oss-fuzz/projects/skia/skia.diff

diff --git a/fuzz/FuzzPathMeasure.cpp b/fuzz/FuzzPathMeasure.cpp
index e6933a856f..f802cc2250 100644
--- a/fuzz/FuzzPathMeasure.cpp
+++ b/fuzz/FuzzPathMeasure.cpp
@@ -22,6 +22,9 @@ DEF_FUZZ(PathMeasure, fuzz) {
     BuildPath(fuzz, &path, SkPath::Verb::kDone_Verb);
     SkRect bounds = path.getBounds();
     SkScalar maxDim = SkTMax(bounds.width(), bounds.height());
+    if (maxDim > 10000000) {
+        return;
+    }
     SkScalar resScale = maxDim / 1000;
     SkPathMeasure measure(path, bits & 1, resScale);
     SkPoint position;
diff --git a/src/core/SkAAClip.cpp b/src/core/SkAAClip.cpp
index 33947382c4..543f51244c 100644
--- a/src/core/SkAAClip.cpp
+++ b/src/core/SkAAClip.cpp
@@ -1549,6 +1549,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A,
     int topB = iterB.top();
     int botB = iterB.bottom();
 
+#if defined(IS_FUZZING)
+    if ((botA - topA) > 100000 || (botB - topB) > 100000) {
+        return;
+    }
+#endif
+
     do {
         const uint8_t* rowA = nullptr;
         const uint8_t* rowB = nullptr;
diff --git a/src/core/SkDraw.cpp b/src/core/SkDraw.cpp
index ae97d05aa1..7e008cd4a6 100644
--- a/src/core/SkDraw.cpp
+++ b/src/core/SkDraw.cpp
@@ -1100,6 +1100,12 @@ void SkDraw::drawPath(const SkPath& origSrcPath, const SkPaint& origPaint,
     // transform the path into device space
     pathPtr->transform(*matrix, devPathPtr);
 
+#if defined(IS_FUZZING)
+    if (devPathPtr->countPoints() > 1000) {
+        return;
+    }
+#endif
+
     this->drawDevPath(*devPathPtr, *paint, drawCoverage, customBlitter, doFill);
 }
 
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
index b6ed9b316d..d0bcfd1f2a 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
@@ -88,6 +88,12 @@ bool SkImageFilter::Common::unflatten(SkReadBuffer& buffer, int expectedCount) {
         return false;
     }
 
+#if defined(IS_FUZZING)
+    if (count > 4) {
+        return false;
+    }
+#endif
+
     SkASSERT(fInputs.empty());
     for (int i = 0; i < count; i++) {
         fInputs.push_back(buffer.readBool() ? buffer.readImageFilter() : nullptr);
diff --git a/src/core/SkMallocPixelRef.cpp b/src/core/SkMallocPixelRef.cpp
index 8bef6c355c..3ecc3bcaf9 100644
--- a/src/core/SkMallocPixelRef.cpp
+++ b/src/core/SkMallocPixelRef.cpp
@@ -73,6 +73,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeUsing(void*(*allocProc)(size_t),
             return nullptr;
         }
     }
+#if defined(IS_FUZZING)
+    if (size > 100000) {
+        return nullptr;
+    }
+#endif
     void* addr = allocProc(size);
     if (nullptr == addr) {
         return nullptr;
diff --git a/src/core/SkMaskFilter.cpp b/src/core/SkMaskFilter.cpp
index 470f98468a..7fa1b7c97c 100644
--- a/src/core/SkMaskFilter.cpp
+++ b/src/core/SkMaskFilter.cpp
@@ -261,6 +261,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix,
 
     SkMask  srcM, dstM;
 
+#if defined(IS_FUZZING)
+    if (devPath.countVerbs() > 1000 || devPath.countPoints() > 1000) {
+        return false;
+    }
+#endif
     if (!SkDraw::DrawToMask(devPath, &clip.getBounds(), this, &matrix, &srcM,
                             SkMask::kComputeBoundsAndRenderImage_CreateMode,
                             style)) {
diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp
index ee362ec0b5..dde9cbfbb6 100644
--- a/src/core/SkPaint.cpp
+++ b/src/core/SkPaint.cpp
@@ -1292,6 +1292,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect
 
     SkStrokeRec rec(*this, resScale);
 
