1/* 2 * Copyright 2018 Google, LLC 3 * 4 * Use of this source code is governed by a BSD-style license that can be 5 * found in the LICENSE file. 6 */ 7 8#include "include/codec/SkAndroidCodec.h" 9#include "include/core/SkBitmap.h" 10#include "include/core/SkCanvas.h" 11#include "include/core/SkData.h" 12#include "include/core/SkSurface.h" 13 14#include "fuzz/Fuzz.h" 15 16bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize) { 17 auto codec = SkAndroidCodec::MakeFromData(bytes); 18 if (!codec) { 19 return false; 20 } 21 22 auto size = codec->getSampledDimensions(sampleSize); 23 auto info = SkImageInfo::MakeN32Premul(size); 24 SkBitmap bm; 25 if (!bm.tryAllocPixels(info)) { 26 // May fail in memory-constrained fuzzing environments 27 return false; 28 } 29 30 SkAndroidCodec::AndroidOptions options; 31 options.fSampleSize = sampleSize; 32 33 auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options); 34 switch (result) { 35 case SkCodec::kSuccess: 36 case SkCodec::kIncompleteInput: 37 case SkCodec::kErrorInInput: 38 break; 39 default: 40 return false; 41 } 42 43 auto surface = SkSurface::MakeRasterN32Premul(size.width(), size.height()); 44 if (!surface) { 45 // May return nullptr in memory-constrained fuzzing environments 46 return false; 47 } 48 49 surface->getCanvas()->drawImage(bm.asImage(), 0, 0); 50 return true; 51} 52 53#if defined(SK_BUILD_FOR_LIBFUZZER) 54extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 55 if (size > 10240) { 56 return 0; 57 } 58 auto bytes = SkData::MakeWithoutCopy(data, size); 59 Fuzz fuzz(bytes); 60 uint8_t sampleSize; 61 fuzz.nextRange(&sampleSize, 1, 64); 62 bytes = SkData::MakeSubset(bytes.get(), 1, size - 1); 63 FuzzAndroidCodec(bytes, sampleSize); 64 return 0; 65} 66#endif 67