzzNiceMatrix(fuzz, &matrix); - } - auto pic = make_fuzz_picture(fuzz, depth - 1); - canvas->drawPicture(pic, useMatrix ? &matrix : nullptr, - usePaint ? &paint : nullptr); - break; - } - case 53: { - fuzz_paint(fuzz, &paint, depth - 1); - SkVertices::VertexMode vertexMode; - SkBlendMode blendMode; - fuzz->nextRange(&vertexMode, 0, SkVertices::kTriangleFan_VertexMode); - fuzz->nextRange(&blendMode, 0, SkBlendMode::kLastMode); - constexpr int kMaxCount = 100; - int vertexCount; - SkPoint vertices[kMaxCount]; - SkPoint texs[kMaxCount]; - SkColor colors[kMaxCount]; - fuzz->nextRange(&vertexCount, 3, kMaxCount); - fuzz->nextN(vertices, vertexCount); - bool useTexs, useColors; - fuzz->next(&useTexs, &useColors); - if (useTexs) { - fuzz->nextN(texs, vertexCount); - } - if (useColors) { - fuzz->nextN(colors, vertexCount); - } - int indexCount = 0; - uint16_t indices[kMaxCount * 2]; - if (make_fuzz_t<bool>(fuzz)) { - fuzz->nextRange(&indexCount, vertexCount, vertexCount + kMaxCount); - for (int i = 0; i < indexCount; ++i) { - fuzz->nextRange(&indices[i], 0, vertexCount - 1); - } - } - canvas->drawVertices(SkVertices::MakeCopy(vertexMode, vertexCount, vertices, - useTexs ? texs : nullptr, - useColors ? colors : nullptr, - indexCount, indices), - blendMode, paint); - break; - } - default: - SkASSERT(false); - break; - } - } -} - -static sk_sp<SkPicture> make_fuzz_picture(Fuzz* fuzz, int depth) { - SkScalar w, h; - fuzz->next(&w, &h); - SkPictureRecorder pictureRecorder; - fuzz_canvas(fuzz, pictureRecorder.beginRecording(w, h), depth - 1); - return pictureRecorder.finishRecordingAsPicture(); -} - -DEF_FUZZ(NullCanvas, fuzz) { - fuzz_canvas(fuzz, SkMakeNullCanvas().get()); -} - -constexpr SkISize kCanvasSize = {128, 160}; - -DEF_FUZZ(RasterN32Canvas, fuzz) { - auto surface = SkSurface::MakeRasterN32Premul(kCanvasSize.width(), kCanvasSize.height()); - if (!surface || !surface->getCanvas()) { fuzz->signalBug(); } - fuzz_canvas(fuzz, surface->getCanvas()); -} - -DEF_FUZZ(RasterN32CanvasViaSerialization, fuzz) { - SkPictureRecorder recorder; - fuzz_canvas(fuzz, recorder.beginRecording(SkIntToScalar(kCanvasSize.width()), - SkIntToScalar(kCanvasSize.height()))); - sk_sp<SkPicture> pic(recorder.finishRecordingAsPicture()); - if (!pic) { fuzz->signalBug(); } - sk_sp<SkData> data = pic->serialize(); - if (!data) { fuzz->signalBug(); } - SkReadBuffer rb(data->data(), data->size()); - auto deserialized = SkPicturePriv::MakeFromBuffer(rb); - if (!deserialized) { fuzz->signalBug(); } - auto surface = SkSurface::MakeRasterN32Premul(kCanvasSize.width(), kCanvasSize.height()); - SkASSERT(surface && surface->getCanvas()); - surface->getCanvas()->drawPicture(deserialized); -} - -DEF_FUZZ(ImageFilter, fuzz) { - auto fil = make_fuzz_imageFilter(fuzz, 20); - - SkPaint paint; - paint.setImageFilter(fil); - SkBitmap bitmap; - SkCanvas canvas(bitmap); - canvas.saveLayer(SkRect::MakeWH(500, 500), &paint); -} - - -//SkRandom _rand; -#define SK_ADD_RANDOM_BIT_FLIPS - -DEF_FUZZ(SerializedImageFilter, fuzz) { - auto filter = make_fuzz_imageFilter(fuzz, 20); - if (!filter) { - return; - } - auto data = filter->serialize(); - const unsigned char* ptr = static_cast<const unsigned char*>(data->data()); - size_t len = data->size(); -#ifdef SK_ADD_RANDOM_BIT_FLIPS - unsigned char* p = const_cast<unsigned char*>(ptr); - for (size_t i = 0; i < len; ++i, ++p) { - uint8_t j; - fuzz->nextRange(&j, 1, 250); - if (j == 1) { // 0.4% of the time, flip a bit or byte - uint8_t k; - fuzz->nextRange(&k, 1, 10); - if (k == 1) { // Then 10% of the time, change a whole byte - uint8_t s; - fuzz->nextRange(&s, 0, 2); - switch(s) { - case 0: - *p ^= 0xFF; // Flip entire byte - break; - case 1: - *p = 0xFF; // Set all bits to 1 - break; - case 2: - *p = 0x00; // Set all bits to 0 - break; - } - } else { - uint8_t s; - fuzz->nextRange(&s, 0, 7); - *p ^= (1 << 7); - } - } - } -#endif // SK_ADD_RANDOM_BIT_FLIPS - auto deserializedFil = SkImageFilter::Deserialize(ptr, len); - - // uncomment below to write out a serialized image filter (to make corpus - // for -t filter_fuzz) - // SkString s("./serialized_filters/sf"); - // s.appendU32(_rand.nextU()); - // auto file = sk_fopen(s.c_str(), SkFILE_Flags::kWrite_SkFILE_Flag); - // sk_fwrite(data->bytes(), data->size(), file); - // sk_fclose(file); - - SkPaint paint; - paint.setImageFilter(deserializedFil); - SkBitmap bitmap; - SkCanvas canvas(bitmap); - canvas.saveLayer(SkRect::MakeWH(500, 500), &paint); -} - -#if SK_SUPPORT_GPU - -static void dump_GPU_info(GrContext* context) { - const GrGLInterface* gl = static_cast<GrGLGpu*>(context->contextPriv().getGpu()) - ->glInterface(); - const GrGLubyte* output; - GR_GL_CALL_RET(gl, output, GetString(GR_GL_RENDERER)); - SkDebugf("GL_RENDERER %s\n", (const char*) output); - - GR_GL_CALL_RET(gl, output, GetString(GR_GL_VENDOR)); - SkDebugf("GL_VENDOR %s\n", (const char*) output); - - GR_GL_CALL_RET(gl, output, GetString(GR_GL_VERSION)); - SkDebugf("GL_VERSION %s\n", (const char*) output); -} - -static void fuzz_ganesh(Fuzz* fuzz, GrContext* context) { - SkASSERT(context); - auto surface = SkSurface::MakeRenderTarget( - context, - SkBudgeted::kNo, - SkImageInfo::Make(kCanvasSize.width(), kCanvasSize.height(), kRGBA_8888_SkColorType, kPremul_SkAlphaType)); - SkASSERT(surface && surface->getCanvas()); - fuzz_canvas(fuzz, surface->getCanvas()); -} - -DEF_FUZZ(NativeGLCanvas, fuzz) { - sk_gpu_test::GrContextFactory f; - GrContext* context = f.get(sk_gpu_test::GrContextFactory::kGL_ContextType); - if (!context) { - context = f.get(sk_gpu_test::GrContextFactory::kGLES_ContextType); - } - if (FLAGS_gpuInfo) { - dump_GPU_info(context); - } - fuzz_ganesh(fuzz, context); -} - -// This target is deprecated, NullGLContext is not well maintained. -// Please use MockGPUCanvas instead. -DEF_FUZZ(NullGLCanvas, fuzz) { - sk_gpu_test::GrContextFactory f; - fuzz_ganesh(fuzz, f.get(sk_gpu_test::GrContextFactory::kNullGL_ContextType)); -} - -DEF_FUZZ(MockGPUCanvas, fuzz) { - sk_gpu_test::GrContextFactory f; - fuzz_ganesh(fuzz, f.get(sk_gpu_test::GrContextFactory::kMock_ContextType)); -} -#endif - -DEF_FUZZ(PDFCanvas, fuzz) { - SkNullWStream stream; - auto doc = SkPDF::MakeDocument(&stream); - fuzz_canvas(fuzz, doc->beginPage(SkIntToScalar(kCanvasSize.width()), - SkIntToScalar(kCanvasSize.height()))); -} - -// not a "real" thing to fuzz, used to debug errors found while fuzzing. -DEF_FUZZ(_DumpCanvas, fuzz) { - SkDebugCanvas debugCanvas(kCanvasSize.width(), kCanvasSize.height()); - fuzz_canvas(fuzz, &debugCanvas); - std::unique_ptr<SkCanvas> nullCanvas = SkMakeNullCanvas(); - UrlDataManager dataManager(SkString("data")); - Json::Value json = debugCanvas.toJSON(dataManager, debugCanvas.getSize(), nullCanvas.get()); - Json::StyledStreamWriter(" ").write(std::cout, json); -} diff --git a/chromium/third_party/skia/fuzz/FuzzCommon.cpp b/chromium/third_party/skia/fuzz/FuzzCommon.cpp deleted file mode 100644 index 79ffdee5635..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzCommon.cpp +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "FuzzCommon.h" - -// We don't always want to test NaNs and infinities. -static void fuzz_nice_float(Fuzz* fuzz, float* f) { - float v; - fuzz->next(&v); - constexpr float kLimit = 1.0e35f; // FLT_MAX? - *f = (v == v && v <= kLimit && v >= -kLimit) ? v : 0.0f; -} - -template <typename... Args> -static void fuzz_nice_float(Fuzz* fuzz, float* f, Args... rest) { - fuzz_nice_float(fuzz, f); - fuzz_nice_float(fuzz, rest...); -} - -static void fuzz_nice_rect(Fuzz* fuzz, SkRect* r) { - fuzz_nice_float(fuzz, &r->fLeft, &r->fTop, &r->fRight, &r->fBottom); - r->sort(); -} - -// allows some float values for path points -void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps) { - if (maxOps <= 0 || fuzz->exhausted() || path->countPoints() > 100000) { - return; - } - uint8_t fillType; - fuzz->nextRange(&fillType, 0, (uint8_t)SkPath::kInverseEvenOdd_FillType); - path->setFillType((SkPath::FillType)fillType); - uint8_t numOps; - fuzz->nextRange(&numOps, 0, maxOps); - for (uint8_t i = 0; i < numOps; ++i) { - // When we start adding the path to itself, the fuzzer can make an - // exponentially long path, which causes timeouts. - if (path->countPoints() > 100000) { - return; - } - // How many items in the switch statement below. - constexpr uint8_t PATH_OPERATIONS = 32; - uint8_t op; - fuzz->nextRange(&op, 0, PATH_OPERATIONS); - bool test; - SkPath p; - SkMatrix m; - SkRRect rr; - SkRect r; - SkPath::Direction dir; - unsigned int ui; - SkScalar a, b, c, d, e, f; - switch (op) { - case 0: - fuzz_nice_float(fuzz, &a, &b); - path->moveTo(a, b); - break; - case 1: - fuzz_nice_float(fuzz, &a, &b); - path->rMoveTo(a, b); - break; - case 2: - fuzz_nice_float(fuzz, &a, &b); - path->lineTo(a, b); - break; - case 3: - fuzz_nice_float(fuzz, &a, &b); - path->rLineTo(a, b); - break; - case 4: - fuzz_nice_float(fuzz, &a, &b, &c, &d); - path->quadTo(a, b, c, d); - break; - case 5: - fuzz_nice_float(fuzz, &a, &b, &c, &d); - path->rQuadTo(a, b, c, d); - break; - case 6: - fuzz_nice_float(fuzz, &a, &b, &c, &d, &e); - path->conicTo(a, b, c, d, e); - break; - case 7: - fuzz_nice_float(fuzz, &a, &b, &c, &d, &e); - path->rConicTo(a, b, c, d, e); - break; - case 8: - fuzz_nice_float(fuzz, &a, &b, &c, &d, &e, &f); - path->cubicTo(a, b, c, d, e, f); - break; - case 9: - fuzz_nice_float(fuzz, &a, &b, &c, &d, &e, &f); - path->rCubicTo(a, b, c, d, e, f); - break; - case 10: - fuzz_nice_float(fuzz, &a, &b, &c, &d, &e); - path->arcTo(a, b, c, d, e); - break; - case 11: - fuzz_nice_float(fuzz, &a, &b); - fuzz_nice_rect(fuzz, &r); - fuzz->next(&test); - path->arcTo(r, a, b, test); - break; - case 12: - path->close(); - break; - case 13: - fuzz_nice_rect(fuzz, &r); - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - path->addRect(r, dir); - break; - case 14: - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - fuzz_nice_rect(fuzz, &r); - fuzz->next(&ui); - path->addRect(r, dir, ui); - break; - case 15: - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - fuzz_nice_rect(fuzz, &r); - path->addOval(r, dir); - break; - case 16: - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - fuzz_nice_rect(fuzz, &r); - fuzz->next(&ui); - path->addOval(r, dir, ui); - break; - case 17: - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - fuzz_nice_float(fuzz, &a, &b, &c); - path->addCircle(a, b, c, dir); - break; - case 18: - fuzz_nice_rect(fuzz, &r); - fuzz_nice_float(fuzz, &a, &b); - path->addArc(r, a, b); - break; - case 19: - fuzz_nice_float(fuzz, &a, &b); - fuzz_nice_rect(fuzz, &r); - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - path->addRoundRect(r, a, b, dir); - break; - case 20: - FuzzNiceRRect(fuzz, &rr); - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - path->addRRect(rr, dir); - break; - case 21: - fuzz->nextRange(&ui, 0, 1); - dir = static_cast<SkPath::Direction>(ui); - FuzzNiceRRect(fuzz, &rr); - path->addRRect(rr, dir, ui); - break; - case 22: { - fuzz->nextRange(&ui, 0, 1); - SkPath::AddPathMode mode = static_cast<SkPath::AddPathMode>(ui); - FuzzNiceMatrix(fuzz, &m); - FuzzNicePath(fuzz, &p, maxOps-1); - path->addPath(p, m, mode); - break; - } - case 23: { - fuzz->nextRange(&ui, 0, 1); - SkPath::AddPathMode mode = static_cast<SkPath::AddPathMode>(ui); - FuzzNiceMatrix(fuzz, &m); - path->addPath(*path, m, mode); - break; - } - case 24: - FuzzNicePath(fuzz, &p, maxOps-1); - path->reverseAddPath(p); - break; - case 25: - path->addPath(*path); - break; - case 