+#if defined(IS_FUZZING)
+    // Prevent lines with small widths from timing out.
+    if (rec.getStyle() == SkStrokeRec::Style::kStroke_Style && rec.getWidth() < 0.001) {
+        return false;
+    }
+#endif
+
     const SkPath* srcPtr = &src;
     SkPath tmpPath;
 
diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp
index b51bb2d07c..38f86dde00 100644
--- a/src/core/SkPath.cpp
+++ b/src/core/SkPath.cpp
@@ -3394,7 +3394,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st
                                    SkScalar sweepAngle, bool useCenter, bool isFillNoPathEffect) {
     SkASSERT(!oval.isEmpty());
     SkASSERT(sweepAngle);
-
+#if defined(IS_FUZZING)
+    if (sweepAngle > 3600.0f || sweepAngle < 3600.0f) {
+        return;
+    }
+#endif
     path->reset();
     path->setIsVolatile(true);
     path->setFillType(SkPath::kWinding_FillType);
diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp
index e1c9d02ec0..1d98600921 100644
--- a/src/core/SkReadBuffer.cpp
+++ b/src/core/SkReadBuffer.cpp
@@ -279,7 +279,12 @@ sk_sp<SkData> SkReadBuffer::readByteArrayAsData() {
 uint32_t SkReadBuffer::getArrayCount() {
     const size_t inc = sizeof(uint32_t);
     fError = fError || !IsPtrAlign4(fReader.peek()) || !fReader.isAvailable(inc);
+#if defined(IS_FUZZING)
+    uint32_t retVal = fError ? 0 : *(uint32_t*)fReader.peek();
+    return retVal < 1000 ? retVal: 1000;
+#else
     return fError ? 0 : *(uint32_t*)fReader.peek();
+#endif
 }
 
 /*  Format:
diff --git a/src/core/SkScan_AAAPath.cpp b/src/core/SkScan_AAAPath.cpp
index 16ecb91dac..b8c9ee8f37 100644
--- a/src/core/SkScan_AAAPath.cpp
+++ b/src/core/SkScan_AAAPath.cpp
@@ -1588,6 +1588,11 @@ static SK_ALWAYS_INLINE void aaa_fill_path(const SkPath& path, const SkIRect& cl
     SkASSERT(blitter);
 
     SkEdgeBuilder builder;
+#if defined(IS_FUZZING)
+    if (path.countPoints() > 1000) {
+        return;
+    }
+#endif
     int count = builder.build_edges(path, &clipRect, 0, pathContainedInClip,
                                     SkEdgeBuilder::kAnalyticEdge);
     SkAnalyticEdge** list = builder.analyticEdgeList();
diff --git a/src/core/SkScan_Hairline.cpp b/src/core/SkScan_Hairline.cpp
index d9c0408b34..8f44cba5f3 100644
--- a/src/core/SkScan_Hairline.cpp
+++ b/src/core/SkScan_Hairline.cpp
@@ -121,7 +121,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
             if (ix0 == ix1) {// too short to draw
                 continue;
             }
-
+#if defined(IS_FUZZING)
+            if ((ix1 - ix0) > 100000 || (ix1 - ix0) < 0) {
+                continue; // too big to draw
+            }
+#endif
             SkFixed slope = SkFixedDiv(dy, dx);
             SkFixed startY = SkFDot6ToFixed(y0) + (slope * ((32 - x0) & 63) >> 6);
 
@@ -137,7 +141,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
             if (iy0 == iy1) { // too short to draw
                 continue;
             }
-
+#if defined(IS_FUZZING)
+            if ((iy1 - iy0) > 100000 || (iy1 - iy0) < 0) {
+                continue; // too big to draw
+            }
+#endif
             SkFixed slope = SkFixedDiv(dx, dy);
             SkFixed startX = SkFDot6ToFixed(x0) + (slope * ((32 - y0) & 63) >> 6);
 
