1*c8dee2aaSAndroid Build Coastguard Worker /*
2*c8dee2aaSAndroid Build Coastguard Worker * Copyright 2022 Google, LLC
3*c8dee2aaSAndroid Build Coastguard Worker *
4*c8dee2aaSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
5*c8dee2aaSAndroid Build Coastguard Worker * found in the LICENSE file.
6*c8dee2aaSAndroid Build Coastguard Worker */
7*c8dee2aaSAndroid Build Coastguard Worker
8*c8dee2aaSAndroid Build Coastguard Worker #include "include/core/SkMesh.h"
9*c8dee2aaSAndroid Build Coastguard Worker #include "include/private/base/SkTArray.h"
10*c8dee2aaSAndroid Build Coastguard Worker
11*c8dee2aaSAndroid Build Coastguard Worker #include "fuzz/Fuzz.h"
12*c8dee2aaSAndroid Build Coastguard Worker
13*c8dee2aaSAndroid Build Coastguard Worker using namespace skia_private;
14*c8dee2aaSAndroid Build Coastguard Worker
15*c8dee2aaSAndroid Build Coastguard Worker template <typename T>
extract(SkSpan<const uint8_t> & data)16*c8dee2aaSAndroid Build Coastguard Worker T extract(SkSpan<const uint8_t>& data) {
17*c8dee2aaSAndroid Build Coastguard Worker T result = 0;
18*c8dee2aaSAndroid Build Coastguard Worker size_t bytesToCopy = std::min(sizeof(T), data.size());
19*c8dee2aaSAndroid Build Coastguard Worker if (bytesToCopy > 0) {
20*c8dee2aaSAndroid Build Coastguard Worker memcpy(&result, &data.front(), bytesToCopy);
21*c8dee2aaSAndroid Build Coastguard Worker data = data.subspan(bytesToCopy);
22*c8dee2aaSAndroid Build Coastguard Worker }
23*c8dee2aaSAndroid Build Coastguard Worker return result;
24*c8dee2aaSAndroid Build Coastguard Worker }
25*c8dee2aaSAndroid Build Coastguard Worker
FuzzSkMeshSpecification(const uint8_t * fuzzData,size_t fuzzSize)26*c8dee2aaSAndroid Build Coastguard Worker void FuzzSkMeshSpecification(const uint8_t *fuzzData, size_t fuzzSize) {
27*c8dee2aaSAndroid Build Coastguard Worker using Attribute = SkMeshSpecification::Attribute;
28*c8dee2aaSAndroid Build Coastguard Worker using Varying = SkMeshSpecification::Varying;
29*c8dee2aaSAndroid Build Coastguard Worker
30*c8dee2aaSAndroid Build Coastguard Worker SkSpan<const uint8_t> data(fuzzData, fuzzSize);
31*c8dee2aaSAndroid Build Coastguard Worker STArray<SkMeshSpecification::kMaxAttributes, Attribute> attributes;
32*c8dee2aaSAndroid Build Coastguard Worker STArray<SkMeshSpecification::kMaxVaryings, Varying> varyings;
33*c8dee2aaSAndroid Build Coastguard Worker size_t vertexStride;
34*c8dee2aaSAndroid Build Coastguard Worker SkString vs, fs;
35*c8dee2aaSAndroid Build Coastguard Worker
36*c8dee2aaSAndroid Build Coastguard Worker auto fuzzByteToASCII = [&](uint8_t c, SkString* str) -> bool {
37*c8dee2aaSAndroid Build Coastguard Worker // Most control characters (including \0) and all high ASCII are treated as stop bytes.
38*c8dee2aaSAndroid Build Coastguard Worker if ((c >= 32 && c <= 127) || c == '\r' || c == '\n' || c == '\t') {
39*c8dee2aaSAndroid Build Coastguard Worker char ascii = c;
40*c8dee2aaSAndroid Build Coastguard Worker str->append(&ascii, 1);
41*c8dee2aaSAndroid Build Coastguard Worker return true;
42*c8dee2aaSAndroid Build Coastguard Worker }
43*c8dee2aaSAndroid Build Coastguard Worker return false;
44*c8dee2aaSAndroid Build Coastguard Worker };
45*c8dee2aaSAndroid Build Coastguard Worker
46*c8dee2aaSAndroid Build Coastguard Worker auto fuzzByteToSkSL = [&](uint8_t c, SkString* str) -> bool {
47*c8dee2aaSAndroid Build Coastguard Worker // In the 0x00 - 0x80 range, treat characters as ASCII.
48*c8dee2aaSAndroid Build Coastguard Worker if (c < 128) {
49*c8dee2aaSAndroid Build Coastguard Worker return fuzzByteToASCII(c, str);
50*c8dee2aaSAndroid Build Coastguard Worker }
51*c8dee2aaSAndroid Build Coastguard Worker c -= 128;
52*c8dee2aaSAndroid Build Coastguard Worker
53*c8dee2aaSAndroid Build Coastguard Worker // Dedicate a few bytes to injecting our attribute and varying names.
