Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[skia] Remove patches (#4446) 

* [skia] Remove patches

* space
This commit is contained in:
Kevin Lubick 2020-09-15 19:31:42 -04:00 committed by GitHub
parent e2f566154a
commit 8479af6826
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 831 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

537
projects/skia/BUILD.gn.diff
View File

@ -1,537 +0,0 @@
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
# Append this to build.gn in the skia repo and then build the targets
test_app("region_deserialize") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzRegionDeserialize.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("image_filter_deserialize") {
include_dirs = [
"tools",
"tools/fonts",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzImageFilterDeserialize.cpp",
"tools/Resources.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":skia",
]
}
test_app("region_set_path") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzRegionSetPath.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("textblob_deserialize") {
include_dirs = [
"tools",
"tools/fonts",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzTextBlobDeserialize.cpp",
"tools/Resources.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":skia",
]
}
test_app("path_deserialize") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzPathDeserialize.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("image_decode") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzImage.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("animated_image_decode") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzAnimatedImage.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_create_ddl") {
include_dirs = [
"include",
"include/gpu",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCreateDDL.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzAPICreateDDL.cpp",
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("api_draw_functions") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzDrawFunctions.cpp",
"fuzz/oss_fuzz/FuzzDrawFunctions.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_gradients") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzGradients.cpp",
"fuzz/oss_fuzz/FuzzGradients.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_image_filter") {
include_dirs = [
"tools",
"tools/debugger",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCanvas.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzAPIImageFilter.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
]
deps = [
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("api_path_measure") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzPathMeasure.cpp",
"fuzz/oss_fuzz/FuzzPathMeasure.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_pathop") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzPathop.cpp",
"fuzz/oss_fuzz/FuzzPathop.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_raster_n32_canvas") {
include_dirs = [
"tools",
"tools/debugger",
"tools/fonts",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCanvas.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzRasterN32Canvas.cpp",
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("api_mock_gpu_canvas") {
include_dirs = [
"tools",
"tools/debugger",
"tools/fonts",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCanvas.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzMockGPUCanvas.cpp",
"tools/LsanSuppressions.cpp",
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("api_null_canvas") {
include_dirs = [
"tools",
"tools/debugger",
"tools/fonts",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCanvas.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzNullCanvas.cpp",
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("api_svg_canvas") {
include_dirs = [
"include",
"include/svg",
]
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCanvas.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzAPISVGCanvas.cpp",
"tools/Resources.cpp",
"tools/UrlDataManager.cpp",
"tools/debugger/DebugCanvas.cpp",
"tools/debugger/DebugLayerManager.cpp",
"tools/debugger/DrawCommand.cpp",
"tools/debugger/JsonWriteBuffer.cpp",
"tools/fonts/TestFontMgr.cpp",
"tools/fonts/TestSVGTypeface.cpp",
"tools/fonts/TestTypeface.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":gpu_tool_utils",
":skia",
"//third_party/libpng",
]
}
test_app("png_encoder") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzEncoders.cpp",
"fuzz/oss_fuzz/FuzzPNGEncoder.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("jpeg_encoder") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzEncoders.cpp",
"fuzz/oss_fuzz/FuzzJPEGEncoder.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("webp_encoder") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzEncoders.cpp",
"fuzz/oss_fuzz/FuzzWEBPEncoder.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("skottie_json") {
deps = [
":flags",
":skia",
"modules/skottie:fuzz",
]
}
test_app("skjson") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzJSON.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("api_polyutils") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/FuzzPolyUtils.cpp",
"fuzz/oss_fuzz/FuzzPolyUtils.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("android_codec") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzAndroidCodec.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("image_decode_incremental") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzIncrementalImage.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("sksl2glsl") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSKSL2GLSL.cpp",
]
deps = [
":gpu_tool_utils",
":skia",
]
}
test_app("sksl2spirv") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSKSL2SPIRV.cpp",
]
deps = [
":gpu_tool_utils",
":skia",
]
}
test_app("sksl2metal") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSKSL2Metal.cpp",
]
deps = [
":gpu_tool_utils",
":skia",
]
}
test_app("sksl2pipeline") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSKSL2Pipeline.cpp",
]
deps = [
":gpu_tool_utils",
":skia",
]
}
test_app("skdescriptor_deserialize") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSkDescriptorDeserialize.cpp",
]
deps = [
":flags",
":skia",
]
}
test_app("svg_dom") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSVG.cpp",
]
deps = [
":experimental_svg_model",
":flags",
":skia",
]
}
test_app("skruntimeeffect") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSkRuntimeEffect.cpp",
]
deps = [
":gpu_tool_utils",
":skia",
]
}
test_app("skp") {
sources = [
"fuzz/Fuzz.cpp",
"fuzz/FuzzCommon.cpp",
"fuzz/oss_fuzz/FuzzSKP.cpp",
]
deps = [
":gpu_tool_utils",
":flags",
":skia",
]
}