26: - path->reverseAddPath(*path); - break; - case 27: - fuzz_nice_float(fuzz, &a, &b); - path->offset(a, b, path); - break; - case 28: - FuzzNicePath(fuzz, &p, maxOps-1); - fuzz_nice_float(fuzz, &a, &b); - p.offset(a, b, path); - break; - case 29: - FuzzNiceMatrix(fuzz, &m); - path->transform(m, path); - break; - case 30: - FuzzNicePath(fuzz, &p, maxOps-1); - FuzzNiceMatrix(fuzz, &m); - p.transform(m, path); - break; - case 31: - fuzz_nice_float(fuzz, &a, &b); - path->setLastPt(a, b); - break; - case PATH_OPERATIONS: - path->shrinkToFit(); - break; - - default: - SkASSERT(false); - break; - } - SkASSERTF( path->isValid(), "path->isValid() failed at op %d, case %d", i, op); - } -} - -// allows all float values for path points -void FuzzEvilPath(Fuzz* fuzz, SkPath* path, int last_verb) { - while (!fuzz->exhausted()) { - // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint" - // smaller, which leads to more efficient fuzzing. - uint8_t operation; - fuzz->next(&operation); - SkScalar a,b,c,d,e,f; - - switch (operation % (last_verb + 1)) { - case SkPath::Verb::kMove_Verb: - fuzz->next(&a, &b); - path->moveTo(a, b); - break; - - case SkPath::Verb::kLine_Verb: - fuzz->next(&a, &b); - path->lineTo(a, b); - break; - - case SkPath::Verb::kQuad_Verb: - fuzz->next(&a, &b, &c, &d); - path->quadTo(a, b, c, d); - break; - - case SkPath::Verb::kConic_Verb: - fuzz->next(&a, &b, &c, &d, &e); - path->conicTo(a, b, c, d, e); - break; - - case SkPath::Verb::kCubic_Verb: - fuzz->next(&a, &b, &c, &d, &e, &f); - path->cubicTo(a, b, c, d, e, f); - break; - - case SkPath::Verb::kClose_Verb: - path->close(); - break; - - case SkPath::Verb::kDone_Verb: - // In this case, simply exit. - return; - } - } -} - -void FuzzNiceRRect(Fuzz* fuzz, SkRRect* rr) { - SkRect r; - fuzz_nice_rect(fuzz, &r); - - SkVector radii[4]; - for (SkVector& vec : radii) { - fuzz->nextRange(&vec.fX, 0.0f, 1.0f); - vec.fX *= 0.5f * r.width(); - fuzz->nextRange(&vec.fY, 0.0f, 1.0f); - vec.fY *= 0.5f * r.height(); - } - rr->setRectRadii(r, radii); - SkASSERT(rr->isValid()); -} - -void FuzzNiceMatrix(Fuzz* fuzz, SkMatrix* m) { - constexpr int kArrayLength = 9; - SkScalar buffer[kArrayLength]; - int matrixType; - fuzz->nextRange(&matrixType, 0, 4); - switch (matrixType) { - case 0: // identity - *m = SkMatrix::I(); - return; - case 1: // translate - fuzz->nextRange(&buffer[0], -4000.0f, 4000.0f); - fuzz->nextRange(&buffer[1], -4000.0f, 4000.0f); - *m = SkMatrix::MakeTrans(buffer[0], buffer[1]); - return; - case 2: // translate + scale - fuzz->nextRange(&buffer[0], -400.0f, 400.0f); - fuzz->nextRange(&buffer[1], -400.0f, 400.0f); - fuzz->nextRange(&buffer[2], -4000.0f, 4000.0f); - fuzz->nextRange(&buffer[3], -4000.0f, 4000.0f); - *m = SkMatrix::MakeScale(buffer[0], buffer[1]); - m->postTranslate(buffer[2], buffer[3]); - return; - case 3: // affine - fuzz->nextN(buffer, 6); - m->setAffine(buffer); - return; - case 4: // perspective - fuzz->nextN(buffer, kArrayLength); - m->set9(buffer); - return; - default: - SkASSERT(false); - return; - } -} - -void FuzzNiceRegion(Fuzz* fuzz, SkRegion* region, int maxN) { - uint8_t N; - fuzz->nextRange(&N, 0, maxN); - for (uint8_t i = 0; i < N; ++i) { - SkIRect r; - SkRegion::Op op; - // Avoid the sentinal value used by Region. - fuzz->nextRange(&r.fLeft, -2147483646, 2147483646); - fuzz->nextRange(&r.fTop, -2147483646, 2147483646); - fuzz->nextRange(&r.fRight, -2147483646, 2147483646); - fuzz->nextRange(&r.fBottom, -2147483646, 2147483646); - r.sort(); - fuzz->nextRange(&op, 0, SkRegion::kLastOp); - if (!region->op(r, op)) { - return; - } - } -} diff --git a/chromium/third_party/skia/fuzz/FuzzCommon.h b/chromium/third_party/skia/fuzz/FuzzCommon.h deleted file mode 100644 index c8190231a9e..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzCommon.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#ifndef FuzzCommon_DEFINED -#define FuzzCommon_DEFINED - -#include "Fuzz.h" -#include "SkMatrix.h" -#include "SkPath.h" -#include "SkRRect.h" -#include "SkRegion.h" - -// allows some float values for path points -void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps); -// allows all float values for path points -void FuzzEvilPath(Fuzz* fuzz, SkPath* path, int last_verb); - -void FuzzNiceRRect(Fuzz* fuzz, SkRRect* rr); - -void FuzzNiceMatrix(Fuzz* fuzz, SkMatrix* m); - -void FuzzNiceRegion(Fuzz* fuzz, SkRegion* region, int maxN); - -#endif - diff --git a/chromium/third_party/skia/fuzz/FuzzDrawFunctions.cpp b/chromium/third_party/skia/fuzz/FuzzDrawFunctions.cpp deleted file mode 100644 index 083c45ac0e1..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzDrawFunctions.cpp +++ /dev/null @@ -1,346 +0,0 @@ -/* - * Copyright 2016 Mozilla Foundation - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkBitmap.h" -#include "SkCanvas.h" -#include "SkFont.h" -#include "SkImage.h" -#include "SkPath.h" -#include "SkSurface.h" -#include "SkTextBlob.h" -#include "SkTypeface.h" -#include "SkClipOpPriv.h" - -static const int kBmpSize = 24; -static const int kMaxX = 250; -static const int kMaxY = 250; -static const int kPtsLen = 10; -static const int kTxtLen = 5; - -static void init_string(Fuzz* fuzz, char* str, size_t bufSize) { - for (size_t i = 0; i < bufSize-1; ++i) { - fuzz->nextRange(&str[i], 0x20, 0x7E); // printable ASCII - } - str[bufSize-1] = '\0'; -} - -// make_paint mostly borrowed from FilterFuzz.cpp -static void init_paint(Fuzz* fuzz, SkPaint* p) { - bool b; - fuzz->next(&b); - p->setAntiAlias(b); - - uint8_t tmp_u8; - fuzz->nextRange(&tmp_u8, 0, (int)SkBlendMode::kLastMode); - p->setBlendMode(static_cast<SkBlendMode>(tmp_u8)); - - SkColor co; - fuzz->next(&co); - p->setColor(co); - - fuzz->next(&b); - p->setDither(b); - - fuzz->nextRange(&tmp_u8, 0, (int)kHigh_SkFilterQuality); - p->setFilterQuality(static_cast<SkFilterQuality>(tmp_u8)); - - fuzz->nextRange(&tmp_u8, 0, (int)SkPaint::kLast_Cap); - p->setStrokeCap(static_cast<SkPaint::Cap>(tmp_u8)); - - fuzz->nextRange(&tmp_u8, 0, (int)SkPaint::kLast_Join); - p->setStrokeJoin(static_cast<SkPaint::Join>(tmp_u8)); - - SkScalar sc; - fuzz->next(&sc); - p->setStrokeMiter(sc); - - fuzz->next(&sc); - p->setStrokeWidth(sc); - - fuzz->nextRange(&tmp_u8, 0, (int)SkPaint::kStrokeAndFill_Style); - p->setStyle(static_cast<SkPaint::Style>(tmp_u8)); -} - -static void init_bitmap(Fuzz* fuzz, SkBitmap* bmp) { - uint8_t colorType; - fuzz->nextRange(&colorType, 0, (int)kLastEnum_SkColorType); - // ColorType needs to match what the system configuration is. - if (colorType == kRGBA_8888_SkColorType || colorType == kBGRA_8888_SkColorType) { - colorType = kN32_SkColorType; - } - bool b; - fuzz->next(&b); - SkImageInfo info = SkImageInfo::Make(kBmpSize, - kBmpSize, - (SkColorType)colorType, - b ? kOpaque_SkAlphaType : kPremul_SkAlphaType); - if (!bmp->tryAllocPixels(info)) { - SkDEBUGF("Bitmap not allocated\n"); - } - SkColor c; - fuzz->next(&c); - bmp->eraseColor(c); - - fuzz->next(&b); - SkPaint p; - if (b) { - init_paint(fuzz, &p); - } - else { - fuzz->next(&c); - p.setColor(c); - } -} - -static void init_surface(Fuzz* fuzz, sk_sp<SkSurface>* s) { - uint8_t x, y; - fuzz->nextRange(&x, 1, kMaxX); - fuzz->nextRange(&y, 1, kMaxY); - *s = SkSurface::MakeRasterN32Premul(x, y); - - if (!*s) { - // Was possibly too big for the memory constrained fuzzing environments - *s = SkSurface::MakeNull(x, y); - } -} - - -static void fuzz_drawText(Fuzz* fuzz, sk_sp<SkTypeface> typeface) { - SkFont font(typeface); - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - char text[kTxtLen]; - init_string(fuzz, text, kTxtLen); - - SkScalar x, y; - fuzz->next(&x, &y); - // populate pts array - SkPoint pts[kPtsLen]; - for (uint8_t i = 0; i < kPtsLen; ++i) { - pts[i].set(x, y); - x += font.getSize(); - } - - bool b; - fuzz->next(&b); - font.setForceAutoHinting(b); - fuzz->next(&b); - font.setEmbeddedBitmaps(b); - fuzz->next(&b); - font.setEmbolden(b); - fuzz->next(&b); - font.setEdging(b ? SkFont::Edging::kAntiAlias : SkFont::Edging::kSubpixelAntiAlias); - fuzz->next(&b); - font.setLinearMetrics(b); - fuzz->next(&b); - font.setSubpixel(b); - fuzz->next(&x); - font.setScaleX(x); - fuzz->next(&x); - font.setSkewX(x); - fuzz->next(&x); - font.setSize(x); - - SkCanvas* cnv = surface->getCanvas(); - fuzz->next(&x); - fuzz->next(&y); - cnv->drawTextBlob(SkTextBlob::MakeFromPosText(text, kTxtLen-1, pts, font), x, y, p); -} - -static void fuzz_drawCircle(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - SkScalar a, b, c; - fuzz->next(&a, &b, &c); - surface->getCanvas()->drawCircle(a, b, c, p); -} - -static void fuzz_drawLine(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - SkScalar a, b, c, d; - fuzz->next(&a, &b, &c, &d); - surface->getCanvas()->drawLine(a, b, c, d, p); -} - -static void fuzz_drawRect(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - SkScalar a, b, c, d; - fuzz->next(&a, &b, &c, &d); - SkRect r; - r = SkRect::MakeXYWH(a, b, c, d); - - SkCanvas* cnv = surface->getCanvas(); - cnv->drawRect(r, p); - - bool bl; - fuzz->next(&bl); - fuzz->next(&a, &b, &c, &d); - r = SkRect::MakeXYWH(a, b, c, d); - cnv->clipRect(r, kIntersect_SkClipOp, bl); -} - -static void fuzz_drawPath(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - // TODO(kjlubick): put the ability to fuzz a path in shared file, with - // other common things (e.g. rects, lines) - uint8_t i, j; - fuzz->nextRange(&i, 0, 10); // set i to number of operations to perform - SkPath path; - SkScalar a, b, c, d, e, f; - for (int k = 0; k < i; ++k) { - fuzz->nextRange(&j, 0, 5); // set j to choose operation to perform - switch (j) { - case 0: - fuzz->next(&a, &b); - path.moveTo(a, b); - break; - case 1: - fuzz->next(&a, &b); - path.lineTo(a, b); - break; - case 2: - fuzz->next(&a, &b, &c, &d); - path.quadTo(a, b, c, d); - break; - case 3: - fuzz->next(&a, &b, &c, &d, &e); - path.conicTo(a, b, c, d, e); - break; - case 4: - fuzz->next(&a, &b, &c, &d, &e, &f); - path.cubicTo(a, b, c, d, e, f); - break; - case 5: - fuzz->next(&a, &b, &c, &d, &e); - path.arcTo(a, b, c, d, e); - break; - } - } - path.close(); - - SkCanvas* cnv = surface->getCanvas(); - cnv->drawPath(path, p); - - bool bl; - fuzz->next(&bl); - cnv->clipPath(path, kIntersect_SkClipOp, bl); -} - -static void fuzz_drawBitmap(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - SkBitmap bmp; - init_bitmap(fuzz, &bmp); - - SkScalar a, b; - fuzz->next(&a, &b); - surface->getCanvas()->drawBitmap(bmp, a, b, &p); -} - -static void fuzz_drawImage(Fuzz* fuzz) { - SkPaint p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - SkBitmap bmp; - init_bitmap(fuzz, &bmp); - - sk_sp<SkImage> image(SkImage::MakeFromBitmap(bmp)); - - bool bl; - fuzz->next(&bl); - SkScalar a, b; - fuzz->next(&a, &b); - if (bl) { - surface->getCanvas()->drawImage(image, a, b, &p); - } - else { - SkRect dst = SkRect::MakeWH(a, b); - fuzz->next(&a, &b); - SkRect src = SkRect::MakeWH(a, b); - uint8_t x; - fuzz->nextRange(&x, 0, 1); - SkCanvas::SrcRectConstraint cst = (SkCanvas::SrcRectConstraint)x; - surface->getCanvas()->drawImageRect(image, src, dst, &p, cst); - } -} - -static void fuzz_drawPaint(Fuzz* fuzz) { - SkPaint l, p; - init_paint(fuzz, &p); - sk_sp<SkSurface> surface; - init_surface(fuzz, &surface); - - surface->getCanvas()->drawPaint(p); -} - -DEF_FUZZ(DrawFunctions, fuzz) { - uint8_t i; - fuzz->next(&i); - - switch(i) { - case 0: { - sk_sp<SkTypeface> f = SkTypeface::MakeDefault(); - if (f == nullptr) { - SkDebugf("Could not initialize font.