54*c8dee2aaSAndroid Build Coastguard Worker if (c < SkMeshSpecification::kMaxAttributes) {
55*c8dee2aaSAndroid Build Coastguard Worker if (!attributes.empty()) {
56*c8dee2aaSAndroid Build Coastguard Worker str->append(attributes[c % attributes.size()].name);
57*c8dee2aaSAndroid Build Coastguard Worker }
58*c8dee2aaSAndroid Build Coastguard Worker return true;
59*c8dee2aaSAndroid Build Coastguard Worker }
60*c8dee2aaSAndroid Build Coastguard Worker c -= SkMeshSpecification::kMaxAttributes;
61*c8dee2aaSAndroid Build Coastguard Worker
62*c8dee2aaSAndroid Build Coastguard Worker if (c < SkMeshSpecification::kMaxVaryings) {
63*c8dee2aaSAndroid Build Coastguard Worker if (!varyings.empty()) {
64*c8dee2aaSAndroid Build Coastguard Worker str->append(varyings[c % varyings.size()].name);
65*c8dee2aaSAndroid Build Coastguard Worker }
66*c8dee2aaSAndroid Build Coastguard Worker return true;
67*c8dee2aaSAndroid Build Coastguard Worker }
68*c8dee2aaSAndroid Build Coastguard Worker c -= SkMeshSpecification::kMaxVaryings;
69*c8dee2aaSAndroid Build Coastguard Worker
70*c8dee2aaSAndroid Build Coastguard Worker // Replace the remaining high-ASCII bytes with valid SkSL operators and keywords in order to
71*c8dee2aaSAndroid Build Coastguard Worker // improve our chances of generating a program. (We omit single-character operators since
72*c8dee2aaSAndroid Build Coastguard Worker // single-byte versions of those already exist in the low-ASCII space.)
73*c8dee2aaSAndroid Build Coastguard Worker static constexpr std::string_view kSkSLData[] = {
74*c8dee2aaSAndroid Build Coastguard Worker " true ",
75*c8dee2aaSAndroid Build Coastguard Worker " false ",
76*c8dee2aaSAndroid Build Coastguard Worker " if ",
77*c8dee2aaSAndroid Build Coastguard Worker " else ",
78*c8dee2aaSAndroid Build Coastguard Worker " for ",
79*c8dee2aaSAndroid Build Coastguard Worker " while ",
80*c8dee2aaSAndroid Build Coastguard Worker " do ",
81*c8dee2aaSAndroid Build Coastguard Worker " switch ",
82*c8dee2aaSAndroid Build Coastguard Worker " case ",
83*c8dee2aaSAndroid Build Coastguard Worker " default ",
84*c8dee2aaSAndroid Build Coastguard Worker " break ",
85*c8dee2aaSAndroid Build Coastguard Worker " continue ",
86*c8dee2aaSAndroid Build Coastguard Worker " discard ",
87*c8dee2aaSAndroid Build Coastguard Worker " return ",
88*c8dee2aaSAndroid Build Coastguard Worker " in ",
89*c8dee2aaSAndroid Build Coastguard Worker " out ",
90*c8dee2aaSAndroid Build Coastguard Worker " inout ",
91*c8dee2aaSAndroid Build Coastguard Worker " uniform ",
92*c8dee2aaSAndroid Build Coastguard Worker " const ",
93*c8dee2aaSAndroid Build Coastguard Worker " flat ",
94*c8dee2aaSAndroid Build Coastguard Worker " noperspective ",
95*c8dee2aaSAndroid Build Coastguard Worker " inline ",
96*c8dee2aaSAndroid Build Coastguard Worker " noinline ",
97*c8dee2aaSAndroid Build Coastguard Worker " $pure ",
98*c8dee2aaSAndroid Build Coastguard Worker " readonly ",
99*c8dee2aaSAndroid Build Coastguard Worker " writeonly ",
100*c8dee2aaSAndroid Build Coastguard Worker " buffer ",
101*c8dee2aaSAndroid Build Coastguard Worker " struct ",
102*c8dee2aaSAndroid Build Coastguard Worker " layout ",
103*c8dee2aaSAndroid Build Coastguard Worker " highp ",
104*c8dee2aaSAndroid Build Coastguard Worker " mediump ",
105*c8dee2aaSAndroid Build Coastguard Worker " lowp ",
106*c8dee2aaSAndroid Build Coastguard Worker " $es3 ",