6
projects/skia/Dockerfile
View File

@ -85,9 +85,3 @@ COPY json.dict $SRC/skia_data/json.dict
WORKDIR $SRC/skia
COPY build.sh $SRC/
COPY skia.diff $SRC/skia/skia.diff
RUN git apply skia.diff
COPY BUILD.gn.diff $SRC/skia/BUILD.gn.diff
RUN cat BUILD.gn.diff >> BUILD.gn

86
projects/skia/build.sh
View File

@ -50,7 +50,7 @@ DISABLE="-Wno-zero-as-null-pointer-constant -Wno-unused-template
-Wno-cast-qual"
# Disable UBSan vptr since target built with -fno-rtti.
export CFLAGS="$CFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2 -fno-sanitize=vptr"
export CXXFLAGS="$CXXFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2 -fno-sanitize=vptr "-DIS_FUZZING_WITH_LIBFUZZER""
export CXXFLAGS="$CXXFLAGS $DISABLE -I$SWIFTSHADER_INCLUDE_PATH -DGR_EGL_TRY_GLES3_THEN_GLES2 -fno-sanitize=vptr"
export LDFLAGS="$LIB_FUZZING_ENGINE $CXXFLAGS -L$SWIFTSHADER_LIB_PATH"
# This splits a space separated list into a quoted, comma separated list for gn.
@ -60,7 +60,6 @@ export LDFLAGS_ARR=`echo $LDFLAGS | sed -e "s/\s/\",\"/g"`
# Even though GPU is "enabled" for all these builds, none really
# uses the gpu except for api_mock_gpu_canvas
$SRC/depot_tools/gn gen out/Fuzz\
--args='cc="'$CC'"
cxx="'$CXX'"
@ -69,6 +68,7 @@ $SRC/depot_tools/gn gen out/Fuzz\
extra_cflags_c=["'"$CFLAGS_ARR"'"]
extra_cflags_cc=["'"$CXXFLAGS_ARR"'"]
extra_ldflags=["'"$LDFLAGS_ARR"'"]
skia_build_fuzzers=true
skia_enable_fontmgr_custom_directory=false
skia_enable_fontmgr_custom_embedded=false
skia_enable_fontmgr_custom_empty=true
@ -78,43 +78,43 @@ $SRC/depot_tools/gn gen out/Fuzz\
skia_use_fontconfig=false
skia_use_freetype=true
skia_use_system_freetype2=false
skia_use_wuffs=true'
skia_use_wuffs=true
skia_use_libfuzzer_defaults=false'
$SRC/depot_tools/gn gen out/Fuzz_mem_constraints\
--args='cc="'$CC'"
cxx="'$CXX'"
link_pool_depth=1
is_debug=false
extra_cflags_c=["'"$CFLAGS_ARR"'"]
extra_cflags_cc=["'"$CXXFLAGS_ARR"'","-DIS_FUZZING"]
extra_ldflags=["'"$LDFLAGS_ARR"'"]
skia_enable_fontmgr_custom_directory=false
skia_enable_fontmgr_custom_embedded=false
skia_enable_fontmgr_custom_empty=true
skia_enable_gpu=true
skia_enable_skottie=true
skia_use_egl=true
skia_use_fontconfig=false
skia_use_freetype=true
skia_use_system_freetype2=false
skia_use_wuffs=true'
$SRC/depot_tools/ninja -C out/Fuzz region_deserialize region_set_path \
path_deserialize image_decode \
animated_image_decode api_draw_functions \
api_gradients api_path_measure png_encoder \
jpeg_encoder webp_encoder skottie_json \
textblob_deserialize skjson \
api_null_canvas api_image_filter api_pathop \
api_polyutils android_codec image_decode_incremental \
sksl2glsl sksl2spirv sksl2metal sksl2pipeline \
skdescriptor_deserialize\
svg_dom api_svg_canvas skruntimeeffect api_create_ddl \
skp
$SRC/depot_tools/ninja -C out/Fuzz_mem_constraints image_filter_deserialize \
api_raster_n32_canvas \
api_mock_gpu_canvas
$SRC/depot_tools/ninja -C out/Fuzz \
android_codec \
animated_image_decode \
