| diff --git a/fuzz/FuzzPathMeasure.cpp b/fuzz/FuzzPathMeasure.cpp |
| index 310735611f..cfde48022d 100644 |
| --- a/fuzz/FuzzPathMeasure.cpp |
| +++ b/fuzz/FuzzPathMeasure.cpp |
| @@ -22,6 +22,9 @@ DEF_FUZZ(PathMeasure, fuzz) { |
| FuzzEvilPath(fuzz, &path, SkPath::Verb::kDone_Verb); |
| SkRect bounds = path.getBounds(); |
| SkScalar maxDim = std::max(bounds.width(), bounds.height()); |
| + if (maxDim > 10000000) { |
| + return; |
| + } |
| SkScalar resScale = maxDim / 1000; |
| SkPathMeasure measure(path, bits & 1, resScale); |
| SkPoint position; |
| diff --git a/src/core/SkAAClip.cpp b/src/core/SkAAClip.cpp |
| index 22fd36ce1b..8a6025f641 100644 |
| --- a/src/core/SkAAClip.cpp |
| +++ b/src/core/SkAAClip.cpp |
| @@ -1547,6 +1547,12 @@ static void operateY(SkAAClip::Builder& builder, const SkAAClip& A, |
| int topB = iterB.top(); |
| int botB = iterB.bottom(); |
| |
| +#if defined(IS_FUZZING) |
| + if ((botA - topA) > 100000 || (botB - topB) > 100000) { |
| + return; |
| + } |
| +#endif |
| + |
| do { |
| const uint8_t* rowA = nullptr; |
| const uint8_t* rowB = nullptr; |
| diff --git a/src/core/SkDraw.cpp b/src/core/SkDraw.cpp |
| index 99c8bd8284..335d2e97a0 100644 |
| --- a/src/core/SkDraw.cpp |
| +++ b/src/core/SkDraw.cpp |
| @@ -958,6 +958,12 @@ void SkDraw::drawPath(const SkPath& origSrcPath, const SkPaint& origPaint, |
| // transform the path into device space |
| pathPtr->transform(matrixProvider->localToDevice(), devPathPtr); |
| |
| +#if defined(IS_FUZZING) |
| + if (devPathPtr->countPoints() > 1000) { |
| + return; |
| + } |
| +#endif |
| + |
| this->drawDevPath(*devPathPtr, *paint, drawCoverage, customBlitter, doFill); |
| } |
| |
| diff --git a/src/core/SkImageFilter.cpp b/src/core/SkImageFilter.cpp |
| index 80f4d0b62d..c4aabb0540 100644 |
| --- a/src/core/SkImageFilter.cpp |
| +++ b/src/core/SkImageFilter.cpp |
| @@ -176,6 +176,12 @@ bool SkImageFilter_Base::Common::unflatten(SkReadBuffer& buffer, int expectedCou |
| return false; |
| } |
| |
| +#if defined(IS_FUZZING) |
| + if (count > 4) { |
| + return false; |
| + } |
| +#endif |
| + |
| SkASSERT(fInputs.empty()); |
| for (int i = 0; i < count; i++) { |
| fInputs.push_back(buffer.readBool() ? buffer.readImageFilter() : nullptr); |
| diff --git a/src/core/SkMallocPixelRef.cpp b/src/core/SkMallocPixelRef.cpp |
| index d998029a2b..8807c1fc4d 100644 |
| --- a/src/core/SkMallocPixelRef.cpp |
| +++ b/src/core/SkMallocPixelRef.cpp |
| @@ -37,6 +37,11 @@ sk_sp<SkPixelRef> SkMallocPixelRef::MakeAllocate(const SkImageInfo& info, size_t |
| return nullptr; |
| } |
| } |
| +#if defined(IS_FUZZING) |
| + if (size > 100000) { |
| + return nullptr; |
| + } |
| +#endif |
| void* addr = sk_calloc_canfail(size); |
| if (nullptr == addr) { |
| return nullptr; |
| diff --git a/src/core/SkMaskFilter.cpp b/src/core/SkMaskFilter.cpp |
| index c840a68a03..5692773a33 100644 |
| --- a/src/core/SkMaskFilter.cpp |
| +++ b/src/core/SkMaskFilter.cpp |
| @@ -262,6 +262,11 @@ bool SkMaskFilterBase::filterPath(const SkPath& devPath, const SkMatrix& matrix, |
| |
| SkMask srcM, dstM; |
| |
| +#if defined(IS_FUZZING) |
| + if (devPath.countVerbs() > 1000 || devPath.countPoints() > 1000) { |
| + return false; |
| + } |
| +#endif |
| if (!SkDraw::DrawToMask(devPath, &clip.getBounds(), this, &matrix, &srcM, |