\n"); - fuzz->signalBug(); - } - SkDEBUGF("Fuzz DrawText\n"); - fuzz_drawText(fuzz, f); - return; - } - case 1: - SkDEBUGF("Fuzz DrawRect\n"); - fuzz_drawRect(fuzz); - return; - case 2: - SkDEBUGF("Fuzz DrawCircle\n"); - fuzz_drawCircle(fuzz); - return; - case 3: - SkDEBUGF("Fuzz DrawLine\n"); - fuzz_drawLine(fuzz); - return; - case 4: - SkDEBUGF("Fuzz DrawPath\n"); - fuzz_drawPath(fuzz); - return; - case 5: - SkDEBUGF("Fuzz DrawImage/DrawImageRect\n"); - fuzz_drawImage(fuzz); - return; - case 6: - SkDEBUGF("Fuzz DrawBitmap\n"); - fuzz_drawBitmap(fuzz); - return; - case 7: - SkDEBUGF("Fuzz DrawPaint\n"); - fuzz_drawPaint(fuzz); - return; - } -} diff --git a/chromium/third_party/skia/fuzz/FuzzEncoders.cpp b/chromium/third_party/skia/fuzz/FuzzEncoders.cpp deleted file mode 100644 index 7ca4a48d9c6..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzEncoders.cpp +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 2018 Google LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkBitmap.h" -#include "SkImage.h" -#include "SkImageInfo.h" -#include "SkJpegEncoder.h" -#include "SkPixmap.h" -#include "SkPngEncoder.h" -#include "SkRandom.h" -#include "SkWebpEncoder.h" -#include "SkOSFile.h" - -#include <vector> - -// These values were picked arbitrarily to hopefully limit the size of the -// serialized SkPixmaps. -constexpr int MAX_WIDTH = 512; -constexpr int MAX_HEIGHT = 512; - -static SkBitmap make_fuzzed_bitmap(Fuzz* fuzz) { - SkBitmap bm; - uint32_t w, h; - fuzz->nextRange(&w, 1, MAX_WIDTH); - fuzz->nextRange(&h, 1, MAX_HEIGHT); - if (!bm.tryAllocPixels(SkImageInfo::MakeN32Premul(w, h))) { - return bm; - } - uint32_t n = w * h; - fuzz->nextN((SkPMColor*)bm.getPixels(), n); - return bm; -} - -DEF_FUZZ(PNGEncoder, fuzz) { - auto bm = make_fuzzed_bitmap(fuzz); - - auto opts = SkPngEncoder::Options{}; - fuzz->nextRange(&opts.fZLibLevel, 0, 9); - - SkDynamicMemoryWStream dest; - SkPngEncoder::Encode(&dest, bm.pixmap(), opts); -} - -DEF_FUZZ(JPEGEncoder, fuzz) { - auto bm = make_fuzzed_bitmap(fuzz); - - auto opts = SkJpegEncoder::Options{}; - fuzz->nextRange(&opts.fQuality, 0, 100); - - SkDynamicMemoryWStream dest; - (void)SkJpegEncoder::Encode(&dest, bm.pixmap(), opts); -} - -DEF_FUZZ(WEBPEncoder, fuzz) { - auto bm = make_fuzzed_bitmap(fuzz); - - auto opts = SkWebpEncoder::Options{}; - fuzz->nextRange(&opts.fQuality, 0.0f, 100.0f); - bool lossy; - fuzz->next(&lossy); - if (lossy) { - opts.fCompression = SkWebpEncoder::Compression::kLossy; - } else { - opts.fCompression = SkWebpEncoder::Compression::kLossless; - } - - SkDynamicMemoryWStream dest; - (void)SkWebpEncoder::Encode(&dest, bm.pixmap(), opts); -} - -// Not a real fuzz endpoint, but a helper to take in real, good images -// and dump out a corpus for this fuzzer. -DEF_FUZZ(_MakeEncoderCorpus, fuzz) { - auto bytes = fuzz->fBytes; - SkDebugf("bytes %d\n", bytes->size()); - auto img = SkImage::MakeFromEncoded(bytes); - if (nullptr == img.get()) { - SkDebugf("invalid image, could not decode\n"); - return; - } - if (img->width() > MAX_WIDTH || img->height() > MAX_HEIGHT) { - SkDebugf("Too big (%d x %d)\n", img->width(), img->height()); - return; - } - std::vector<int32_t> dstPixels; - int rowBytes = img->width() * 4; - dstPixels.resize(img->height() * rowBytes); - SkPixmap pm(SkImageInfo::MakeN32Premul(img->width(), img->height()), - &dstPixels.front(), rowBytes); - if (!img->readPixels(pm, 0, 0)) { - SkDebugf("Could not read pixmap\n"); - return; - } - - SkString s("./encoded_corpus/enc_"); - static SkRandom rand; - s.appendU32(rand.nextU()); - auto file = sk_fopen(s.c_str(), SkFILE_Flags::kWrite_SkFILE_Flag); - if (!file) { - SkDebugf("Can't initialize file\n"); - return; - } - auto total = pm.info().bytesPerPixel() * pm.width() * pm.height(); - SkDebugf("Writing %d (%d x %d) bytes\n", total, pm.width(), pm.height()); - // Write out the size in two bytes since that's what the fuzzer will - // read first. - uint32_t w = pm.width(); - sk_fwrite(&w, sizeof(uint32_t), file); - uint32_t h = pm.height(); - sk_fwrite(&h, sizeof(uint32_t), file); - sk_fwrite(pm.addr(), total, file); - sk_fclose(file); -} diff --git a/chromium/third_party/skia/fuzz/FuzzGradients.cpp b/chromium/third_party/skia/fuzz/FuzzGradients.cpp deleted file mode 100644 index f9d0742382b..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzGradients.cpp +++ /dev/null @@ -1,274 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkCanvas.h" -#include "SkCommonFlags.h" -#include "SkGradientShader.h" -#include "SkSurface.h" -#include "SkTLazy.h" - -#include <algorithm> -#include <vector> - -const int MAX_COUNT = 400; - -void makeMatrix(Fuzz* fuzz, SkMatrix* m) { - SkScalar mat[9]; - fuzz->nextN(mat, 9); - m->set9(mat); -} - -void initGradientParams(Fuzz* fuzz, std::vector<SkColor>* colors, - std::vector<SkScalar>* pos, SkShader::TileMode* mode) { - int count; - fuzz->nextRange(&count, 0, MAX_COUNT); - - // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint" - // smaller, which leads to more efficient fuzzing. - uint8_t m; - fuzz->nextRange(&m, 0, 2); - *mode = static_cast<SkShader::TileMode>(m); - - colors->clear(); - pos ->clear(); - for (int i = 0; i < count; i++) { - SkColor c; - SkScalar s; - fuzz->next(&c, &s); - colors->push_back(c); - pos ->push_back(s); - } - if (count) { - std::sort(pos->begin(), pos->end()); - // The order matters. If count == 1, we want pos == 0. - (*pos)[count - 1] = 1; - (*pos)[0] = 0; - } -} - -static void logOptionalMatrix(const char* label, const SkMatrix* m) { - if (!m) { - return; - } - - SkDEBUGF(" %s: [ ", label); - for (int i = 0; i < 9; ++i) { - SkDEBUGF("%.9g ", m->get(i)); - } - SkDEBUGF("]\n"); -} - -static void logLinearGradient(const SkPoint pts[2], - const std::vector<SkColor>& colors, - const std::vector<SkScalar> pos, - SkShader::TileMode mode, - uint32_t flags, - const SkMatrix* localMatrix, - const SkMatrix* globalMatrix) { - if (!FLAGS_verbose) { - return; - } - - SkDebugf("--- fuzzLinearGradient ---\n"); - SkDebugf(" pts:\t\t[ (%.9g %.9g) (%.9g %.9g) ]\n", - pts[0].x(), pts[0].y(), pts[1].x(), pts[1].y()); - SkDebugf(" colors:\t[ "); - for (auto color : colors) { - SkDebugf("0x%x ", color); - } - - SkDebugf("]\n pos:\t\t"); - if (pos.empty()) { - SkDebugf("nullptr"); - } else { - SkDebugf("[ "); - for (auto p : pos) { - SkDebugf("%f ", p); - } - } - SkDebugf("]\n"); - - static const char* gModeName[] = { - "kClamp_TileMode", "kRepeat_TileMode", "kMirror_TileMode" - }; - SkASSERT(mode < SK_ARRAY_COUNT(gModeName)); - SkDebugf(" mode:\t\t%s\n", gModeName[mode]); - SkDebugf(" flags:\t0x%x\n", flags); - logOptionalMatrix("local matrix", localMatrix); - logOptionalMatrix("global matrix", globalMatrix); -} - -void fuzzLinearGradient(Fuzz* fuzz) { - SkPoint pts[2]; - fuzz->next(&pts[0].fX, &pts[0].fY, &pts[1].fX, &pts[1].fY); - bool useLocalMatrix, useGlobalMatrix; - fuzz->next(&useLocalMatrix, &useGlobalMatrix); - - std::vector<SkColor> colors; - std::vector<SkScalar> pos; - SkShader::TileMode mode; - initGradientParams(fuzz, &colors, &pos, &mode); - - SkPaint p; - uint32_t flags; - fuzz->next(&flags); - - SkTLazy<SkMatrix> localMatrix; - if (useLocalMatrix) { - makeMatrix(fuzz, localMatrix.init()); - } - p.setShader(SkGradientShader::MakeLinear(pts, colors.data(), pos.data(), - colors.size(), mode, flags, localMatrix.getMaybeNull())); - - sk_sp<SkSurface> surface(SkSurface::MakeRasterN32Premul(50, 50)); - if (useGlobalMatrix) { - SkMatrix gm; - makeMatrix(fuzz, &gm); - logLinearGradient(pts, colors, pos, mode, flags, localMatrix.getMaybeNull(), &gm); - SkCanvas* c = surface->getCanvas(); - c->setMatrix(gm); - c->drawPaint(p); - } else { - logLinearGradient(pts, colors, pos, mode, flags, localMatrix.getMaybeNull(), nullptr); - surface->getCanvas()->drawPaint(p); - } -} - -void fuzzRadialGradient(Fuzz* fuzz) { - SkPoint center; - fuzz->next(¢er.fX, ¢er.fY); - SkScalar radius; - bool useLocalMatrix, useGlobalMatrix; - fuzz->next(&radius, &useLocalMatrix, &useGlobalMatrix); - - - std::vector<SkColor> colors; - std::vector<SkScalar> pos; - SkShader::TileMode mode; - initGradientParams(fuzz, &colors, &pos, &mode); - - SkPaint p; - uint32_t flags; - fuzz->next(&flags); - - SkTLazy<SkMatrix> localMatrix; - if (useLocalMatrix) { - makeMatrix(fuzz, localMatrix.init()); - } - p.setShader(SkGradientShader::MakeRadial(center, radius, colors.data(), - pos.data(), colors.size(), mode, flags, localMatrix.getMaybeNull())); - - - sk_sp<SkSurface> surface(SkSurface::MakeRasterN32Premul(50, 50)); - if (useGlobalMatrix) { - SkMatrix gm; - makeMatrix(fuzz, &gm); - SkCanvas* c = surface->getCanvas(); - c->setMatrix(gm); - c->drawPaint(p); - } else { - surface->getCanvas()->drawPaint(p); - } -} - -void fuzzTwoPointConicalGradient(Fuzz* fuzz) { - SkPoint start; - fuzz->next(&start.fX, &start.fY); - SkPoint end; - fuzz->next(&end.fX, &end.fY); - SkScalar startRadius, endRadius; - bool useLocalMatrix, useGlobalMatrix; - fuzz->next(&startRadius, &endRadius, &useLocalMatrix, &useGlobalMatrix); - - std::vector<SkColor> colors; - std::vector<SkScalar> pos; - SkShader::TileMode mode; - initGradientParams(fuzz, &colors, &pos, &mode); - - SkPaint p; - uint32_t flags; - fuzz->next(&flags); - - SkTLazy<SkMatrix> localMatrix; - if (useLocalMatrix) { - makeMatrix(fuzz, localMatrix.init()); - } - p.setShader(SkGradientShader::MakeTwoPointConical(start, startRadius, - end, endRadius, colors.data(), pos.data(), colors.size(), mode, - flags, localMatrix.getMaybeNull())); - - sk_sp<SkSurface> surface(SkSurface::MakeRasterN32Premul(50, 50)); - if (useGlobalMatrix) { - SkMatrix gm; - makeMatrix(fuzz, &gm); - SkCanvas* c = surface->getCanvas(); - c->setMatrix(gm); - c->drawPaint(p); - } else { - surface->getCanvas()->drawPaint(p); - } -} - -void fuzzSweepGradient(Fuzz* fuzz) { - SkScalar cx, cy; - bool useLocalMatrix, useGlobalMatrix; - fuzz->next(&cx, &cy, &useLocalMatrix, &useGlobalMatrix); - - std::vector<SkColor> colors; - std::vector<SkScalar> pos; - SkShader::TileMode mode; - initGradientParams(fuzz, &colors, &pos, &mode); - - SkPaint p; - if (useLocalMatrix) { - SkMatrix m; - makeMatrix(fuzz, &m); - uint32_t flags; - fuzz->next(&flags); - - p.setShader(SkGradientShader::MakeSweep(cx, cy, colors.data(), - pos.data(), colors.size(), flags, &m)); - } else { - p.setShader(SkGradientShader::MakeSweep(cx, cy, colors.data(), - pos.data(), colors.size())); - } - - sk_sp<SkSurface> surface(SkSurface::MakeRasterN32Premul(50, 50)); - if (useGlobalMatrix) { - SkMatrix gm; - makeMatrix(fuzz, &gm); - SkCanvas* c = surface->getCanvas(); - c->setMatrix(gm); - c->drawPaint(p); - } else { - surface->getCanvas()->drawPaint(p); - } -} - -DEF_FUZZ(Gradients, fuzz) { - uint8_t i; - fuzz->next(&i); - - switch(i) { - case 0: - SkDEBUGF("LinearGradient\n"); - fuzzLinearGradient(fuzz); - return; - case 1: - SkDEBUGF("RadialGradient\n"); - fuzzRadialGradient(fuzz); - return; - case 2: - SkDEBUGF("TwoPointConicalGradient\n"); - fuzzTwoPointConicalGradient(fuzz); - return; - } - SkDEBUGF("SweepGradient\n"); - fuzzSweepGradient(fuzz); - return; -} diff --git a/chromium/third_party/skia/fuzz/FuzzMain.cpp b/chromium/third_party/skia/fuzz/FuzzMain.cpp deleted file mode 100644 index 0ba3fc96a26..