api_create_ddl \
api_draw_functions \
api_gradients \
api_image_filter \
api_mock_gpu_canvas \
api_null_canvas \
api_path_measure \
api_pathop \
api_polyutils \
api_raster_n32_canvas \
api_svg_canvas \
image_decode \
image_decode_incremental \
image_filter_deserialize \
jpeg_encoder \
path_deserialize \
png_encoder \
region_deserialize \
region_set_path \
skdescriptor_deserialize \
skjson \
skottie_json \
skp \
skruntimeeffect \
sksl2glsl \
sksl2metal \
sksl2pipeline \
sksl2spirv \
svg_dom \
textblob_deserialize \
webp_encoder
rm -rf $OUT/data
mkdir $OUT/data
@ -136,7 +136,7 @@ cp ../skia_data/image_decode_seed_corpus.zip $OUT/image_decode_seed_corpus.zip
cp out/Fuzz/animated_image_decode $OUT/animated_image_decode
cp ../skia_data/animated_image_decode_seed_corpus.zip $OUT/animated_image_decode_seed_corpus.zip
cp out/Fuzz_mem_constraints/image_filter_deserialize $OUT/image_filter_deserialize
cp out/Fuzz/image_filter_deserialize $OUT/image_filter_deserialize
cp ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deserialize_seed_corpus.zip
# Only create the width version of image_filter_deserialize if building with
@ -144,7 +144,7 @@ cp ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deser
if [ "$FUZZING_ENGINE" == "libfuzzer" ]
then
# Use the same binary as image_filter_deserialize.
cp out/Fuzz_mem_constraints/image_filter_deserialize $OUT/image_filter_deserialize_width
cp out/Fuzz/image_filter_deserialize $OUT/image_filter_deserialize_width
cp ../skia_data/image_filter_deserialize_width.options $OUT/image_filter_deserialize_width.options
# Use the same seed corpus as image_filter_deserialize.
cp ../skia_data/image_filter_deserialize_seed_corpus.zip $OUT/image_filter_deserialize_width_seed_corpus.zip
@ -178,10 +178,10 @@ cp out/Fuzz/skjson $OUT/skjson
cp ../skia_data/json.dict $OUT/skjson.dict
cp ../skia_data/skjson_seed_corpus.zip $OUT/skjson_seed_corpus.zip
cp out/Fuzz_mem_constraints/api_mock_gpu_canvas $OUT/api_mock_gpu_canvas
cp out/Fuzz/api_mock_gpu_canvas $OUT/api_mock_gpu_canvas
cp ../skia_data/canvas_seed_corpus.zip $OUT/api_mock_gpu_canvas_seed_corpus.zip
cp out/Fuzz_mem_constraints/api_raster_n32_canvas $OUT/api_raster_n32_canvas
cp out/Fuzz/api_raster_n32_canvas $OUT/api_raster_n32_canvas
cp ../skia_data/canvas_seed_corpus.zip $OUT/api_raster_n32_canvas_seed_corpus.zip
cp out/Fuzz/api_image_filter $OUT/api_image_filter
@ -212,9 +212,7 @@ cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2metal_seed_corpus.zip
cp out/Fuzz/sksl2pipeline $OUT/sksl2pipeline
cp ../skia_data/sksl_seed_corpus.zip $OUT/sksl2pipeline_seed_corpus.zip
# Don't have any examples of an SkDescriptor atm, so some random bytes is all we have.
cp out/Fuzz/skdescriptor_deserialize $OUT/skdescriptor_deserialize
cp ../skia_data/api_polyutils_seed_corpus.zip $OUT/skdescriptor_deserialize_seed_corpus.zip
cp out/Fuzz/svg_dom $OUT/svg_dom
cp ../skia_data/svg_dom_seed_corpus.zip $OUT/svg_dom_seed_corpus.zip