| SkMask::kComputeBoundsAndRenderImage_CreateMode, |
| style)) { |
| diff --git a/src/core/SkPaint.cpp b/src/core/SkPaint.cpp |
| index f294dbe4a0..12100e1624 100644 |
| --- a/src/core/SkPaint.cpp |
| +++ b/src/core/SkPaint.cpp |
| @@ -449,6 +449,13 @@ bool SkPaint::getFillPath(const SkPath& src, SkPath* dst, const SkRect* cullRect |
| |
| SkStrokeRec rec(*this, resScale); |
| |
| +#if defined(IS_FUZZING) |
| + // Prevent lines with small widths from timing out. |
| + if (rec.getStyle() == SkStrokeRec::Style::kStroke_Style && rec.getWidth() < 0.001) { |
| + return false; |
| + } |
| +#endif |
| + |
| const SkPath* srcPtr = &src; |
| SkPath tmpPath; |
| |
| diff --git a/src/core/SkPath.cpp b/src/core/SkPath.cpp |
| index 09c061de51..34b3f0bd63 100644 |
| --- a/src/core/SkPath.cpp |
| +++ b/src/core/SkPath.cpp |
| @@ -3173,7 +3173,11 @@ void SkPathPriv::CreateDrawArcPath(SkPath* path, const SkRect& oval, SkScalar st |
| SkScalar sweepAngle, bool useCenter, bool isFillNoPathEffect) { |
| SkASSERT(!oval.isEmpty()); |
| SkASSERT(sweepAngle); |
| - |
| +#if defined(IS_FUZZING) |
| + if (sweepAngle > 3600.0f || sweepAngle < 3600.0f) { |
| + return; |
| + } |
| +#endif |
| path->reset(); |
| path->setIsVolatile(true); |
| path->setFillType(SkPathFillType::kWinding); |
| diff --git a/src/core/SkReadBuffer.cpp b/src/core/SkReadBuffer.cpp |
| index c7e26df8d4..eb9b28141d 100644 |
| --- a/src/core/SkReadBuffer.cpp |
| +++ b/src/core/SkReadBuffer.cpp |
| @@ -277,7 +277,12 @@ sk_sp<SkData> SkReadBuffer::readByteArrayAsData() { |
| uint32_t SkReadBuffer::getArrayCount() { |
| const size_t inc = sizeof(uint32_t); |
| fError = fError || !IsPtrAlign4(fReader.peek()) || !fReader.isAvailable(inc); |
| +#if defined(IS_FUZZING) |
| + uint32_t retVal = fError ? 0 : *(uint32_t*)fReader.peek(); |
| + return retVal < 1000 ? retVal: 1000; |
| +#else |
| return fError ? 0 : *(uint32_t*)fReader.peek(); |
| +#endif |
| } |
| |
| /* Format: |
| diff --git a/src/core/SkScan_Hairline.cpp b/src/core/SkScan_Hairline.cpp |
| index eeea9e78f0..4c8d2a8f3f 100644 |
| --- a/src/core/SkScan_Hairline.cpp |
| +++ b/src/core/SkScan_Hairline.cpp |
| @@ -122,7 +122,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion* |
| if (ix0 == ix1) {// too short to draw |
| continue; |
| } |
| - |
| +#if defined(IS_FUZZING) |
| + if ((ix1 - ix0) > 100000 || (ix1 - ix0) < 0) { |
| + continue; // too big to draw |
| + } |
| +#endif |
| SkFixed slope = SkFixedDiv(dy, dx); |
| SkFixed startY = SkFDot6ToFixed(y0) + (slope * ((32 - x0) & 63) >> 6); |
| |
| @@ -138,7 +142,11 @@ void SkScan::HairLineRgn(const SkPoint array[], int arrayCount, const SkRegion* |
| if (iy0 == iy1) { // too short to draw |
| continue; |
| } |
| - |
| +#if defined(IS_FUZZING) |
| + if ((iy1 - iy0) > 100000 || (iy1 - iy0) < 0) { |
| + continue; // too big to draw |
| + } |
| +#endif |
| SkFixed slope = SkFixedDiv(dx, dy); |
| SkFixed startX = SkFDot6ToFixed(x0) + (slope * ((32 - y0) & 63) >> 6); |
| |
| diff --git a/src/effects/Sk1DPathEffect.cpp b/src/effects/Sk1DPathEffect.cpp |
| index 360179d663..04df451f2a 100644 |
| --- a/src/effects/Sk1DPathEffect.cpp |
| +++ b/src/effects/Sk1DPathEffect.cpp |
| @@ -19,6 +19,11 @@ |
| bool Sk1DPathEffect::onFilterPath(SkPath* dst, const SkPath& src, |