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzMain.cpp +++ /dev/null @@ -1,725 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkCanvas.h" -#include "SkCodec.h" -#include "SkCommandLineFlags.h" -#include "SkData.h" -#include "SkImage.h" -#include "SkImageEncoder.h" -#include "SkMallocPixelRef.h" -#include "SkOSFile.h" -#include "SkOSPath.h" -#include "SkPaint.h" -#include "SkPath.h" -#include "SkPicturePriv.h" -#include "SkReadBuffer.h" -#include "SkStream.h" -#include "SkSurface.h" -#include "SkTextBlob.h" - -#if SK_SUPPORT_GPU -#include "SkSLCompiler.h" -#endif - -#include "sk_tool_utils.h" - -#include <iostream> -#include <map> -#include <regex> -#include <signal.h> - -DEFINE_string2(bytes, b, "", "A path to a file or a directory. If a file, the " - "contents will be used as the fuzz bytes. If a directory, all files " - "in the directory will be used as fuzz bytes for the fuzzer, one at a " - "time."); -DEFINE_string2(name, n, "", "If --type is 'api', fuzz the API with this name."); -DEFINE_string2(dump, d, "", "If not empty, dump 'image*' or 'skp' types as a " - "PNG with this name."); -DEFINE_bool2(verbose, v, false, "Print more information while fuzzing."); - -// This cannot be inlined in DEFINE_string2 due to interleaved ifdefs -static constexpr char g_type_message[] = "How to interpret --bytes, one of:\n" - "android_codec\n" - "animated_image_decode\n" - "api\n" - "color_deserialize\n" - "filter_fuzz (equivalent to Chrome's filter_fuzz_stub)\n" - "image_decode\n" - "image_decode_incremental\n" - "image_mode\n" - "image_scale\n" - "json\n" - "path_deserialize\n" - "region_deserialize\n" - "region_set_path\n" - "skp\n" - "sksl2glsl\n" -#if defined(SK_ENABLE_SKOTTIE) - "skottie_json\n" -#endif - "textblob"; - -DEFINE_string2(type, t, "", g_type_message); - -static int fuzz_file(SkString path, SkString type); -static uint8_t calculate_option(SkData*); -static SkString try_auto_detect(SkString path, SkString* name); - -static void fuzz_android_codec(sk_sp<SkData>); -static void fuzz_animated_img(sk_sp<SkData>); -static void fuzz_api(sk_sp<SkData> bytes, SkString name); -static void fuzz_color_deserialize(sk_sp<SkData>); -static void fuzz_filter_fuzz(sk_sp<SkData>); -static void fuzz_image_decode(sk_sp<SkData>); -static void fuzz_image_decode_incremental(sk_sp<SkData>); -static void fuzz_img(sk_sp<SkData>, uint8_t, uint8_t); -static void fuzz_json(sk_sp<SkData>); -static void fuzz_path_deserialize(sk_sp<SkData>); -static void fuzz_region_deserialize(sk_sp<SkData>); -static void fuzz_region_set_path(sk_sp<SkData>); -static void fuzz_skp(sk_sp<SkData>); -static void fuzz_textblob_deserialize(sk_sp<SkData>); - -static void print_api_names(); - -#if SK_SUPPORT_GPU -static void fuzz_sksl2glsl(sk_sp<SkData>); -#endif - -#if defined(SK_ENABLE_SKOTTIE) -static void fuzz_skottie_json(sk_sp<SkData>); -#endif - -int main(int argc, char** argv) { - SkCommandLineFlags::SetUsage("Usage: fuzz -t <type> -b <path/to/file> [-n api-to-fuzz]\n" - " fuzz -b <path/to/file>\n" - "--help lists the valid types. If type is not specified,\n" - "fuzz will make a guess based on the name of the file.\n"); - SkCommandLineFlags::Parse(argc, argv); - - SkString path = SkString(FLAGS_bytes.isEmpty() ? argv[0] : FLAGS_bytes[0]); - SkString type = SkString(FLAGS_type.isEmpty() ? "" : FLAGS_type[0]); - - if (!sk_isdir(path.c_str())) { - return fuzz_file(path, type); - } - - SkOSFile::Iter it(path.c_str()); - for (SkString file; it.next(&file); ) { - SkString p = SkOSPath::Join(path.c_str(), file.c_str()); - SkDebugf("Fuzzing %s\n", p.c_str()); - int rv = fuzz_file(p, type); - if (rv != 0) { - return rv; - } - } - return 0; -} - -static int fuzz_file(SkString path, SkString type) { - sk_sp<SkData> bytes(SkData::MakeFromFileName(path.c_str())); - if (!bytes) { - SkDebugf("Could not read %s\n", path.c_str()); - return 1; - } - - SkString name = SkString(FLAGS_name.isEmpty() ? "" : FLAGS_name[0]); - - if (type.isEmpty()) { - type = try_auto_detect(path, &name); - } - - if (type.isEmpty()) { - SkDebugf("Could not autodetect type of %s\n", path.c_str()); - return 1; - } - if (type.equals("android_codec")) { - fuzz_android_codec(bytes); - return 0; - } - if (type.equals("animated_image_decode")) { - fuzz_animated_img(bytes); - return 0; - } - if (type.equals("api")) { - fuzz_api(bytes, name); - return 0; - } - if (type.equals("color_deserialize")) { - fuzz_color_deserialize(bytes); - return 0; - } - if (type.equals("filter_fuzz")) { - fuzz_filter_fuzz(bytes); - return 0; - } - if (type.equals("image_decode")) { - fuzz_image_decode(bytes); - return 0; - } - if (type.equals("image_decode_incremental")) { - fuzz_image_decode_incremental(bytes); - return 0; - } - if (type.equals("image_scale")) { - uint8_t option = calculate_option(bytes.get()); - fuzz_img(bytes, option, 0); - return 0; - } - if (type.equals("image_mode")) { - uint8_t option = calculate_option(bytes.get()); - fuzz_img(bytes, 0, option); - return 0; - } - if (type.equals("json")) { - fuzz_json(bytes); - return 0; - } - if (type.equals("path_deserialize")) { - fuzz_path_deserialize(bytes); - return 0; - } - if (type.equals("region_deserialize")) { - fuzz_region_deserialize(bytes); - return 0; - } - if (type.equals("region_set_path")) { - fuzz_region_set_path(bytes); - return 0; - } - if (type.equals("pipe")) { - SkDebugf("I would prefer not to.\n"); - return 0; - } -#if defined(SK_ENABLE_SKOTTIE) - if (type.equals("skottie_json")) { - fuzz_skottie_json(bytes); - return 0; - } -#endif - if (type.equals("skp")) { - fuzz_skp(bytes); - return 0; - } - if (type.equals("textblob")) { - fuzz_textblob_deserialize(bytes); - return 0; - } -#if SK_SUPPORT_GPU - if (type.equals("sksl2glsl")) { - fuzz_sksl2glsl(bytes); - return 0; - } -#endif - SkDebugf("Unknown type %s\n", type.c_str()); - SkCommandLineFlags::PrintUsage(); - return 1; -} - -static std::map<std::string, std::string> cf_api_map = { - {"api_draw_functions", "DrawFunctions"}, - {"api_gradients", "Gradients"}, - {"api_image_filter", "ImageFilter"}, - {"api_mock_gpu_canvas", "MockGPUCanvas"}, - {"api_null_canvas", "NullCanvas"}, - {"api_path_measure", "PathMeasure"}, - {"api_pathop", "Pathop"}, - {"api_polyutils", "PolyUtils"}, - {"api_raster_n32_canvas", "RasterN32Canvas"}, - {"jpeg_encoder", "JPEGEncoder"}, - {"png_encoder", "PNGEncoder"}, - {"skia_pathop_fuzzer", "LegacyChromiumPathop"}, - {"webp_encoder", "WEBPEncoder"} -}; - -// maps clusterfuzz/oss-fuzz -> Skia's name -static std::map<std::string, std::string> cf_map = { - {"android_codec", "android_codec"}, - {"animated_image_decode", "animated_image_decode"}, - {"image_decode", "image_decode"}, - {"image_decode_incremental", "image_decode_incremental"}, - {"image_filter_deserialize", "filter_fuzz"}, - {"image_filter_deserialize_width", "filter_fuzz"}, - {"path_deserialize", "path_deserialize"}, - {"region_deserialize", "region_deserialize"}, - {"region_set_path", "region_set_path"}, - {"skjson", "json"}, -#if defined(SK_ENABLE_SKOTTIE) - {"skottie_json", "skottie_json"}, -#endif - {"textblob_deserialize", "textblob"} -}; - -static SkString try_auto_detect(SkString path, SkString* name) { - std::cmatch m; - std::regex clusterfuzz("clusterfuzz-testcase(-minimized)?-([a-z0-9_]+)-[\\d]+"); - std::regex skiafuzzer("(api-)?(\\w+)-[a-f0-9]+"); - - if (std::regex_search(path.c_str(), m, clusterfuzz)) { - std::string type = m.str(2); - - if (cf_api_map.find(type) != cf_api_map.end()) { - *name = SkString(cf_api_map[type].c_str()); - return SkString("api"); - } else { - if (cf_map.find(type) != cf_map.end()) { - return SkString(cf_map[type].c_str()); - } - } - } else if (std::regex_search(path.c_str(), m, skiafuzzer)) { - std::string a1 = m.str(1); - std::string typeOrName = m.str(2); - if (a1.length() > 0) { - // it's an api fuzzer - *name = SkString(typeOrName.c_str()); - return SkString("api"); - } else { - return SkString(typeOrName.c_str()); - } - } - - return SkString(""); -} - -void FuzzJSON(sk_sp<SkData> bytes); - -static void fuzz_json(sk_sp<SkData> bytes){ - FuzzJSON(bytes); - SkDebugf("[terminated] Done parsing!\n"); -} - -#if defined(SK_ENABLE_SKOTTIE) -void FuzzSkottieJSON(sk_sp<SkData> bytes); - -static void fuzz_skottie_json(sk_sp<SkData> bytes){ - FuzzSkottieJSON(bytes); - SkDebugf("[terminated] Done animating!\n"); -} -#endif - -// This adds up the first 1024 bytes and returns it as an 8 bit integer. This allows afl-fuzz to -// deterministically excercise different paths, or *options* (such as different scaling sizes or -// different image modes) without needing to introduce a parameter. This way we don't need a -// image_scale1, image_scale2, image_scale4, etc fuzzer, we can just have a image_scale fuzzer. -// Clients are expected to transform this number into a different range, e.g. with modulo (%). -static uint8_t calculate_option(SkData* bytes) { - uint8_t total = 0; - const uint8_t* data = bytes->bytes(); - for (size_t i = 0; i < 1024 && i < bytes->size(); i++) { - total += data[i]; - } - return total; -} - -static void print_api_names(){ - SkDebugf("When using --type api, please choose an API to fuzz with --name/-n:\n"); - for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) { - SkDebugf("\t%s\n", fuzzable.name); - } -} - -static void fuzz_api(sk_sp<SkData> bytes, SkString name) { - for (const Fuzzable& fuzzable : sk_tools::Registry<Fuzzable>::Range()) { - if (name.equals(fuzzable.name)) { - SkDebugf("Fuzzing %s...\n", fuzzable.name); - Fuzz fuzz(std::move(bytes)); - fuzzable.fn(&fuzz); - SkDebugf("[terminated] Success!\n"); - return; - } - } - - print_api_names(); -} - -static void dump_png(SkBitmap bitmap) { - if (!FLAGS_dump.isEmpty()) { - sk_tool_utils::EncodeImageToFile(FLAGS_dump[0], bitmap, SkEncodedImageFormat::kPNG, 100); - SkDebugf("Dumped to %s\n", FLAGS_dump[0]); - } -} - -bool FuzzAnimatedImage(sk_sp<SkData> bytes); - -static void fuzz_animated_img(sk_sp<SkData> bytes) { - if (FuzzAnimatedImage(bytes)) { - SkDebugf("[terminated] Success from decoding/drawing animated image!\n"); - return; - } - SkDebugf("[terminated] Could not decode or draw animated image.\n"); -} - -bool FuzzImageDecode(sk_sp<SkData> bytes); - -static void fuzz_image_decode(sk_sp<SkData> bytes) { - if (FuzzImageDecode(bytes)) { - SkDebugf("[terminated] Success from decoding/drawing image!\n"); - return; - } - SkDebugf("[terminated] Could not decode or draw image.\n"); -} - -bool FuzzIncrementalImageDecode(sk_sp<SkData> bytes); - -static void fuzz_image_decode_incremental(sk_sp<SkData> bytes) { - if (FuzzIncrementalImageDecode(bytes)) { - SkDebugf("[terminated] Success using incremental decode!\n"); - return; - } - SkDebugf("[terminated] Could not incrementally decode and image.\n"); -} - -bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize); - -static void fuzz_android_codec(sk_sp<SkData> bytes) { - Fuzz fuzz(bytes); - uint8_t sampleSize; - fuzz.nextRange(&sampleSize, 1, 64); - bytes = SkData::MakeSubset(bytes.get(), 1, bytes->size() - 1); - if (FuzzAndroidCodec(bytes, sampleSize)) { - SkDebugf("[terminated] Success on Android Codec sampleSize=%u!\n", sampleSize); - return; - } - SkDebugf("[terminated] Could not use Android Codec sampleSize=%u!\n", sampleSize); -} - -// This is a "legacy" fuzzer that likely does too much. It was based off of how -// DM reads in images. image_decode, image_decode_incremental and android_codec -// are more targeted fuzzers that do a subset of what this one does. -static void fuzz_img(sk_sp<SkData> bytes, uint8_t scale, uint8_t mode) { - // We can scale 1x, 2x, 4x, 8x, 16x - scale = scale % 5; - float fscale = (float)pow(2.0f, scale); - SkDebugf("Scaling factor: %f\n", fscale); - - // We have 5 different modes of decoding. - mode = mode % 5; - SkDebugf("Mode: %d\n", mode); - - // This is mostly copied from DMSrcSink's CodecSrc::draw method. - SkDebugf("Decoding\n"); - std::unique_ptr<SkCodec> codec(SkCodec::MakeFromData(bytes)); - if (nullptr == codec.get()) { - SkDebugf("[terminated] Couldn't create codec.