diff --git a/src/core/SkScan_Path.cpp b/src/core/SkScan_Path.cpp
index e5dd774c3b..075a1f53d2 100644
--- a/src/core/SkScan_Path.cpp
+++ b/src/core/SkScan_Path.cpp
@@ -249,6 +249,11 @@ static void walk_convex_edges(SkEdge* prevHead, SkPath::FillType,
         SkFixed dRite = riteE->fDX;
         int count = local_bot - local_top;
         SkASSERT(count >= 0);
+#if defined(IS_FUZZING)
+        if (count > 1000) {
+            return;
+        }
+#endif
         if (0 == (dLeft | dRite)) {
             int L = SkFixedRoundToInt(left);
             int R = SkFixedRoundToInt(rite);
diff --git a/src/effects/Sk1DPathEffect.cpp b/src/effects/Sk1DPathEffect.cpp
index 72a128d16e..78716de1bb 100644
--- a/src/effects/Sk1DPathEffect.cpp
+++ b/src/effects/Sk1DPathEffect.cpp
@@ -19,6 +19,11 @@
 bool Sk1DPathEffect::onFilterPath(SkPath* dst, const SkPath& src,
                                   SkStrokeRec*, const SkRect*) const {
     SkPathMeasure   meas(src, false);
+#if defined(IS_FUZZING)
+    if (meas.getLength() < 0 || meas.getLength() > 100) {
+        return false;
+    }
+#endif
     do {
         int governor = MAX_REASONABLE_ITERATIONS;
         SkScalar    length = meas.getLength();
diff --git a/src/effects/Sk2DPathEffect.cpp b/src/effects/Sk2DPathEffect.cpp
index fb6a88e0fb..8253a1284d 100644
--- a/src/effects/Sk2DPathEffect.cpp
+++ b/src/effects/Sk2DPathEffect.cpp
@@ -51,6 +51,11 @@ void Sk2DPathEffect::nextSpan(int x, int y, int count, SkPath* path) const {
     if (!fMatrixIsInvertible) {
         return;
     }
+#if defined(IS_FUZZING)
+    if (count > 100) {
+        return;
+    }
+#endif
 
     const SkMatrix& mat = this->getMatrix();
     SkPoint src, dst;
diff --git a/src/effects/SkDashPathEffect.cpp b/src/effects/SkDashPathEffect.cpp
index cc414f7c16..25a4cb37bc 100644
--- a/src/effects/SkDashPathEffect.cpp
+++ b/src/effects/SkDashPathEffect.cpp
@@ -387,6 +387,12 @@ sk_sp<SkFlattenable> SkDashImpl::CreateProc(SkReadBuffer& buffer) {
         return nullptr;
     }
 
+#if defined(IS_FUZZING)
+    // TODO(kjlubick) Can this be removed now that we have the check above?
+    if (count > 20) {
+        return nullptr;
+    }
+#endif
     SkAutoSTArray<32, SkScalar> intervals(count);
     if (buffer.readScalarArray(intervals.get(), count)) {
         return SkDashPathEffect::Make(intervals.get(), SkToInt(count), phase);
diff --git a/src/effects/SkDiscretePathEffect.cpp b/src/effects/SkDiscretePathEffect.cpp
index 2c913d8d9e..61b9629766 100644
--- a/src/effects/SkDiscretePathEffect.cpp
+++ b/src/effects/SkDiscretePathEffect.cpp
@@ -97,6 +97,11 @@ bool SkDiscretePathEffect::onFilterPath(SkPath* dst, const SkPath& src,
 
     do {
         SkScalar    length = meas.getLength();
+#if defined(IS_FUZZING)
+        if (length > 1000) {
+            return false;
+        }
+#endif
 
         if (fSegLength * (2 + doFill) > length) {
             meas.getSegment(0, length, dst, true);  // to short for us to mangle
diff --git a/src/effects/SkLayerDrawLooper.cpp b/src/effects/SkLayerDrawLooper.cpp
index 7604e2ddfb..adfa3d0c04 100644
--- a/src/effects/SkLayerDrawLooper.cpp
+++ b/src/effects/SkLayerDrawLooper.cpp
@@ -264,6 +264,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const {
 sk_sp<SkFlattenable> SkLayerDrawLooper::CreateProc(SkReadBuffer& buffer) {
     int count = buffer.readInt();
 
+#if defined(IS_FUZZING)
+    if (count > 100) {
+        count = 100;
+    }
+#endif
     Builder builder;
     for (int i = 0; i < count; i++) {
         LayerInfo info;
diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp
index ec4e3fec77..4bc01d5d51 100644
--- a/src/ports/SkDebug_stdio.cpp
+++ b/src/ports/SkDebug_stdio.cpp
@@ -12,9 +12,13 @@
 #include <stdio.h>
 
 void SkDebugf(const char format[], ...) {
+#if !defined(IS_FUZZING_WITH_LIBFUZZER)
     va_list args;
     va_start(args, format);
     vfprintf(stderr, format, args);
     va_end(args);
+#else
+    (void) format;
+#endif
 }
 #endif//!defined(SK_BUILD_FOR_WIN) && !defined(SK_BUILD_FOR_ANDROID)