1 /*
2 * Copyright 2018 Google Inc.
3 *
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
8 #include "include/core/SkCanvas.h"
9 #include "include/core/SkPaint.h"
10 #include "include/core/SkPath.h"
11 #include "include/core/SkSurface.h"
12 #include "src/core/SkReadBuffer.h"
13
FuzzPathDeserialize(const uint8_t * data,size_t size)14 void FuzzPathDeserialize(const uint8_t *data, size_t size) {
15 SkReadBuffer buf(data, size);
16
17 SkPath path;
18 buf.readPath(&path);
19 if (!buf.isValid()) {
20 return;
21 }
22
23 auto s = SkSurfaces::Raster(SkImageInfo::MakeN32Premul(128, 128));
24 if (!s) {
25 // May return nullptr in memory-constrained fuzzing environments
26 return;
27 }
28 s->getCanvas()->drawPath(path, SkPaint());
29 }
30
31 #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)32 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
33 if (size < 4 || size > 2000) {
34 return 0;
35 }
36 uint32_t packed;
37 memcpy(&packed, data, 4);
38 unsigned version = packed & 0xFF;
39 if (version != 4) {
40 // Chrome only will produce version 4, so guide the fuzzer to
41 // only focus on those branches.
42 return 0;
43 }
44 FuzzPathDeserialize(data, size);
45 return 0;
46 }
47 #endif
48