\n"); - return; - } - - SkImageInfo decodeInfo = codec->getInfo(); - SkISize size = codec->getScaledDimensions(fscale); - decodeInfo = decodeInfo.makeWH(size.width(), size.height()); - - SkBitmap bitmap; - SkCodec::Options options; - options.fZeroInitialized = SkCodec::kYes_ZeroInitialized; - - if (!bitmap.tryAllocPixelsFlags(decodeInfo, SkBitmap::kZeroPixels_AllocFlag)) { - SkDebugf("[terminated] Could not allocate memory. Image might be too large (%d x %d)", - decodeInfo.width(), decodeInfo.height()); - return; - } - - switch (mode) { - case 0: {//kCodecZeroInit_Mode, kCodec_Mode - switch (codec->getPixels(decodeInfo, bitmap.getPixels(), bitmap.rowBytes(), &options)) { - case SkCodec::kSuccess: - SkDebugf("[terminated] Success!\n"); - break; - case SkCodec::kIncompleteInput: - SkDebugf("[terminated] Partial Success\n"); - break; - case SkCodec::kErrorInInput: - SkDebugf("[terminated] Partial Success with error\n"); - break; - case SkCodec::kInvalidConversion: - SkDebugf("Incompatible colortype conversion\n"); - // Crash to allow afl-fuzz to know this was a bug. - raise(SIGSEGV); - default: - SkDebugf("[terminated] Couldn't getPixels.\n"); - return; - } - break; - } - case 1: {//kScanline_Mode - if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo)) { - SkDebugf("[terminated] Could not start scanline decoder\n"); - return; - } - - void* dst = bitmap.getAddr(0, 0); - size_t rowBytes = bitmap.rowBytes(); - uint32_t height = decodeInfo.height(); - // We do not need to check the return value. On an incomplete - // image, memory will be filled with a default value. - codec->getScanlines(dst, height, rowBytes); - SkDebugf("[terminated] Success!\n"); - break; - } - case 2: { //kStripe_Mode - const int height = decodeInfo.height(); - // This value is chosen arbitrarily. We exercise more cases by choosing a value that - // does not align with image blocks. - const int stripeHeight = 37; - const int numStripes = (height + stripeHeight - 1) / stripeHeight; - - // Decode odd stripes - if (SkCodec::kSuccess != codec->startScanlineDecode(decodeInfo) - || SkCodec::kTopDown_SkScanlineOrder != codec->getScanlineOrder()) { - // This mode was designed to test the new skip scanlines API in libjpeg-turbo. - // Jpegs have kTopDown_SkScanlineOrder, and at this time, it is not interesting - // to run this test for image types that do not have this scanline ordering. - SkDebugf("[terminated] Could not start top-down scanline decoder\n"); - return; - } - - for (int i = 0; i < numStripes; i += 2) { - // Skip a stripe - const int linesToSkip = SkTMin(stripeHeight, height - i * stripeHeight); - codec->skipScanlines(linesToSkip); - - // Read a stripe - const int startY = (i + 1) * stripeHeight; - const int linesToRead = SkTMin(stripeHeight, height - startY); - if (linesToRead > 0) { - codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes()); - } - } - - // Decode even stripes - const SkCodec::Result startResult = codec->startScanlineDecode(decodeInfo); - if (SkCodec::kSuccess != startResult) { - SkDebugf("[terminated] Failed to restart scanline decoder with same parameters.\n"); - return; - } - for (int i = 0; i < numStripes; i += 2) { - // Read a stripe - const int startY = i * stripeHeight; - const int linesToRead = SkTMin(stripeHeight, height - startY); - codec->getScanlines(bitmap.getAddr(0, startY), linesToRead, bitmap.rowBytes()); - - // Skip a stripe - const int linesToSkip = SkTMin(stripeHeight, height - (i + 1) * stripeHeight); - if (linesToSkip > 0) { - codec->skipScanlines(linesToSkip); - } - } - SkDebugf("[terminated] Success!\n"); - break; - } - case 3: { //kSubset_Mode - // Arbitrarily choose a divisor. - int divisor = 2; - // Total width/height of the image. - const int W = codec->getInfo().width(); - const int H = codec->getInfo().height(); - if (divisor > W || divisor > H) { - SkDebugf("[terminated] Cannot codec subset: divisor %d is too big " - "with dimensions (%d x %d)\n", divisor, W, H); - return; - } - // subset dimensions - // SkWebpCodec, the only one that supports subsets, requires even top/left boundaries. - const int w = SkAlign2(W / divisor); - const int h = SkAlign2(H / divisor); - SkIRect subset; - SkCodec::Options opts; - opts.fSubset = ⊂ - SkBitmap subsetBm; - // We will reuse pixel memory from bitmap. - void* pixels = bitmap.getPixels(); - // Keep track of left and top (for drawing subsetBm into canvas). We could use - // fscale * x and fscale * y, but we want integers such that the next subset will start - // where the last one ended. So we'll add decodeInfo.width() and height(). - int left = 0; - for (int x = 0; x < W; x += w) { - int top = 0; - for (int y = 0; y < H; y+= h) { - // Do not make the subset go off the edge of the image. - const int preScaleW = SkTMin(w, W - x); - const int preScaleH = SkTMin(h, H - y); - subset.setXYWH(x, y, preScaleW, preScaleH); - // And fscale - // FIXME: Should we have a version of getScaledDimensions that takes a subset - // into account? - decodeInfo = decodeInfo.makeWH( - SkTMax(1, SkScalarRoundToInt(preScaleW * fscale)), - SkTMax(1, SkScalarRoundToInt(preScaleH * fscale))); - size_t rowBytes = decodeInfo.minRowBytes(); - if (!subsetBm.installPixels(decodeInfo, pixels, rowBytes)) { - SkDebugf("[terminated] Could not install pixels.\n"); - return; - } - const SkCodec::Result result = codec->getPixels(decodeInfo, pixels, rowBytes, - &opts); - switch (result) { - case SkCodec::kSuccess: - case SkCodec::kIncompleteInput: - case SkCodec::kErrorInInput: - SkDebugf("okay\n"); - break; - case SkCodec::kInvalidConversion: - if (0 == (x|y)) { - // First subset is okay to return unimplemented. - SkDebugf("[terminated] Incompatible colortype conversion\n"); - return; - } - // If the first subset succeeded, a later one should not fail. - // fall through to failure - case SkCodec::kUnimplemented: - if (0 == (x|y)) { - // First subset is okay to return unimplemented. - SkDebugf("[terminated] subset codec not supported\n"); - return; - } - // If the first subset succeeded, why would a later one fail? - // fall through to failure - default: - SkDebugf("[terminated] subset codec failed to decode (%d, %d, %d, %d) " - "with dimensions (%d x %d)\t error %d\n", - x, y, decodeInfo.width(), decodeInfo.height(), - W, H, result); - return; - } - // translate by the scaled height. - top += decodeInfo.height(); - } - // translate by the scaled width. - left += decodeInfo.width(); - } - SkDebugf("[terminated] Success!\n"); - break; - } - case 4: { //kAnimated_Mode - std::vector<SkCodec::FrameInfo> frameInfos = codec->getFrameInfo(); - if (frameInfos.size() == 0) { - SkDebugf("[terminated] Not an animated image\n"); - break; - } - - for (size_t i = 0; i < frameInfos.size(); i++) { - options.fFrameIndex = i; - auto result = codec->startIncrementalDecode(decodeInfo, bitmap.getPixels(), - bitmap.rowBytes(), &options); - if (SkCodec::kSuccess != result) { - SkDebugf("[terminated] failed to start incremental decode " - "in frame %d with error %d\n", i, result); - return; - } - - result = codec->incrementalDecode(); - if (result == SkCodec::kIncompleteInput || result == SkCodec::kErrorInInput) { - SkDebugf("okay\n"); - // Frames beyond this one will not decode. - break; - } - if (result == SkCodec::kSuccess) { - SkDebugf("okay - decoded frame %d\n", i); - } else { - SkDebugf("[terminated] incremental decode failed with " - "error %d\n", result); - return; - } - } - SkDebugf("[terminated] Success!\n"); - break; - } - default: - SkDebugf("[terminated] Mode not implemented yet\n"); - } - - dump_png(bitmap); -} - -static void fuzz_skp(sk_sp<SkData> bytes) { - SkReadBuffer buf(bytes->data(), bytes->size()); - SkDebugf("Decoding\n"); - sk_sp<SkPicture> pic(SkPicturePriv::MakeFromBuffer(buf)); - if (!pic) { - SkDebugf("[terminated] Couldn't decode as a picture.\n"); - return; - } - SkDebugf("Rendering\n"); - SkBitmap bitmap; - if (!FLAGS_dump.isEmpty()) { - SkIRect size = pic->cullRect().roundOut(); - bitmap.allocN32Pixels(size.width(), size.height()); - } - SkCanvas canvas(bitmap); - canvas.drawPicture(pic); - SkDebugf("[terminated] Success! Decoded and rendered an SkPicture!\n"); - dump_png(bitmap); -} - -static void fuzz_color_deserialize(sk_sp<SkData> bytes) { - sk_sp<SkColorSpace> space(SkColorSpace::Deserialize(bytes->data(), bytes->size())); - if (!space) { - SkDebugf("[terminated] Couldn't deserialize Colorspace.\n"); - return; - } - SkDebugf("[terminated] Success! deserialized Colorspace.\n"); -} - -void FuzzPathDeserialize(SkReadBuffer& buf); - -static void fuzz_path_deserialize(sk_sp<SkData> bytes) { - SkReadBuffer buf(bytes->data(), bytes->size()); - FuzzPathDeserialize(buf); - SkDebugf("[terminated] path_deserialize didn't crash!\n"); -} - -bool FuzzRegionDeserialize(sk_sp<SkData> bytes); - -static void fuzz_region_deserialize(sk_sp<SkData> bytes) { - if (!FuzzRegionDeserialize(bytes)) { - SkDebugf("[terminated] Couldn't initialize SkRegion.\n"); - return; - } - SkDebugf("[terminated] Success! Initialized SkRegion.\n"); -} - -void FuzzTextBlobDeserialize(SkReadBuffer& buf); - -static void fuzz_textblob_deserialize(sk_sp<SkData> bytes) { - SkReadBuffer buf(bytes->data(), bytes->size()); - FuzzTextBlobDeserialize(buf); - SkDebugf("[terminated] textblob didn't crash!\n"); -} - -void FuzzRegionSetPath(Fuzz* fuzz); - -static void fuzz_region_set_path(sk_sp<SkData> bytes) { - Fuzz fuzz(bytes); - FuzzRegionSetPath(&fuzz); - SkDebugf("[terminated] region_set_path didn't crash!\n"); -} - -void FuzzImageFilterDeserialize(sk_sp<SkData> bytes); - -static void fuzz_filter_fuzz(sk_sp<SkData> bytes) { - FuzzImageFilterDeserialize(bytes); - SkDebugf("[terminated] filter_fuzz didn't crash!\n"); -} - -#if SK_SUPPORT_GPU -static void fuzz_sksl2glsl(sk_sp<SkData> bytes) { - SkSL::Compiler compiler; - SkSL::String output; - SkSL::Program::Settings settings; - sk_sp<GrShaderCaps> caps = SkSL::ShaderCapsFactory::Default(); - settings.fCaps = caps.get(); - std::unique_ptr<SkSL::Program> program = compiler.convertProgram(SkSL::Program::kFragment_Kind, - SkSL::String((const char*) bytes->data()), - settings); - if (!program || !compiler.toGLSL(*program, &output)) { - SkDebugf("[terminated] Couldn't compile input.\n"); - return; - } - SkDebugf("[terminated] Success! Compiled input.\n"); -} -#endif diff --git a/chromium/third_party/skia/fuzz/FuzzParsePath.cpp b/chromium/third_party/skia/fuzz/FuzzParsePath.cpp deleted file mode 100644 index 7105f7aebd6..