1 /*
2 * Copyright 2018 Google, LLC
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "include/codec/SkAndroidCodec.h"
9 #include "include/core/SkBitmap.h"
10 #include "include/core/SkCanvas.h"
11 #include "include/core/SkData.h"
12 #include "include/core/SkSurface.h"
13
14 #include "fuzz/Fuzz.h"
15
FuzzAndroidCodec(sk_sp<SkData> bytes,uint8_t sampleSize)16 bool FuzzAndroidCodec(sk_sp<SkData> bytes, uint8_t sampleSize) {
17 auto codec = SkAndroidCodec::MakeFromData(bytes);
18 if (!codec) {
19 return false;
20 }
21
22 auto size = codec->getSampledDimensions(sampleSize);
23 auto info = SkImageInfo::MakeN32Premul(size);
24 SkBitmap bm;
25 if (!bm.tryAllocPixels(info)) {
26 // May fail in memory-constrained fuzzing environments
27 return false;
28 }
29
30 SkAndroidCodec::AndroidOptions options;
31 options.fSampleSize = sampleSize;
32
33 auto result = codec->getAndroidPixels(bm.info(), bm.getPixels(), bm.rowBytes(), &options);
34 switch (result) {
35 case SkCodec::kSuccess:
36 case SkCodec::kIncompleteInput:
37 case SkCodec::kErrorInInput:
38 break;
39 default:
40 return false;
41 }
42
43 auto surface = SkSurface::MakeRasterN32Premul(size.width(), size.height());
44 if (!surface) {
45 // May return nullptr in memory-constrained fuzzing environments
46 return false;
47 }
48
49 surface->getCanvas()->drawImage(bm.asImage(), 0, 0);
50 return true;
51 }
52
53 #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)54 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
55 if (size > 10240) {
56 return 0;
57 }
58 auto bytes = SkData::MakeWithoutCopy(data, size);
59 Fuzz fuzz(bytes);
60 uint8_t sampleSize;
61 fuzz.nextRange(&sampleSize, 1, 64);
62 bytes = SkData::MakeSubset(bytes.get(), 1, size - 1);
63 FuzzAndroidCodec(bytes, sampleSize);
64 return 0;
65 }
66 #endif
67