| SkStrokeRec*, const SkRect*) const { |
| SkPathMeasure meas(src, false); |
| +#if defined(IS_FUZZING) |
| + if (meas.getLength() < 0 || meas.getLength() > 100) { |
| + return false; |
| + } |
| +#endif |
| do { |
| int governor = MAX_REASONABLE_ITERATIONS; |
| SkScalar length = meas.getLength(); |
| diff --git a/src/effects/Sk2DPathEffect.cpp b/src/effects/Sk2DPathEffect.cpp |
| index fa19bb96b8..005daff13b 100644 |
| --- a/src/effects/Sk2DPathEffect.cpp |
| +++ b/src/effects/Sk2DPathEffect.cpp |
| @@ -51,6 +51,11 @@ void Sk2DPathEffect::nextSpan(int x, int y, int count, SkPath* path) const { |
| if (!fMatrixIsInvertible) { |
| return; |
| } |
| +#if defined(IS_FUZZING) |
| + if (count > 100) { |
| + return; |
| + } |
| +#endif |
| |
| const SkMatrix& mat = this->getMatrix(); |
| SkPoint src, dst; |
| diff --git a/src/effects/SkDashPathEffect.cpp b/src/effects/SkDashPathEffect.cpp |
| index d392dc2317..d71515f1d4 100644 |
| --- a/src/effects/SkDashPathEffect.cpp |
| +++ b/src/effects/SkDashPathEffect.cpp |
| @@ -381,6 +381,12 @@ sk_sp<SkFlattenable> SkDashImpl::CreateProc(SkReadBuffer& buffer) { |
| return nullptr; |
| } |
| |
| +#if defined(IS_FUZZING) |
| + // TODO(kjlubick) Can this be removed now that we have the check above? |
| + if (count > 20) { |
| + return nullptr; |
| + } |
| +#endif |
| SkAutoSTArray<32, SkScalar> intervals(count); |
| if (buffer.readScalarArray(intervals.get(), count)) { |
| return SkDashPathEffect::Make(intervals.get(), SkToInt(count), phase); |
| diff --git a/src/effects/SkDiscretePathEffect.cpp b/src/effects/SkDiscretePathEffect.cpp |
| index 4ad1165b0f..a79526a909 100644 |
| --- a/src/effects/SkDiscretePathEffect.cpp |
| +++ b/src/effects/SkDiscretePathEffect.cpp |
| @@ -97,6 +97,11 @@ bool SkDiscretePathEffect::onFilterPath(SkPath* dst, const SkPath& src, |
| |
| do { |
| SkScalar length = meas.getLength(); |
| +#if defined(IS_FUZZING) |
| + if (length > 1000) { |
| + return false; |
| + } |
| +#endif |
| |
| if (fSegLength * (2 + doFill) > length) { |
| meas.getSegment(0, length, dst, true); // to short for us to mangle |
| diff --git a/src/effects/SkLayerDrawLooper.cpp b/src/effects/SkLayerDrawLooper.cpp |
| index 42592211a9..3b46f632cf 100644 |
| --- a/src/effects/SkLayerDrawLooper.cpp |
| +++ b/src/effects/SkLayerDrawLooper.cpp |
| @@ -213,6 +213,11 @@ void SkLayerDrawLooper::flatten(SkWriteBuffer& buffer) const { |
| sk_sp<SkFlattenable> SkLayerDrawLooper::CreateProc(SkReadBuffer& buffer) { |
| int count = buffer.readInt(); |
| |
| +#if defined(IS_FUZZING) |
| + if (count > 100) { |
| + count = 100; |
| + } |
| +#endif |
| Builder builder; |
| for (int i = 0; i < count; i++) { |
| LayerInfo info; |
| diff --git a/src/ports/SkDebug_stdio.cpp b/src/ports/SkDebug_stdio.cpp |
| index 1bba63cc0a..e569514902 100644 |
| --- a/src/ports/SkDebug_stdio.cpp |
| +++ b/src/ports/SkDebug_stdio.cpp |
| @@ -12,9 +12,13 @@ |
| #include <stdio.h> |
| |
| void SkDebugf(const char format[], ...) { |
| +#if !defined(IS_FUZZING_WITH_LIBFUZZER) |
| va_list args; |
| va_start(args, format); |
| vfprintf(stderr, format, args); |
| va_end(args); |
| +#else |
| + (void) format; |
| +#endif |
| } |
| #endif//!defined(SK_BUILD_FOR_WIN) && !defined(SK_BUILD_FOR_ANDROID) |