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzParsePath.cpp +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkString.h" -#include "SkParsePath.h" - -#include <stdlib.h> - -// Most of this is taken from random_parse_path.cpp and adapted to use the Fuzz -// instead of SKRandom - -static const struct Legal { - char fSymbol; - int fScalars; -} gLegal[] = { - { 'M', 2 }, - { 'H', 1 }, - { 'V', 1 }, - { 'L', 2 }, - { 'Q', 4 }, - { 'T', 2 }, - { 'C', 6 }, - { 'S', 4 }, - { 'A', 4 }, - { 'Z', 0 }, -}; - -static bool gEasy = false; // set to true while debugging to suppress unusual whitespace - -// mostly do nothing, then bias towards spaces -static const char gWhiteSpace[] = { 0, 0, 0, 0, 0, 0, 0, 0, ' ', ' ', ' ', ' ', 0x09, 0x0D, 0x0A }; - -static void add_white(Fuzz* fuzz, SkString* atom) { - if (gEasy) { - atom->append(" "); - return; - } - // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint" - // smaller, which leads to more efficient fuzzing. - uint8_t reps; - fuzz->nextRange(&reps, 0, 2); - for (uint8_t rep = 0; rep < reps; ++rep) { - uint8_t index; - fuzz->nextRange(&index, 0, (int) SK_ARRAY_COUNT(gWhiteSpace) - 1); - if (gWhiteSpace[index]) { - atom->append(&gWhiteSpace[index], 1); - } - } -} - -static void add_some_white(Fuzz* fuzz, SkString* atom) { - for(int i = 0; i < 10; i++) { - add_white(fuzz, atom); - } -} - -static void add_comma(Fuzz* fuzz, SkString* atom) { - if (gEasy) { - atom->append(","); - return; - } - add_white(fuzz, atom); - bool b; - fuzz->next(&b); - if (b) { - atom->append(","); - } - add_some_white(fuzz, atom); -} - -SkString MakeRandomParsePathPiece(Fuzz* fuzz) { - SkString atom; - uint8_t index; - fuzz->nextRange(&index, 0, (int) SK_ARRAY_COUNT(gLegal) - 1); - const Legal& legal = gLegal[index]; - gEasy ? atom.append("\n") : add_white(fuzz, &atom); - bool b; - fuzz->next(&b); - char symbol = legal.fSymbol | (b ? 0x20 : 0); - atom.append(&symbol, 1); - uint8_t reps; - fuzz->nextRange(&reps, 1, 3); - for (int rep = 0; rep < reps; ++rep) { - for (int index = 0; index < legal.fScalars; ++index) { - SkScalar coord; - fuzz->nextRange(&coord, 0.0f, 100.0f); - add_white(fuzz, &atom); - atom.appendScalar(coord); - if (rep < reps - 1 && index < legal.fScalars - 1) { - add_comma(fuzz, &atom); - } else { - add_some_white(fuzz, &atom); - } - if ('A' == legal.fSymbol && 1 == index) { - SkScalar s; - fuzz->nextRange(&s, -720.0f, 720.0f); - atom.appendScalar(s); - add_comma(fuzz, &atom); - fuzz->next(&b); - atom.appendU32(b); - add_comma(fuzz, &atom); - fuzz->next(&b); - atom.appendU32(b); - add_comma(fuzz, &atom); - } - } - } - return atom; -} - -DEF_FUZZ(ParsePath, fuzz) { - SkPath path; - SkString spec; - uint8_t count; - fuzz->nextRange(&count, 0, 40); - for (uint8_t i = 0; i < count; ++i) { - spec.append(MakeRandomParsePathPiece(fuzz)); - } - SkDebugf("SkParsePath::FromSVGString(%s, &path);\n",spec.c_str()); - if (!SkParsePath::FromSVGString(spec.c_str(), &path)){ - SkDebugf("Could not decode path\n"); - } -} diff --git a/chromium/third_party/skia/fuzz/FuzzPathMeasure.cpp b/chromium/third_party/skia/fuzz/FuzzPathMeasure.cpp deleted file mode 100644 index 62e7b7434c3..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzPathMeasure.cpp +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "FuzzCommon.h" -#include "SkPathMeasure.h" - -void inline ignoreResult(bool ) {} - -DEF_FUZZ(PathMeasure, fuzz) { - uint8_t bits; - fuzz->next(&bits); - SkScalar distance[6]; - for (auto index = 0; index < 6; ++index) { - fuzz->next(&distance[index]); - } - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkRect bounds = path.getBounds(); - SkScalar maxDim = SkTMax(bounds.width(), bounds.height()); - SkScalar resScale = maxDim / 1000; - SkPathMeasure measure(path, bits & 1, resScale); - SkPoint position; - SkVector tangent; - ignoreResult(measure.getPosTan(distance[0], &position, &tangent)); - SkPath dst; - ignoreResult(measure.getSegment(distance[1], distance[2], &dst, (bits >> 1) & 1)); - ignoreResult(measure.nextContour()); - ignoreResult(measure.getPosTan(distance[3], &position, &tangent)); - ignoreResult(measure.getSegment(distance[4], distance[5], &dst, (bits >> 2) & 1)); -} diff --git a/chromium/third_party/skia/fuzz/FuzzPathop.cpp b/chromium/third_party/skia/fuzz/FuzzPathop.cpp deleted file mode 100644 index bb9b88a6892..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzPathop.cpp +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Copyright 2016 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "FuzzCommon.h" -#include "SkPath.h" -#include "SkPathOps.h" -#include "SkRect.h" - -const uint8_t MAX_OPS = 20; - -DEF_FUZZ(Pathop, fuzz) { - - uint8_t choice; - fuzz->nextRange(&choice, 0, 4); - switch (choice) { - case 0: { - uint8_t ops; - fuzz->nextRange(&ops, 0, MAX_OPS); - SkOpBuilder builder; - for (uint8_t i = 0; i < ops && !fuzz->exhausted(); i++) { - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkPath::FillType ft; - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkPathOp op; - fuzz->nextRange(&op, 0, SkPathOp::kReverseDifference_SkPathOp); - builder.add(path, op); - } - - SkPath result; - builder.resolve(&result); - break; - } - case 1: { - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkPath::FillType ft; - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkPath result; - bool isSame; - fuzz->next(&isSame); - if (isSame) { - result = path; - } - Simplify(path, &result); - break; - } - case 2: { - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkPath::FillType ft; - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkPath path2; - FuzzEvilPath(fuzz, &path2, SkPath::Verb::kDone_Verb); - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkPathOp op; - fuzz->nextRange(&op, 0, SkPathOp::kReverseDifference_SkPathOp); - - SkPath result; - uint8_t pickOutput; - fuzz->nextRange(&pickOutput, 0, 2); - if (pickOutput == 1) { - result = path; - } else if (pickOutput == 2) { - result = path2; - } - Op(path, path2, op, &result); - break; - } - case 3: { - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkPath::FillType ft; - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkPath result; - bool isSame; - fuzz->next(&isSame); - if (isSame) { - result = path; - } - AsWinding(path, &result); - break; - } - case 4: { - SkPath path; - FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); - SkPath::FillType ft; - fuzz->nextRange(&ft, 0, SkPath::kInverseEvenOdd_FillType); - path.setFillType(ft); - - SkRect result; - TightBounds(path, &result); - break; - } - default: { - SkASSERT(false); - break; - } - } -} - - -const int kLastOp = SkPathOp::kReverseDifference_SkPathOp; - -void BuildPath(Fuzz* fuzz, SkPath* path) { - while (!fuzz->exhausted()) { - // Use a uint8_t to conserve bytes. This makes our "fuzzed bytes footprint" - // smaller, which leads to more efficient fuzzing. - uint8_t operation; - fuzz->next(&operation); - SkScalar a,b,c,d,e,f; - - switch (operation % (SkPath::Verb::kDone_Verb + 1)) { - case SkPath::Verb::kMove_Verb: - if (fuzz->remaining() < (2*sizeof(SkScalar))) { - fuzz->deplete(); - return; - } - fuzz->next(&a, &b); - path->moveTo(a, b); - break; - - case SkPath::Verb::kLine_Verb: - if (fuzz->remaining() < (2*sizeof(SkScalar))) { - fuzz->deplete(); - return; - } - fuzz->next(&a, &b); - path->lineTo(a, b); - break; - - case SkPath::Verb::kQuad_Verb: - if (fuzz->remaining() < (4*sizeof(SkScalar))) { - fuzz->deplete(); - return; - } - fuzz->next(&a, &b, &c, &d); - path->quadTo(a, b, c, d); - break; - - case SkPath::Verb::kConic_Verb: - if (fuzz->remaining() < (5*sizeof(SkScalar))) { - fuzz->deplete(); - return; - } - fuzz->next(&a, &b, &c, &d, &e); - path->conicTo(a, b, c, d, e); - break; - - case SkPath::Verb::kCubic_Verb: - if (fuzz->remaining() < (6*sizeof(SkScalar))) { - fuzz->deplete(); - return; - } - fuzz->next(&a, &b, &c, &d, &e, &f); - path->cubicTo(a, b, c, d, e, f); - break; - - case SkPath::Verb::kClose_Verb: - path->close(); - break; - - case SkPath::Verb::kDone_Verb: - // In this case, simply exit. - return; - } - } -} - -DEF_FUZZ(LegacyChromiumPathop, fuzz) { - // See https://cs.chromium.org/chromium/src/testing/libfuzzer/fuzzers/skia_pathop_fuzzer.cc - SkOpBuilder builder; - while (!fuzz->exhausted()) { - SkPath path; - uint8_t op; - fuzz->next(&op); - if (fuzz->exhausted()) { - break; - } - - BuildPath(fuzz, &path); - builder.add(path, static_cast<SkPathOp>(op % (kLastOp + 1))); - } - - SkPath result; - builder.resolve(&result); -} diff --git a/chromium/third_party/skia/fuzz/FuzzPolyUtils.cpp b/chromium/third_party/skia/fuzz/FuzzPolyUtils.cpp deleted file mode 100644 index 50321d3a173..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzPolyUtils.cpp +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2018 Google LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "SkPolyUtils.h" - -void inline ignoreResult(bool ) {} - -DEF_FUZZ(PolyUtils, fuzz) { - int count; - fuzz->nextRange(&count, 0, 512); - SkAutoSTMalloc<64, SkPoint> polygon(count); - for (int index = 0; index < count; ++index) { - fuzz->next(&polygon[index].fX, &polygon[index].fY); - } - - ignoreResult(SkGetPolygonWinding(polygon, count)); - ignoreResult(SkIsConvexPolygon(polygon, count)); - ignoreResult(SkIsSimplePolygon(polygon, count)); - - SkScalar inset; - fuzz->next(&inset); - SkTDArray<SkPoint> output; - ignoreResult(SkInsetConvexPolygon(polygon, count, inset, &output)); - - SkScalar offset; - fuzz->next(&offset); - ignoreResult(SkOffsetSimplePolygon(polygon, count, offset, &output)); - - SkAutoSTMalloc<64, uint16_t> indexMap(count); - for (int index = 0; index < count; ++index) { - fuzz->next(&indexMap[index]); - } - SkTDArray<uint16_t> outputIndices; - ignoreResult(SkTriangulateSimplePolygon(polygon, indexMap, count, &outputIndices)); -} diff --git a/chromium/third_party/skia/fuzz/FuzzRegionOp.cpp b/chromium/third_party/skia/fuzz/FuzzRegionOp.cpp deleted file mode 100644 index 8cc315729ac..00000000000 --- a/chromium/third_party/skia/fuzz/FuzzRegionOp.cpp +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "Fuzz.h" -#include "FuzzCommon.h" - -DEF_FUZZ(RegionOp, fuzz) { // `fuzz -t api -n RegionOp` - SkRegion regionA, regionB, regionC; - FuzzNiceRegion(fuzz, ®ionA, 2000); - FuzzNiceRegion(fuzz, ®ionB, 2000); - SkRegion::Op op; - fuzz->nextRange(&op, 0, SkRegion::kLastOp); - regionC.op(regionA, regionB, op); -} diff --git a/chromium/third_party/skia/fuzz/coverage b/chromium/third_party/skia/fuzz/coverage deleted file mode 100755 index d681d9369a7..00000000000 --- a/chromium/third_party/skia/fuzz/coverage +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh -# Copyright 2017 Google Inc. -# -# Use of this source code is governed by a BSD-style license that can be -# found in the LICENSE file. - -if [ -z "$1" ]; then - cat <<-EOM - Usage: - $0 [afl-out-loc] - - Run something like this: - $0 ~/afl-out - where afl-out is the directory containing all the output of the afl-fuzzers. - You can typically ssh into skia-fuzzer-be-1 and skia-fuzzer-be-2 and run - tar -czf afl-out.tar.gz /mnt/ssd0/fuzzes/afl-out/*/fuzzer0/queue - and extract it locally to get the directories needed to assess coverage. - - EOM - exit 1 -fi - -set -x -set -e - -cd "$(dirname "$0")/.." - -EXECUTABLE="fuzz" - -DIR="$(mktemp -d "${TMPDIR:-/tmp}/skia_coverage_XXXXXXXXXX")" -BUILD=out/coverage - -# Build $EXECUTABLE -bin/sync -bin/fetch-gn - -rm -rf $BUILD - -#TODO: make this work with Clang. -ARGS='cc="gcc" cxx="g++" extra_cflags=["--coverage"] extra_ldflags=["--coverage"]' -gn gen --args="$ARGS" "$BUILD" - -ninja -C "$BUILD" "$EXECUTABLE" - -GCOV="$(realpath tools/gcov_shim)" - -# Generate a zero-baseline so files not covered by $EXECUTABLE $@ will -# still show up in the report. This reads the .gcno files that are -# created at compile time. -lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/baseline -i - -# Running the binary generates the real coverage information, the .gcda files. -QUEUES=("$1/api_parse_path/fuzzer0/queue/*" "$1/color_deserialize/fuzzer0/queue/*" "$1/skcodec_scale/fuzzer0/queue/*" "$1/skcodec_mode/fuzzer0/queue/*" "$1/api_draw_functions/fuzzer0/queue/*" "$1/api_gradient/fuzzer0/queue/*" "$1/api_image_filter/fuzzer0/queue/*" "$1/api_pathop/fuzzer0/queue/*" "$1/sksl2glsl/fuzzer0/queue/*" "$1/null_canvas/fuzzer0/queue/*" "$1/pdf_canvas/fuzzer0/queue/*" "$1/n32_canvas/fuzzer0/queue/*") - -ARGS=("-n ParsePath" "-t color_deserialize" "-t image_scale" "-t image_mode" "-n DrawFunctions" "-n Gradients" "-n SerializedImageFilter" "-n Pathop" "-t sksl2glsl" "-n NullCanvas" "-n PDFCanvas" "-n RasterN32Canvas") - -# We can't simply pass the directories to the fuzzers because some of the fuzzes will -# crash or assert, which would kill the call to fuzz prematurely. Instead we run them -# individually using the loops below. -for i in `seq ${#QUEUES[@]}` -do - FILES=${QUEUES[i]} - for f in $FILES - do - # Executing the fuzzes sequentially would take a very long time. So, we run them - # in the background, making sure we don't go crazy and execute them too fast or - # that they execute for a long time. - timeout 10 $BUILD/$EXECUTABLE ${ARGS[i]} -b $f & - sleep .005s - done -done - -sleep 10s - -echo "done running the fuzzes -- generating report" - -lcov -q --gcov-tool="$GCOV" -c -b "$BUILD" -d "$BUILD" -o "$DIR"/coverage - -lcov -q -a "$DIR"/baseline -a "$DIR"/coverage -o "$DIR"/merged - -genhtml -q "$DIR"/merged --legend -o "$DIR"/coverage_report --ignore-errors source - -xdg-open "$DIR"/coverage_report/index.html diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp deleted file mode 100644 index 1f8753d012e..