107*c8dee2aaSAndroid Build Coastguard Worker " $export ",
108*c8dee2aaSAndroid Build Coastguard Worker " workgroup ",
109*c8dee2aaSAndroid Build Coastguard Worker " << ",
110*c8dee2aaSAndroid Build Coastguard Worker " >> ",
111*c8dee2aaSAndroid Build Coastguard Worker " && ",
112*c8dee2aaSAndroid Build Coastguard Worker " || ",
113*c8dee2aaSAndroid Build Coastguard Worker " ^^ ",
114*c8dee2aaSAndroid Build Coastguard Worker " == ",
115*c8dee2aaSAndroid Build Coastguard Worker " != ",
116*c8dee2aaSAndroid Build Coastguard Worker " <= ",
117*c8dee2aaSAndroid Build Coastguard Worker " >= ",
118*c8dee2aaSAndroid Build Coastguard Worker " += ",
119*c8dee2aaSAndroid Build Coastguard Worker " -= ",
120*c8dee2aaSAndroid Build Coastguard Worker " *= ",
121*c8dee2aaSAndroid Build Coastguard Worker " /= ",
122*c8dee2aaSAndroid Build Coastguard Worker " %= ",
123*c8dee2aaSAndroid Build Coastguard Worker " <<= ",
124*c8dee2aaSAndroid Build Coastguard Worker " >>= ",
125*c8dee2aaSAndroid Build Coastguard Worker " &= ",
126*c8dee2aaSAndroid Build Coastguard Worker " |= ",
127*c8dee2aaSAndroid Build Coastguard Worker " ^= ",
128*c8dee2aaSAndroid Build Coastguard Worker " ++ ",
129*c8dee2aaSAndroid Build Coastguard Worker " -- ",
130*c8dee2aaSAndroid Build Coastguard Worker " //",
131*c8dee2aaSAndroid Build Coastguard Worker " /*",
132*c8dee2aaSAndroid Build Coastguard Worker "*/ ",
133*c8dee2aaSAndroid Build Coastguard Worker " float",
134*c8dee2aaSAndroid Build Coastguard Worker " half",
135*c8dee2aaSAndroid Build Coastguard Worker " int",
136*c8dee2aaSAndroid Build Coastguard Worker " uint",
137*c8dee2aaSAndroid Build Coastguard Worker " short",
138*c8dee2aaSAndroid Build Coastguard Worker " ushort",
139*c8dee2aaSAndroid Build Coastguard Worker " bool",
140*c8dee2aaSAndroid Build Coastguard Worker " void",
141*c8dee2aaSAndroid Build Coastguard Worker " vec",
142*c8dee2aaSAndroid Build Coastguard Worker " ivec",
143*c8dee2aaSAndroid Build Coastguard Worker " bvec",
144*c8dee2aaSAndroid Build Coastguard Worker " mat",
145*c8dee2aaSAndroid Build Coastguard Worker " Attributes ",
146*c8dee2aaSAndroid Build Coastguard Worker " Varyings ",
147*c8dee2aaSAndroid Build Coastguard Worker };
148*c8dee2aaSAndroid Build Coastguard Worker
149*c8dee2aaSAndroid Build Coastguard Worker c %= std::size(kSkSLData);
150*c8dee2aaSAndroid Build Coastguard Worker str->append(kSkSLData[c]);
151*c8dee2aaSAndroid Build Coastguard Worker return true;
152*c8dee2aaSAndroid Build Coastguard Worker };
153*c8dee2aaSAndroid Build Coastguard Worker
154*c8dee2aaSAndroid Build Coastguard Worker // Pick a vertex stride; intentionally allow some bad values through.
155*c8dee2aaSAndroid Build Coastguard Worker vertexStride = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
156*c8dee2aaSAndroid Build Coastguard Worker
157*c8dee2aaSAndroid Build Coastguard Worker while (!data.empty()) {
158*c8dee2aaSAndroid Build Coastguard Worker uint8_t control = extract<uint8_t>(data) % 4;
159*c8dee2aaSAndroid Build Coastguard Worker // A control code with no payload can be ignored.
160*c8dee2aaSAndroid Build Coastguard Worker if (data.empty()) {
161*c8dee2aaSAndroid Build Coastguard Worker break;
162*c8dee2aaSAndroid Build Coastguard Worker }
163*c8dee2aaSAndroid Build Coastguard Worker switch (control) {
164*c8dee2aaSAndroid Build Coastguard Worker case 0: {
165*c8dee2aaSAndroid Build Coastguard Worker // Add an attribute.
