mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1785991 - Add COLRv1 fuzzer. r=jfkthame 

Differential Revision: https://phabricator.services.mozilla.com/D155056
This commit is contained in:
Christian Holler 2022-09-07 11:27:34 +00:00
Родитель 950f123286
Коммит fcc4e9327a
6 изменённых файлов: 302 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
gfx/moz.build
Просмотреть файл

@ -34,6 +34,9 @@ DIRS += [
if CONFIG["ENABLE_TESTS"]:
DIRS += ["tests/gtest"]
if CONFIG["FUZZING_INTERFACES"]:
DIRS += ["tests/fuzz"]
TEST_DIRS += ["tests"]
SPHINX_TREES["/gfx"] = "docs"

149
gfx/tests/fuzz/MockDrawTarget.h Normal file
Просмотреть файл

@ -0,0 +1,149 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef FUZZ_MOCKDRAWTARGET_H
#define FUZZ_MOCKDRAWTARGET_H
#include "mozilla/gfx/2D.h"
class MockDrawTarget : public mozilla::gfx::DrawTarget {
public:
using Rect = mozilla::gfx::Rect;
using Point = mozilla::gfx::Point;
using DrawTargetType = mozilla::gfx::DrawTargetType;
using BackendType = mozilla::gfx::BackendType;
using SourceSurface = mozilla::gfx::SourceSurface;
using IntSize = mozilla::gfx::IntSize;
using DrawSurfaceOptions = mozilla::gfx::DrawSurfaceOptions;
using DrawOptions = mozilla::gfx::DrawOptions;
using FilterNode = mozilla::gfx::FilterNode;
using ShadowOptions = mozilla::gfx::ShadowOptions;
using CompositionOp = mozilla::gfx::CompositionOp;
using IntRect = mozilla::gfx::IntRect;
using IntPoint = mozilla::gfx::IntPoint;
using Pattern = mozilla::gfx::Pattern;
using StrokeOptions = mozilla::gfx::StrokeOptions;
using Path = mozilla::gfx::Path;
using ScaledFont = mozilla::gfx::ScaledFont;
using GlyphBuffer = mozilla::gfx::GlyphBuffer;
using Float = mozilla::gfx::Float;
using Matrix = mozilla::gfx::Matrix;
using SurfaceFormat = mozilla::gfx::SurfaceFormat;
using NativeSurface = mozilla::gfx::NativeSurface;
using PathBuilder = mozilla::gfx::PathBuilder;
using GradientStop = mozilla::gfx::GradientStop;
using GradientStops = mozilla::gfx::GradientStops;
using FillRule = mozilla::gfx::FillRule;
using ExtendMode = mozilla::gfx::ExtendMode;
using FilterType = mozilla::gfx::FilterType;
class MockGradientStops : public GradientStops {
public:
MockGradientStops() {}
virtual ~MockGradientStops() = default;
BackendType GetBackendType() const final { return BackendType::NONE; }
};
MockDrawTarget() {}
virtual ~MockDrawTarget() = default;
DrawTargetType GetType() const final {
return DrawTargetType::SOFTWARE_RASTER;
}
BackendType GetBackendType() const final { return BackendType::NONE; }
already_AddRefed<SourceSurface> Snapshot() final { return nullptr; }
already_AddRefed<SourceSurface> GetBackingSurface() final { return nullptr; }
IntSize GetSize() const final { return IntSize(100, 100); }
void Flush() final {}
void DrawSurface(
SourceSurface* aSurface, const Rect& aDest, const Rect& aSource,
const DrawSurfaceOptions& aSurfOptions = DrawSurfaceOptions(),
const DrawOptions& aOptions = DrawOptions()) final {}
void DrawFilter(FilterNode* aNode, const Rect& aSourceRect,
const Point& aDestPoint,
const DrawOptions& aOptions = DrawOptions()) final {}
void DrawSurfaceWithShadow(SourceSurface* aSurface, const Point& aDest,
const ShadowOptions& aShadow,
CompositionOp aOperator) final {}
void ClearRect(const Rect& aRect) final {}
void CopySurface(SourceSurface* aSurface, const IntRect& aSourceRect,
const IntPoint& aDestination) final {}
void FillRect(const Rect& aRect, const Pattern& aPattern,
const DrawOptions& aOptions = DrawOptions()) final {}
void StrokeRect(const Rect& aRect, const Pattern& aPattern,
const StrokeOptions& aStrokeOptions = StrokeOptions(),
const DrawOptions& aOptions = DrawOptions()) final {}
void StrokeLine(const Point& aStart, const Point& aEnd,
const Pattern& aPattern,
const StrokeOptions& aStrokeOptions = StrokeOptions(),
const DrawOptions& aOptions = DrawOptions()) final {}
void Stroke(const Path* aPath, const Pattern& aPattern,
const StrokeOptions& aStrokeOptions = StrokeOptions(),
const DrawOptions& aOptions = DrawOptions()) final {}
void Fill(const Path* aPath, const Pattern& aPattern,
const DrawOptions& aOptions = DrawOptions()) final {}
void FillGlyphs(ScaledFont* aFont, const GlyphBuffer& aBuffer,
const Pattern& aPattern,
const DrawOptions& aOptions = DrawOptions()) final {}
void Mask(const Pattern& aSource, const Pattern& aMask,
const DrawOptions& aOptions = DrawOptions()) final {}
void MaskSurface(const Pattern& aSource, SourceSurface* aMask, Point aOffset,
const DrawOptions& aOptions = DrawOptions()) final {}
void PushClip(const Path* aPath) final {}
void PushClipRect(const Rect& aRect) final {}
void PopClip() final {}
void PushLayer(bool aOpaque, Float aOpacity, SourceSurface* aMask,
const Matrix& aMaskTransform,
const IntRect& aBounds = IntRect(),
bool aCopyBackground = false) final {}
void PushLayerWithBlend(bool aOpaque, Float aOpacity, SourceSurface* aMask,
const Matrix& aMaskTransform,
const IntRect& aBounds = IntRect(),
bool aCopyBackground = false,
CompositionOp = CompositionOp::OP_OVER) final {}
void PopLayer() final {}
already_AddRefed<SourceSurface> CreateSourceSurfaceFromData(
unsigned char* aData, const IntSize& aSize, int32_t aStride,
SurfaceFormat aFormat) const final {
return nullptr;
}
already_AddRefed<SourceSurface> OptimizeSourceSurface(
SourceSurface* aSurface) const final {
return nullptr;
}
already_AddRefed<SourceSurface> CreateSourceSurfaceFromNativeSurface(
const NativeSurface& aSurface) const final {
return nullptr;
}
already_AddRefed<DrawTarget> CreateSimilarDrawTarget(
const IntSize& aSize, SurfaceFormat aFormat) const final {
return nullptr;
}
bool CanCreateSimilarDrawTarget(const IntSize& aSize,
SurfaceFormat aFormat) const final {
return false;
}
RefPtr<DrawTarget> CreateClippedDrawTarget(const Rect& aBounds,
SurfaceFormat aFormat) final {
return nullptr;
}
already_AddRefed<PathBuilder> CreatePathBuilder(
FillRule aFillRule = FillRule::FILL_WINDING) const final {
return nullptr;
}
already_AddRefed<GradientStops> CreateGradientStops(
GradientStop* aStops, uint32_t aNumStops,
ExtendMode aExtendMode = ExtendMode::CLAMP) const final {
RefPtr rv = new MockGradientStops();
return rv.forget();
}
already_AddRefed<FilterNode> CreateFilter(FilterType aType) final {
return nullptr;
}
void DetachAllSnapshots() final {}
};
#endif