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAPIImageFilter.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_ImageFilter(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_ImageFilter(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAndroidCodec.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAndroidCodec.cpp deleted file mode 100644 index 2e6e2dd1c84..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAndroidCodec.cpp +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkAndroidCodec.h" -#include "SkBitmap.h" -#include "SkCanvas.h" -#include "SkData.h" -#include "SkSurface.h" - -#include "../Fuzz.h" - -bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize) { - auto codec = SkAndroidCodec::MakeFromData(bytes); - if (!codec) { - return false; - } - - auto size = codec->getSampledDimensions(sampleSize); - auto info = SkImageInfo::MakeN32Premul(size); - SkBitmap bm; - if (!bm.tryAllocPixels(info)) { - // May fail in memory-constrained fuzzing environments - return false; - } - - SkAndroidCodec::AndroidOptions options; - options.fSampleSize = sampleSize; - - auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options); - switch (result) { - case SkCodec::kSuccess: - case SkCodec::kIncompleteInput: - case SkCodec::kErrorInInput: - break; - default: - return false; - } - - auto surface = SkSurface::MakeRasterN32Premul(size.width(), size.height()); - if (!surface) { - // May return nullptr in memory-constrained fuzzing environments - return false; - } - - surface->getCanvas()->drawBitmap(bm, 0, 0); - return true; -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - Fuzz fuzz(bytes); - uint8_t sampleSize; - fuzz.nextRange(&sampleSize, 1, 64); - bytes = SkData::MakeSubset(bytes.get(), 1, size - 1); - FuzzAndroidCodec(bytes, sampleSize); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAnimatedImage.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAnimatedImage.cpp deleted file mode 100644 index e99f7bc52ff..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzAnimatedImage.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkAndroidCodec.h" -#include "SkAnimatedImage.h" -#include "SkCanvas.h" -#include "SkData.h" -#include "SkSurface.h" - -bool FuzzAnimatedImage(sk_sp<SkData> bytes) { - auto codec = SkAndroidCodec::MakeFromData(bytes); - if (nullptr == codec) { - return false; - } - auto aImg = SkAnimatedImage::Make(std::move(codec)); - if (nullptr == aImg) { - return false; - } - - auto s = SkSurface::MakeRasterN32Premul(128, 128); - if (!s) { - // May return nullptr in memory-constrained fuzzing environments - return false; - } - - int escape = 0; - while (!aImg->isFinished() && escape < 100) { - aImg->draw(s->getCanvas()); - escape++; - aImg->decodeNextFrame(); - } - return true; -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzAnimatedImage(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzDrawFunctions.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzDrawFunctions.cpp deleted file mode 100644 index ec4e766496d..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzDrawFunctions.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_DrawFunctions(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_DrawFunctions(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzGradients.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzGradients.cpp deleted file mode 100644 index 06948021b36..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzGradients.cpp +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_Gradients(Fuzz* f); - -bool FLAGS_verbose = false; -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_Gradients(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImage.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImage.cpp deleted file mode 100644 index 735eb9c4c28..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImage.cpp +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkImage.h" -#include "SkPaint.h" -#include "SkCanvas.h" -#include "SkData.h" -#include "SkSurface.h" - -bool FuzzImageDecode(sk_sp<SkData> bytes) { - auto img = SkImage::MakeFromEncoded(bytes); - if (nullptr == img.get()) { - return false; - } - - auto s = SkSurface::MakeRasterN32Premul(128, 128); - if (!s) { - // May return nullptr in memory-constrained fuzzing environments - return false; - } - - SkPaint p; - s->getCanvas()->drawImage(img, 0, 0, &p); - return true; -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzImageDecode(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp deleted file mode 100644 index 7ae7870ee84..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - - -#include "SkBitmap.h" -#include "SkCanvas.h" -#include "SkData.h" -#include "SkFontMgrPriv.h" -#include "SkImageFilter.h" -#include "SkPaint.h" -#include "SkTestFontMgr.h" - -void FuzzImageFilterDeserialize(sk_sp<SkData> bytes) { - const int BitmapSize = 24; - SkBitmap bitmap; - bitmap.allocN32Pixels(BitmapSize, BitmapSize); - SkCanvas canvas(bitmap); - canvas.clear(0x00000000); - - auto flattenable = SkImageFilter::Deserialize(bytes->data(), bytes->size()); - - if (flattenable != nullptr) { - // Let's see if using the filters can cause any trouble... - SkPaint paint; - paint.setImageFilter(flattenable); - canvas.save(); - canvas.clipRect(SkRect::MakeXYWH( - 0, 0, SkIntToScalar(BitmapSize), SkIntToScalar(BitmapSize))); - - // This call shouldn't crash or cause ASAN to flag any memory issues - // If nothing bad happens within this call, everything is fine - canvas.drawBitmap(bitmap, 0, 0, &paint); - - canvas.restore(); - } -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzImageFilterDeserialize(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzIncrementalImage.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzIncrementalImage.cpp deleted file mode 100644 index 4086b3b683e..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzIncrementalImage.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkBitmap.h" -#include "SkCodec.h" -#include "SkData.h" - -bool FuzzIncrementalImageDecode(sk_sp<SkData> bytes) { - auto codec = SkCodec::MakeFromData(bytes); - if (!codec) { - return false; - } - - SkBitmap bm; - if (!bm.tryAllocPixels(codec->getInfo())) { - // May fail in memory-constrained fuzzing environments - return false; - } - - auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes()); - if (result != SkCodec::kSuccess) { - return false; - } - - // Deliberately uninitialized to verify that incrementalDecode initializes it when it - // returns kIncompleteInput or kErrorInInput. - int rowsDecoded; - result = codec->incrementalDecode(&rowsDecoded); - switch (result) { - case SkCodec::kIncompleteInput: - case SkCodec::kErrorInInput: - if (rowsDecoded < bm.height()) { - void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes()); - sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes()); - } - return true; // decoded a partial image - case SkCodec::kSuccess: - return true; - default: - return false; - } -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzIncrementalImageDecode(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp deleted file mode 100644 index 3d5ce412e72..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJPEGEncoder.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_JPEGEncoder(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_JPEGEncoder(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJSON.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJSON.cpp deleted file mode 100644 index d6d3cf8d344..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzJSON.cpp +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkData.h" -#include "SkJSON.h" -#include "SkStream.h" - -void FuzzJSON(sk_sp<SkData> bytes) { - skjson::DOM dom(static_cast<const char*>(bytes->data()), bytes->size()); - SkDynamicMemoryWStream wstream; - dom.write(&wstream); -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzJSON(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp deleted file mode 100644 index 5a6f389bee1..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" -#include "SkTestFontMgr.h" -#include "SkFontMgrPriv.h" - -void fuzz_MockGPUCanvas(Fuzz* f); - -extern "C" { - - // Set default LSAN options. - const char *__lsan_default_options() { - // Don't print the list of LSAN suppressions on every execution. - return "print_suppressions=0"; - } - - int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_MockGPUCanvas(&fuzz); - return 0; - } -} // extern "C" diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzNullCanvas.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzNullCanvas.cpp deleted file mode 100644 index 2363af8dabb..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzNullCanvas.cpp +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" -#include "SkTestFontMgr.h" -#include "SkFontMgrPriv.h" - -void fuzz_NullCanvas(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_NullCanvas(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPNGEncoder.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPNGEncoder.cpp deleted file mode 100644 index 8e104166cf7..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPNGEncoder.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_PNGEncoder(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_PNGEncoder(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathDeserialize.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathDeserialize.cpp deleted file mode 100644 index 0584d31e5be..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathDeserialize.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkCanvas.h" -#include "SkPaint.h" -#include "SkPath.h" -#include "SkReadBuffer.h" -#include "SkSurface.h" - -void FuzzPathDeserialize(SkReadBuffer& buf) { - SkPath path; - buf.readPath(&path); - if (!buf.isValid()) { - return; - } - - auto s = SkSurface::MakeRasterN32Premul(128, 128); - if (!s) { - // May return nullptr in memory-constrained fuzzing environments - return; - } - s->getCanvas()->drawPath(path, SkPaint()); -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - if (size < 4) { - return 0; - } - uint32_t packed; - memcpy(&packed, data, 4); - unsigned version = packed & 0xFF; - if (version != 4) { - // Chrome only will produce version 4, so guide the fuzzer to - // only focus on those branches. - return 0; - } - SkReadBuffer buf(data, size); - FuzzPathDeserialize(buf); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathMeasure.