1cb93a386Sopenharmony_ci/* 2cb93a386Sopenharmony_ci * Copyright 2018 Google Inc. 3cb93a386Sopenharmony_ci * 4cb93a386Sopenharmony_ci * Use of this source code is governed by a BSD-style license that can be 5cb93a386Sopenharmony_ci * found in the LICENSE file. 6cb93a386Sopenharmony_ci */ 7cb93a386Sopenharmony_ci 8cb93a386Sopenharmony_ci#include "include/core/SkCanvas.h" 9cb93a386Sopenharmony_ci#include "include/core/SkPaint.h" 10cb93a386Sopenharmony_ci#include "include/core/SkPath.h" 11cb93a386Sopenharmony_ci#include "include/core/SkSurface.h" 12cb93a386Sopenharmony_ci#include "src/core/SkReadBuffer.h" 13cb93a386Sopenharmony_ci 14cb93a386Sopenharmony_civoid FuzzPathDeserialize(SkReadBuffer& buf) { 15cb93a386Sopenharmony_ci SkPath path; 16cb93a386Sopenharmony_ci buf.readPath(&path); 17cb93a386Sopenharmony_ci if (!buf.isValid()) { 18cb93a386Sopenharmony_ci return; 19cb93a386Sopenharmony_ci } 20cb93a386Sopenharmony_ci 21cb93a386Sopenharmony_ci auto s = SkSurface::MakeRasterN32Premul(128, 128); 22cb93a386Sopenharmony_ci if (!s) { 23cb93a386Sopenharmony_ci // May return nullptr in memory-constrained fuzzing environments 24cb93a386Sopenharmony_ci return; 25cb93a386Sopenharmony_ci } 26cb93a386Sopenharmony_ci s->getCanvas()->drawPath(path, SkPaint()); 27cb93a386Sopenharmony_ci} 28cb93a386Sopenharmony_ci 29cb93a386Sopenharmony_ci// TODO(kjlubick): remove IS_FUZZING... after https://crrev.com/c/2410304 lands 30cb93a386Sopenharmony_ci#if defined(SK_BUILD_FOR_LIBFUZZER) || defined(IS_FUZZING_WITH_LIBFUZZER) 31cb93a386Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 32cb93a386Sopenharmony_ci if (size < 4 || size > 2000) { 33cb93a386Sopenharmony_ci return 0; 34cb93a386Sopenharmony_ci } 35cb93a386Sopenharmony_ci uint32_t packed; 36cb93a386Sopenharmony_ci memcpy(&packed, data, 4); 37cb93a386Sopenharmony_ci unsigned version = packed & 0xFF; 38cb93a386Sopenharmony_ci if (version != 4) { 39cb93a386Sopenharmony_ci // Chrome only will produce version 4, so guide the fuzzer to 40cb93a386Sopenharmony_ci // only focus on those branches. 41cb93a386Sopenharmony_ci return 0; 42cb93a386Sopenharmony_ci } 43cb93a386Sopenharmony_ci SkReadBuffer buf(data, size); 44cb93a386Sopenharmony_ci FuzzPathDeserialize(buf); 45cb93a386Sopenharmony_ci return 0; 46cb93a386Sopenharmony_ci} 47cb93a386Sopenharmony_ci#endif 48