tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

TestMoz2D.cpp (2663B)

      1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 #include "FuzzingInterface.h"
      7 #include "FuzzingBufferReader.h"
      8 #include "mozilla/webrender/webrender_ffi.h"
      9 
     10 static int testInitMoz2D(int* argc, char*** argv) { return 0; }
     11 
     12 static int testMoz2DRenderCallback(const uint8_t* buf, size_t size) {
     13  FuzzingBufferReader fuzzBuf(buf, size);
     14 
     15  uint8_t imageFormat = MOZ_TRY(fuzzBuf.Read<uint8_t>());
     16 
     17  mozilla::wr::LayoutIntRect renderRect;
     18  renderRect.min.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     19  renderRect.min.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     20  renderRect.max.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     21  renderRect.max.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     22 
     23  mozilla::wr::DeviceIntRect visibleRect;
     24  visibleRect.min.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     25  visibleRect.min.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     26  visibleRect.max.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     27  visibleRect.max.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     28 
     29  uint16_t tileSize = MOZ_TRY(fuzzBuf.Read<uint16_t>());
     30 
     31  mozilla::wr::TileOffset tileOffset;
     32  if (tileSize) {
     33    tileOffset.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     34    tileOffset.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     35  }
     36 
     37  uint8_t haveDirtyRect = MOZ_TRY(fuzzBuf.Read<uint8_t>());
     38 
     39  mozilla::wr::LayoutIntRect dirtyRect;
     40  if (!!haveDirtyRect) {
     41    dirtyRect.min.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     42    dirtyRect.min.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     43    dirtyRect.max.x = MOZ_TRY(fuzzBuf.Read<int32_t>());
     44    dirtyRect.max.y = MOZ_TRY(fuzzBuf.Read<int32_t>());
     45  }
     46 
     47  uint32_t outLength = MOZ_TRY(fuzzBuf.Read<uint32_t>());
     48  if (outLength >= 10 * 1024 * 1024) {
     49    return 0;
     50  }
     51 
     52  uint32_t blobLength = fuzzBuf.Length();
     53  // limit buffer lengths to prevent oom
     54  if (blobLength >= 10 * 1024 * 1024) {
     55    return 0;
     56  }
     57 
     58  UniquePtr<uint8_t[]> blobBuffer(new uint8_t[blobLength]);
     59  memcpy(blobBuffer.get(), fuzzBuf.Pos(), blobLength);
     60 
     61  UniquePtr<uint8_t[]> outBuffer(new uint8_t[outLength]);
     62 
     63  wr_moz2d_render_cb(mozilla::wr::ByteSlice{blobBuffer.get(), blobLength},
     64                     static_cast<mozilla::wr::ImageFormat>(imageFormat),
     65                     &renderRect, &visibleRect, tileSize,
     66                     tileSize ? &tileOffset : nullptr,
     67                     !!haveDirtyRect ? &dirtyRect : nullptr,
     68                     mozilla::wr::MutByteSlice{outBuffer.get(), outLength});
     69 
     70  return 0;
     71 }
     72 
     73 MOZ_FUZZING_INTERFACE_RAW(testInitMoz2D, testMoz2DRenderCallback, Moz2D);