1cb93a386Sopenharmony_ci/* 2cb93a386Sopenharmony_ci * Copyright 2018 Google, LLC 3cb93a386Sopenharmony_ci * 4cb93a386Sopenharmony_ci * Use of this source code is governed by a BSD-style license that can be 5cb93a386Sopenharmony_ci * found in the LICENSE file. 6cb93a386Sopenharmony_ci */ 7cb93a386Sopenharmony_ci 8cb93a386Sopenharmony_ci#include "include/codec/SkCodec.h" 9cb93a386Sopenharmony_ci#include "include/core/SkBitmap.h" 10cb93a386Sopenharmony_ci#include "include/core/SkData.h" 11cb93a386Sopenharmony_ci 12cb93a386Sopenharmony_cibool FuzzIncrementalImageDecode(sk_sp<SkData> bytes) { 13cb93a386Sopenharmony_ci auto codec = SkCodec::MakeFromData(bytes); 14cb93a386Sopenharmony_ci if (!codec) { 15cb93a386Sopenharmony_ci return false; 16cb93a386Sopenharmony_ci } 17cb93a386Sopenharmony_ci 18cb93a386Sopenharmony_ci SkBitmap bm; 19cb93a386Sopenharmony_ci if (!bm.tryAllocPixels(codec->getInfo())) { 20cb93a386Sopenharmony_ci // May fail in memory-constrained fuzzing environments 21cb93a386Sopenharmony_ci return false; 22cb93a386Sopenharmony_ci } 23cb93a386Sopenharmony_ci 24cb93a386Sopenharmony_ci auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes()); 25cb93a386Sopenharmony_ci if (result != SkCodec::kSuccess) { 26cb93a386Sopenharmony_ci return false; 27cb93a386Sopenharmony_ci } 28cb93a386Sopenharmony_ci 29cb93a386Sopenharmony_ci // Deliberately uninitialized to verify that incrementalDecode initializes it when it 30cb93a386Sopenharmony_ci // returns kIncompleteInput or kErrorInInput. 31cb93a386Sopenharmony_ci int rowsDecoded; 32cb93a386Sopenharmony_ci result = codec->incrementalDecode(&rowsDecoded); 33cb93a386Sopenharmony_ci switch (result) { 34cb93a386Sopenharmony_ci case SkCodec::kIncompleteInput: 35cb93a386Sopenharmony_ci case SkCodec::kErrorInInput: 36cb93a386Sopenharmony_ci if (rowsDecoded < bm.height()) { 37cb93a386Sopenharmony_ci void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes()); 38cb93a386Sopenharmony_ci sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes()); 39cb93a386Sopenharmony_ci } 40cb93a386Sopenharmony_ci return true; // decoded a partial image 41cb93a386Sopenharmony_ci case SkCodec::kSuccess: 42cb93a386Sopenharmony_ci return true; 43cb93a386Sopenharmony_ci default: 44cb93a386Sopenharmony_ci return false; 45cb93a386Sopenharmony_ci } 46cb93a386Sopenharmony_ci} 47cb93a386Sopenharmony_ci 48cb93a386Sopenharmony_ci// TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands 49cb93a386Sopenharmony_ci#if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER) 50cb93a386Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 51cb93a386Sopenharmony_ci if (size > 10240) { 52cb93a386Sopenharmony_ci return 0; 53cb93a386Sopenharmony_ci } 54cb93a386Sopenharmony_ci auto bytes = SkData::MakeWithoutCopy(data, size); 55cb93a386Sopenharmony_ci FuzzIncrementalImageDecode(bytes); 56cb93a386Sopenharmony_ci return 0; 57cb93a386Sopenharmony_ci} 58cb93a386Sopenharmony_ci#endif 59