166*c8dee2aaSAndroid Build Coastguard Worker Attribute& a = attributes.push_back();
167*c8dee2aaSAndroid Build Coastguard Worker a.type = (Attribute::Type)(extract<uint8_t>(data) %
168*c8dee2aaSAndroid Build Coastguard Worker ((int)Attribute::Type::kLast + 1));
169*c8dee2aaSAndroid Build Coastguard Worker a.offset = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2);
170*c8dee2aaSAndroid Build Coastguard Worker while (uint8_t c = extract<char>(data)) {
171*c8dee2aaSAndroid Build Coastguard Worker if (!fuzzByteToASCII(c, &a.name)) {
172*c8dee2aaSAndroid Build Coastguard Worker break;
173*c8dee2aaSAndroid Build Coastguard Worker }
174*c8dee2aaSAndroid Build Coastguard Worker }
175*c8dee2aaSAndroid Build Coastguard Worker break;
176*c8dee2aaSAndroid Build Coastguard Worker }
177*c8dee2aaSAndroid Build Coastguard Worker case 1: {
178*c8dee2aaSAndroid Build Coastguard Worker // Add a varying.
179*c8dee2aaSAndroid Build Coastguard Worker Varying& v = varyings.push_back();
180*c8dee2aaSAndroid Build Coastguard Worker v.type = (Varying::Type)(extract<uint8_t>(data) % ((int)Varying::Type::kLast + 1));
181*c8dee2aaSAndroid Build Coastguard Worker while (uint8_t c = extract<char>(data)) {
182*c8dee2aaSAndroid Build Coastguard Worker if (!fuzzByteToASCII(c, &v.name)) {
183*c8dee2aaSAndroid Build Coastguard Worker break;
184*c8dee2aaSAndroid Build Coastguard Worker }
185*c8dee2aaSAndroid Build Coastguard Worker }
186*c8dee2aaSAndroid Build Coastguard Worker break;
187*c8dee2aaSAndroid Build Coastguard Worker }
188*c8dee2aaSAndroid Build Coastguard Worker case 2: {
189*c8dee2aaSAndroid Build Coastguard Worker // Convert the following data into SkSL and add it into the vertex program.
190*c8dee2aaSAndroid Build Coastguard Worker while (uint8_t c = extract<char>(data)) {
191*c8dee2aaSAndroid Build Coastguard Worker if (!fuzzByteToSkSL(c, &vs)) {
192*c8dee2aaSAndroid Build Coastguard Worker break;
193*c8dee2aaSAndroid Build Coastguard Worker }
194*c8dee2aaSAndroid Build Coastguard Worker }
195*c8dee2aaSAndroid Build Coastguard Worker break;
196*c8dee2aaSAndroid Build Coastguard Worker }
197*c8dee2aaSAndroid Build Coastguard Worker case 3: {
198*c8dee2aaSAndroid Build Coastguard Worker // Convert the following data into SkSL and add it into the fragment program.
199*c8dee2aaSAndroid Build Coastguard Worker while (uint8_t c = extract<char>(data)) {
200*c8dee2aaSAndroid Build Coastguard Worker if (!fuzzByteToSkSL(c, &fs)) {
201*c8dee2aaSAndroid Build Coastguard Worker break;
202*c8dee2aaSAndroid Build Coastguard Worker }
203*c8dee2aaSAndroid Build Coastguard Worker }
204*c8dee2aaSAndroid Build Coastguard Worker break;
205*c8dee2aaSAndroid Build Coastguard Worker }
206*c8dee2aaSAndroid Build Coastguard Worker }
207*c8dee2aaSAndroid Build Coastguard Worker }
208*c8dee2aaSAndroid Build Coastguard Worker
209*c8dee2aaSAndroid Build Coastguard Worker auto result = SkMeshSpecification::Make(attributes, vertexStride, varyings, vs, fs);
210*c8dee2aaSAndroid Build Coastguard Worker if (result.error.isEmpty()) {
211*c8dee2aaSAndroid Build Coastguard Worker // TODO: synthesize a mesh with this specification and paint it.
212*c8dee2aaSAndroid Build Coastguard Worker printf("----\n%s\n----\n\n----\n%s\n----\n\n\n", vs.c_str(), fs.c_str());
213*c8dee2aaSAndroid Build Coastguard Worker }
214*c8dee2aaSAndroid Build Coastguard Worker }
215*c8dee2aaSAndroid Build Coastguard Worker
216*c8dee2aaSAndroid Build Coastguard Worker #if defined(SK_BUILD_FOR_LIBFUZZER)
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)217*c8dee2aaSAndroid Build Coastguard Worker extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
218*c8dee2aaSAndroid Build Coastguard Worker if (size > 8000) {
219*c8dee2aaSAndroid Build Coastguard Worker return 0;
220*c8dee2aaSAndroid Build Coastguard Worker }
221*c8dee2aaSAndroid Build Coastguard Worker FuzzSkMeshSpecification(data, size);
222*c8dee2aaSAndroid Build Coastguard Worker return 0;
223*c8dee2aaSAndroid Build Coastguard Worker }
224*c8dee2aaSAndroid Build Coastguard Worker #endif
225