1 /*
2 * Copyright 2018 Google, LLC
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "include/codec/SkCodec.h"
9 #include "include/core/SkBitmap.h"
10 #include "include/core/SkStream.h"
11 #include "include/private/base/SkTemplates.h"
12
FuzzIncrementalImageDecode(const uint8_t * data,size_t size)13 bool FuzzIncrementalImageDecode(const uint8_t *data, size_t size) {
14 auto codec = SkCodec::MakeFromStream(SkMemoryStream::MakeDirect(data, size));
15 if (!codec) {
16 return false;
17 }
18
19 SkBitmap bm;
20 if (!bm.tryAllocPixels(codec->getInfo())) {
21 // May fail in memory-constrained fuzzing environments
22 return false;
23 }
24
25 auto result = codec->startIncrementalDecode(bm.info(), bm.getPixels(), bm.rowBytes());
26 if (result != SkCodec::kSuccess) {
27 return false;
28 }
29
30 // Deliberately uninitialized to verify that incrementalDecode initializes it when it
31 // returns kIncompleteInput or kErrorInInput.
32 int rowsDecoded;
33 result = codec->incrementalDecode(&rowsDecoded);
34 switch (result) {
35 case SkCodec::kIncompleteInput:
36 case SkCodec::kErrorInInput:
37 if (rowsDecoded < bm.height()) {
38 void* dst = SkTAddOffset<void>(bm.getPixels(), rowsDecoded * bm.rowBytes());
39 sk_bzero(dst, (bm.height() - rowsDecoded) * bm.rowBytes());
40 }
41 return true; // decoded a partial image
42 case SkCodec::kSuccess:
43 return true;
44 default:
45 return false;
46 }
47 }
48
49 #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)50 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
51 if (size > 10240) {
52 return 0;
53 }
54 FuzzIncrementalImageDecode(data, size);
55 return 0;
56 }
57 #endif
58