244
projects/skia/skia.diff
View File

@ -1,244 +0,0 @@
diff --git a/fuzz/FuzzPathMeasure.cpp b/fuzz/FuzzPathMeasure.cpp
index 310735611f..cfde48022d 100644
--- a/fuzz/FuzzPathMeasure.cpp
+++ b/fuzz/FuzzPathMeasure.cpp
@@ -22,6 +22,9 @@ DEF_FUZZ(PathMeasure, fuzz) {
FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb);
SkRect bounds = path.getBounds();
SkScalar maxDim = std::max(bounds.width(), bounds.height());
+ if (maxDim > 10000000) {
+ return;
+ }
SkScalar resScale = maxDim / 1000;
SkPathMeasure measure(path, bits & 1, resScale);
SkPoint position;
diff --git a/src/core/SkAAClip.cpp b/src/core/SkAAClip.cpp
index 22fd36ce1b..8a6025f641 100644
--- a/src/core/SkAAClip.cpp
+++ b/src/core/SkAAClip.cpp
@@ -1547,6 +1547,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A,
int topB = iterB.top();
int botB = iterB.bottom();
+#if defined(IS_FUZZING)
+ if ((botA - topA) > 100000 || (botB - topB) > 100000) {
+ return;
+ }
+#endif
+
do {
const uint8_t* rowA = nullptr;
const uint8_t* rowB = nullptr;
diff --git a/src/core/SkDraw.cpp b/src/core/SkDraw.cpp
index 48858d1c9b..8fe7057a26 100644
--- a/src/core/SkDraw.cpp
+++ b/src/core/SkDraw.cpp
@@ -958,6 +958,12 @@ void SkDraw::drawPath(const SkPath& origSrcPath, const SkPaint& origPaint,
// transform the path into device space
pathPtr->transform(matrixProvider->localToDevice(), devPathPtr);
+#if defined(IS_FUZZING)
+ if (devPathPtr->countPoints() > 1000) {
+ return;
+ }
+#endif
+
this->drawDevPath(*devPathPtr, *paint, drawCoverage, customBlitter, doFill);
}
diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp
index 11bbd36693..f5fb7247af 100644
--- a/src/core/SkImageFilter.cpp
+++ b/src/core/SkImageFilter.cpp
@@ -174,6 +174,12 @@ bool SkImageFilter_Base::Common::unflatten(SkReadBuffer& buffer, int expectedCou
return false;
}
+#if defined(IS_FUZZING)
+ if (count > 4) {
+ return false;
+ }
+#endif
+
SkASSERT(fInputs.empty());
for (int i = 0; i < count; i++) {
fInputs.push_back(buffer.readBool() ? buffer.readImageFilter() : nullptr);
diff --git a/src/core/SkMallocPixelRef.cpp b/src/core/SkMallocPixelRef.cpp
index 02fd9c4580..7a23974b85 100644
--- a/src/core/SkMallocPixelRef.cpp
+++ b/src/core/SkMallocPixelRef.cpp
@@ -34,6 +34,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeAllocate(const SkImageInfo& info, size_t
if (SkImageInfo::ByteSizeOverflowed(size)) {
return nullptr;
}
+#if defined(IS_FUZZING)
+ if (size > 100000) {
+ return nullptr;
+ }
+#endif
void* addr = sk_calloc_canfail(size);
if (nullptr == addr) {
return nullptr;
diff --git a/src/core/SkMaskFilter.cpp b/src/core/SkMaskFilter.cpp
index 222a5943e1..466307e9b3 100644
--- a/src/core/SkMaskFilter.cpp
+++ b/src/core/SkMaskFilter.cpp
@@ -262,6 +262,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix,
SkMask srcM, dstM;
+#if defined(IS_FUZZING)
+ if (devPath.countVerbs() > 1000 || devPath.countPoints() > 1000) {
+ return false;
+ }
+#endif
if (!SkDraw::DrawToMask(devPath, &clip.getBounds(), this, &matrix, &srcM,
SkMask::kComputeBoundsAndRenderImage_CreateMode,
style)) {
diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp
index 001fa39338..f0b2bcd684 100644
--- a/src/core/SkPaint.cpp
+++ b/src/core/SkPaint.cpp
@@ -333,6 +333,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect
SkStrokeRec rec(*this, resScale);
+#if defined(IS_FUZZING)
+ // Prevent lines with small widths from timing out.
+ if (rec.getStyle() == SkStrokeRec::Style::kStroke_Style && rec.getWidth() < 0.001) {
+ return false;
+ }
+#endif
+
const SkPath* srcPtr = &src;
SkPath tmpPath;
diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp
index 0122601937..8c46011fe3 100644
--- a/src/core/SkPath.cpp
+++ b/src/core/SkPath.cpp