58
gfx/tests/fuzz/MockScaledFont.h Normal file
Просмотреть файл

@ -0,0 +1,58 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef FUZZ_MOCKSCALEDFONT_H
#define FUZZ_MOCKSCALEDFONT_H
#include "mozilla/gfx/2D.h"
class MockUnscaledFont : public mozilla::gfx::UnscaledFont {
public:
using FontType = mozilla::gfx::FontType;
FontType GetType() const final { return FontType::UNKNOWN; }
};
class MockScaledFont : public mozilla::gfx::ScaledFont {
public:
using FontType = mozilla::gfx::FontType;
using Float = mozilla::gfx::Float;
using Path = mozilla::gfx::Path;
using GlyphBuffer = mozilla::gfx::GlyphBuffer;
using DrawTarget = mozilla::gfx::DrawTarget;
using PathBuilder = mozilla::gfx::PathBuilder;
using Matrix = mozilla::gfx::Matrix;
MockScaledFont(const RefPtr<MockUnscaledFont>& aUnscaledFont,
hb_font_t* aHBFont)
: ScaledFont(aUnscaledFont), mHBFont(hb_font_reference(aHBFont)) {}
virtual ~MockScaledFont() { hb_font_destroy(mHBFont); }
FontType GetType() const final { return FontType::UNKNOWN; }
Float GetSize() const final {
int x, y;
hb_font_get_scale(mHBFont, &x, &y);
return Float(y / 65536.0);
}
already_AddRefed<Path> GetPathForGlyphs(const GlyphBuffer& aBuffer,
const DrawTarget* aTarget) final {
RefPtr builder = mozilla::gfx::Factory::CreateSimplePathBuilder();
CopyGlyphsToBuilder(aBuffer, builder);
RefPtr path = builder->Finish();
return path.forget();
}
void CopyGlyphsToBuilder(const GlyphBuffer& aBuffer, PathBuilder* aBuilder,
const Matrix* aTransformHint = nullptr) final {
// We could use hb_font_get_glyph_shape to extract the glyph path here,
// but the COLRv1 parsing code doesn't actually use it (it just passes it
// through to Moz2D), so for now we'll just return an empty path.
}
private:
hb_font_t* mHBFont;
};
#endif