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathMeasure.cpp deleted file mode 100644 index 27139429219..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathMeasure.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_PathMeasure(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_PathMeasure(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathop.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathop.cpp deleted file mode 100644 index d4ddddbfe27..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPathop.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_Pathop(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_Pathop(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPolyUtils.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPolyUtils.cpp deleted file mode 100644 index 166da7e3291..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzPolyUtils.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_PolyUtils(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_PolyUtils(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp deleted file mode 100644 index 8038cf5a985..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" -#include "SkTestFontMgr.h" -#include "SkFontMgrPriv.h" - -void fuzz_RasterN32Canvas(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_RasterN32Canvas(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp deleted file mode 100644 index 15cf7863b54..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionDeserialize.cpp +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - - -#include "SkCanvas.h" -#include "SkPaint.h" -#include "SkRegionPriv.h" -#include "SkSurface.h" - -bool FuzzRegionDeserialize(sk_sp<SkData> bytes) { - SkRegion region; - if (!region.readFromMemory(bytes->data(), bytes->size())) { - return false; - } - region.computeRegionComplexity(); - region.isComplex(); - SkRegion r2; - if (region == r2) { - region.contains(0,0); - } else { - region.contains(1,1); - } - auto s = SkSurface::MakeRasterN32Premul(128, 128); - if (!s) { - // May return nullptr in memory-constrained fuzzing environments - return false; - } - s->getCanvas()->drawRegion(region, SkPaint()); - SkDEBUGCODE(SkRegionPriv::Validate(region)); - return true; -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzRegionDeserialize(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionSetPath.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionSetPath.cpp deleted file mode 100644 index fa61d49bd98..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzRegionSetPath.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2018 Google Inc. - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" -#include "../FuzzCommon.h" -#include "SkData.h" -#include "SkPath.h" -#include "SkRegion.h" - - -void FuzzRegionSetPath(Fuzz* fuzz) { - SkPath p; - FuzzNicePath(fuzz, &p, 1000); - SkRegion r1; - bool initR1; - fuzz->next(&initR1); - if (initR1) { - fuzz->next(&r1); - } - SkRegion r2; - fuzz->next(&r2); - - r1.setPath(p, r2); - - // Do some follow on computations to make sure region is well-formed. - r1.computeRegionComplexity(); - r1.isComplex(); - if (r1 == r2) { - r1.contains(0,0); - } else { - r1.contains(1,1); - } -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - sk_sp<SkData> bytes(SkData::MakeWithoutCopy(data, size)); - Fuzz fuzz(bytes); - FuzzRegionSetPath(&fuzz); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp deleted file mode 100644 index 6b82c793580..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkCanvas.h" -#include "SkFontMgrPriv.h" -#include "SkPaint.h" -#include "SkReadBuffer.h" -#include "SkSurface.h" -#include "SkTestFontMgr.h" -#include "SkTextBlobPriv.h" - -void FuzzTextBlobDeserialize(SkReadBuffer& buf) { - auto tb = SkTextBlobPriv::MakeFromBuffer(buf); - if (!buf.isValid()) { - return; - } - - auto s = SkSurface::MakeRasterN32Premul(128, 128); - if (!s) { - // May return nullptr in memory-constrained fuzzing environments - return; - } - s->getCanvas()->drawTextBlob(tb, 200, 200, SkPaint()); -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - SkReadBuffer buf(data, size); - FuzzTextBlobDeserialize(buf); - return 0; -} -#endif diff --git a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp b/chromium/third_party/skia/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp deleted file mode 100644 index f1da38d6ca9..00000000000 --- a/chromium/third_party/skia/fuzz/oss_fuzz/FuzzWEBPEncoder.cpp +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "../Fuzz.h" - -void fuzz_WEBPEncoder(Fuzz* f); - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - auto fuzz = Fuzz(SkData::MakeWithoutCopy(data, size)); - fuzz_WEBPEncoder(&fuzz); - return 0; -} diff --git a/chromium/third_party/skia/gm/typeface.cpp b/chromium/third_party/skia/gm/typeface.cpp index 39d27fd2aa4..b90e9e77ef4 100644 --- a/chromium/third_party/skia/gm/typeface.cpp +++ b/chromium/third_party/skia/gm/typeface.cpp @@ -149,8 +149,7 @@ DEF_GM( return new TypefaceStylesGM(true); ) static void draw_typeface_rendering_gm(SkCanvas* canvas, sk_sp<SkTypeface> face, char character = 'A') { struct AliasType { - bool antiAlias; - bool subpixelAntitalias; + SkFont::Edging edging; bool inLayer; } constexpr aliasTypes[] { #ifndef SK_BUILD_FOR_IOS @@ -164,24 +163,12 @@ static void draw_typeface_rendering_gm(SkCanvas* canvas, sk_sp<SkTypeface> face, // 0x330b19d8 <+88>: ldr r0, [r4, #0x4] // Disable testing embedded bitmaps on iOS for now. // See https://bug.skia.org/5530 . - { false, false, false }, // aliased + { SkFont::Edging::kAlias , false }, #endif - { true, false, false }, // anti-aliased - { true, true , false }, // subpixel anti-aliased - { true, false, true }, // anti-aliased in layer (flat pixel geometry) - { true, true , true }, // subpixel anti-aliased in layer (flat pixel geometry) - }; - - auto compute_edging = [](AliasType at) { - if (at.antiAlias) { - if (at.subpixelAntitalias) { - return SkFont::Edging::kSubpixelAntiAlias; - } else { - return SkFont::Edging::kAntiAlias; - } - } else { - return SkFont::Edging::kAlias; - } + { SkFont::Edging::kAntiAlias , false }, + { SkFont::Edging::kSubpixelAntiAlias, false }, + { SkFont::Edging::kAntiAlias , true }, + { SkFont::Edging::kSubpixelAntiAlias, true }, }; // The hintgasp.ttf is designed for the following sizes to be different. @@ -229,7 +216,7 @@ static void draw_typeface_rendering_gm(SkCanvas* canvas, sk_sp<SkTypeface> face, font.setSubpixel(subpixel.requested); for (const AliasType& alias : aliasTypes) { - font.setEdging(compute_edging(alias)); + font.setEdging(alias.edging); SkAutoCanvasRestore acr(canvas, false); if (alias.inLayer) { canvas->saveLayer(nullptr, &paint); @@ -292,7 +279,7 @@ static void draw_typeface_rendering_gm(SkCanvas* canvas, sk_sp<SkTypeface> face, font.setEmbolden(fakeBold); for (const AliasType& alias : aliasTypes) { - font.setEdging(compute_edging(alias)); + font.setEdging(alias.edging); SkAutoCanvasRestore acr(canvas, false); if (alias.inLayer) { canvas->saveLayer(nullptr, &paint); @@ -343,7 +330,7 @@ static void draw_typeface_rendering_gm(SkCanvas* canvas, sk_sp<SkTypeface> face, y += dy; x = 5; - font.setEdging(compute_edging(alias)); + font.setEdging(alias.edging); SkAutoCanvasRestore acr(canvas, false); if (alias.inLayer) { canvas->saveLayer(nullptr, &paint); diff --git a/chromium/third_party/skia/modules/skottie/fuzz/FuzzSkottieJSON.cpp b/chromium/third_party/skia/modules/skottie/fuzz/FuzzSkottieJSON.cpp deleted file mode 100644 index 252fd8de686..00000000000 --- a/chromium/third_party/skia/modules/skottie/fuzz/FuzzSkottieJSON.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2018 Google, LLC - * - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ - -#include "SkData.h" -#include "SkFontMgrPriv.h" -#include "SkStream.h" -#include "SkTestFontMgr.h" -#include "Skottie.h" - -void FuzzSkottieJSON(sk_sp<SkData> bytes) { - SkMemoryStream stream(bytes); - auto animation = skottie::Animation::Make(&stream); - if (!animation) { - return; - } - animation->seek(0.1337f); // A "nothing up my sleeve" number -} - -#if defined(IS_FUZZING_WITH_LIBFUZZER) -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - gSkFontMgr_DefaultFactory = &sk_tool_utils::MakePortableFontMgr; - auto bytes = SkData::MakeWithoutCopy(data, size); - FuzzSkottieJSON(bytes); - return 0; -} -#endif diff --git a/chromium/third_party/skia/src/ports/SkFontHost_mac.cpp b/chromium/third_party/skia/src/ports/SkFontHost_mac.cpp index 4bfc7fa72ab..2f3aa34ff34 100644 --- a/chromium/third_party/skia/src/ports/SkFontHost_mac.cpp +++ b/chromium/third_party/skia/src/ports/SkFontHost_mac.cpp @@ -2230,16 +2230,17 @@ void SkTypeface_Mac::onFilterRec(SkScalerContextRec* rec) const { SmoothBehavior smoothBehavior = smooth_behavior(); // Only two levels of hinting are supported. - // kNo_Hinting means avoid CoreGraphics outline dilation. - // kNormal_Hinting means CoreGraphics outline dilation is allowed. - // If there is no lcd support, hinting (dilation) cannot be supported. - SkFontHinting hinting = rec->getHinting(); - if (kSlight_SkFontHinting == hinting || smoothBehavior == SmoothBehavior::none) { - hinting = kNo_SkFontHinting; - } else if (kFull_SkFontHinting == hinting) { - hinting = kNormal_SkFontHinting; + // kNo_Hinting means avoid CoreGraphics outline dilation (smoothing). + // kNormal_Hinting means CoreGraphics outline dilation (smoothing) is allowed. + if (kSlight_SkFontHinting == rec->getHinting()) { + rec->setHinting(kNo_SkFontHinting); + } else if (kFull_SkFontHinting == rec->getHinting()) { + rec->setHinting(kNormal_SkFontHinting); + } + // If smoothing has no effect, don't request it. + if (smoothBehavior == SmoothBehavior::none) { + rec->setHinting(kNo_SkFontHinting); } - rec->setHinting(hinting); // FIXME: lcd smoothed un-hinted rasterization unsupported. // Tracked by http://code.google.com/p/skia/issues/detail?id=915 . @@ -2259,7 +2260,6 @@ void SkTypeface_Mac::onFilterRec(SkScalerContextRec* rec) const { // [LCD][no-hint]: curently unable to honor, and must pick which to respect. // Currenly side with LCD, effectively ignoring the hinting setting. // [LCD][yes-hint]: generate LCD using CoreGraphic's LCD output. - if (rec->fMaskFormat == SkMask::kLCD16_Format) { if (smoothBehavior == SmoothBehavior::subpixel) { //CoreGraphics creates 555 masks for smoothed text anyway. @@ -2267,7 +2267,7 @@ void SkTypeface_Mac::onFilterRec(SkScalerContextRec* rec) const { rec->setHinting(kNormal_SkFontHinting); } else { rec->fMaskFormat = SkMask::kA8_Format; - if (smoothBehavior == SmoothBehavior::some) { + if (smoothBehavior != SmoothBehavior::none) { rec->setHinting(kNormal_SkFontHinting); } } @@ -2282,7 +2282,7 @@ void SkTypeface_Mac::onFilterRec(SkScalerContextRec* rec) const { // Unhinted A8 masks (those not derived from LCD masks) must respect SK_GAMMA_APPLY_TO_A8. // All other masks can use regular gamma. - if (SkMask::kA8_Format == rec->fMaskFormat && kNo_SkFontHinting == hinting) { + if (SkMask::kA8_Format == rec->fMaskFormat && kNo_SkFontHinting == rec->getHinting()) { #ifndef SK_GAMMA_APPLY_TO_A8 // SRGBTODO: Is this correct? Do we want contrast boost? rec->ignorePreBlend(); |