@@ -3182,7 +3182,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st
SkScalar sweepAngle, bool useCenter, bool isFillNoPathEffect) {
SkASSERT(!oval.isEmpty());
SkASSERT(sweepAngle);
-
+#if defined(IS_FUZZING)
+ if (sweepAngle > 3600.0f || sweepAngle < -3600.0f) {
+ return;
+ }
+#endif
path->reset();
path->setIsVolatile(true);
path->setFillType(SkPathFillType::kWinding);
diff --git a/src/core/SkScan_Hairline.cpp b/src/core/SkScan_Hairline.cpp
index eeea9e78f0..4c8d2a8f3f 100644
--- a/src/core/SkScan_Hairline.cpp
+++ b/src/core/SkScan_Hairline.cpp
@@ -122,7 +122,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
if (ix0 == ix1) {// too short to draw
continue;
}
-
+#if defined(IS_FUZZING)
+ if ((ix1 - ix0) > 100000 || (ix1 - ix0) < 0) {
+ continue; // too big to draw
+ }
+#endif
SkFixed slope = SkFixedDiv(dy, dx);
SkFixed startY = SkFDot6ToFixed(y0) + (slope * ((32 - x0) & 63) >> 6);
@@ -138,7 +142,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion*
if (iy0 == iy1) { // too short to draw
continue;
}
-
+#if defined(IS_FUZZING)
+ if ((iy1 - iy0) > 100000 || (iy1 - iy0) < 0) {
+ continue; // too big to draw
+ }
+#endif
SkFixed slope = SkFixedDiv(dx, dy);
SkFixed startX = SkFDot6ToFixed(x0) + (slope * ((32 - y0) & 63) >> 6);
diff --git a/src/effects/Sk1DPathEffect.cpp b/src/effects/Sk1DPathEffect.cpp
index 16dee4a90b..a306585b20 100644
--- a/src/effects/Sk1DPathEffect.cpp
+++ b/src/effects/Sk1DPathEffect.cpp
@@ -19,6 +19,11 @@
bool Sk1DPathEffect::onFilterPath(SkPath* dst, const SkPath& src,
SkStrokeRec*, const SkRect*) const {
SkPathMeasure meas(src, false);
+#if defined(IS_FUZZING)
+ if (meas.getLength() < 0 || meas.getLength() > 100) {
+ return false;
+ }
+#endif
do {
int governor = MAX_REASONABLE_ITERATIONS;
SkScalar length = meas.getLength();
diff --git a/src/effects/Sk2DPathEffect.cpp b/src/effects/Sk2DPathEffect.cpp
index fa19bb96b8..005daff13b 100644
--- a/src/effects/Sk2DPathEffect.cpp
+++ b/src/effects/Sk2DPathEffect.cpp
@@ -51,6 +51,11 @@ void Sk2DPathEffect::nextSpan(int x, int y, int count, SkPath* path) const {
if (!fMatrixIsInvertible) {
return;
}
+#if defined(IS_FUZZING)
+ if (count > 100) {
+ return;
+ }
+#endif
const SkMatrix& mat = this->getMatrix();
SkPoint src, dst;
diff --git a/src/effects/SkDiscretePathEffect.cpp b/src/effects/SkDiscretePathEffect.cpp
index 4ad1165b0f..a79526a909 100644
--- a/src/effects/SkDiscretePathEffect.cpp
+++ b/src/effects/SkDiscretePathEffect.cpp
@@ -97,6 +97,11 @@ bool SkDiscretePathEffect::onFilterPath(SkPath* dst, const SkPath& src,
do {
SkScalar length = meas.getLength();
+#if defined(IS_FUZZING)
+ if (length > 1000) {
+ return false;
+ }
+#endif
if (fSegLength * (2 + doFill) > length) {
meas.getSegment(0, length, dst, true); // to short for us to mangle
diff --git a/src/effects/SkLayerDrawLooper.cpp b/src/effects/SkLayerDrawLooper.cpp
index 42592211a9..3b46f632cf 100644
--- a/src/effects/SkLayerDrawLooper.cpp
+++ b/src/effects/SkLayerDrawLooper.cpp
@@ -213,6 +213,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const {
sk_sp<SkFlattenable> SkLayerDrawLooper::CreateProc(SkReadBuffer& buffer) {
int count = buffer.readInt();
+#if defined(IS_FUZZING)
+ if (count > 100) {
+ count = 100;
+ }
+#endif
Builder builder;
for (int i = 0; i < count; i++) {
LayerInfo info;
diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp
index 1bba63cc0a..e569514902 100644
--- a/src/ports/SkDebug_stdio.cpp
+++ b/src/ports/SkDebug_stdio.cpp
@@ -12,9 +12,13 @@
#include <stdio.h>
void SkDebugf(const char format[], ...) {
+#if !defined(IS_FUZZING_WITH_LIBFUZZER)
va_list args;
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
+#else
+ (void) format;
+#endif
}
#endif//!defined(SK_BUILD_FOR_WIN) && !defined(SK_BUILD_FOR_ANDROID)