77
gfx/tests/fuzz/TestCOLRv1.cpp Normal file
Просмотреть файл

@ -0,0 +1,77 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "COLRFonts.h"
#include "gfxFontUtils.h"
#include "harfbuzz/hb.h"
#include "MockDrawTarget.h"
#include "MockScaledFont.h"
#include "FuzzingInterface.h"
#include "mozilla/Preferences.h"
using namespace mozilla;
using namespace mozilla::gfx;
static int FuzzingRunCOLRv1(const uint8_t* data, size_t size) {
gfxFontUtils::AutoHBBlob hb_data_blob(hb_blob_create(
(const char*)data, size, HB_MEMORY_MODE_READONLY, nullptr, nullptr));
hb_face_t* hb_data_face = hb_face_create(hb_data_blob, 0);
if (!hb_data_face) {
return 0;
}
gfxFontUtils::AutoHBBlob colr(
hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'O', 'L', 'R')));
gfxFontUtils::AutoHBBlob cpal(
hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'P', 'A', 'L')));
if (!colr || !cpal || !COLRFonts::ValidateColorGlyphs(colr, cpal)) {
hb_face_destroy(hb_data_face);
return 0;
}
const float kPixelSize = 16.0f;
unsigned glyph_count = hb_face_get_glyph_count(hb_data_face);
hb_font_t* hb_data_font = hb_font_create(hb_data_face);
uint32_t scale = NS_round(kPixelSize * 65536.0); // size as 16.16 fixed-point
hb_font_set_scale(hb_data_font, scale, scale);
RefPtr dt = new MockDrawTarget();
RefPtr uf = new MockUnscaledFont();
RefPtr sf = new MockScaledFont(uf, hb_data_font);
Float f2p = kPixelSize / hb_face_get_upem(hb_data_face);
for (unsigned i = 0; i <= glyph_count; ++i) {
if (COLRFonts::GetColrTableVersion(colr) == 1) {
Rect bounds =
COLRFonts::GetColorGlyphBounds(colr, hb_data_font, i, dt, sf, f2p);
const auto* paintGraph = COLRFonts::GetGlyphPaintGraph(colr, i);
if (paintGraph) {
dt->PushClipRect(bounds);
COLRFonts::PaintGlyphGraph(colr, hb_data_font, paintGraph, dt, nullptr,
sf, DrawOptions(), sRGBColor(), Point(), i,
f2p);
dt->PopClip();
}
}
const auto* layers = COLRFonts::GetGlyphLayers(colr, i);
if (layers) {
COLRFonts::PaintGlyphLayers(colr, hb_data_face, layers, dt, nullptr, sf,
DrawOptions(), sRGBColor(), Point());
}
}
hb_font_destroy(hb_data_font);
hb_face_destroy(hb_data_face);
return 0;
}
int FuzzingInitCOLRv1(int* argc, char*** argv) {
Preferences::SetBool("gfx.font_rendering.colr_v1.enabled", true);
return 0;
}
MOZ_FUZZING_INTERFACE_RAW(FuzzingInitCOLRv1, FuzzingRunCOLRv1, GfxCOLRv1);

13
gfx/tests/fuzz/moz.build Normal file
Просмотреть файл

@ -0,0 +1,13 @@
# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
# vim: set filetype=python:
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
UNIFIED_SOURCES += [
"TestCOLRv1.cpp",
]
include("/tools/fuzzing/libfuzzer-config.mozbuild")
FINAL_LIBRARY = "xul-gtest"

2
gfx/thebes/moz.build
Просмотреть файл

@ -298,3 +298,5 @@ if CONFIG["CC_TYPE"] in ("clang", "clang-cl"):
SOURCES["gfxPlatform.cpp"].flags += ["-Wno-implicit-fallthrough"]
CXXFLAGS += ["-Werror=switch"]
include("/tools/fuzzing/libfuzzer-config.mozbuild")