Prevent exponential growth of 'nice' paths when fuzzing

Bug: oss-fuzz:11491, oss-fuzz:11514 and others Change-Id: I60f05b889a73749ddcde7cf2bf3beabab33b0538 Reviewed-on: https://skia-review.googlesource.com/c/178180 Commit-Queue: Kevin Lubick <kjlubick@google.com> Commit-Queue: Mike Klein <mtklein@google.com> Reviewed-by: Mike Klein <mtklein@google.com> Auto-Submit: Kevin Lubick <kjlubick@google.com>
author: Kevin Lubick <kjlubick@google.com> 2018-12-17 12:57:53 -0500
committer: Skia Commit-Bot <skia-commit-bot@chromium.org> 2018-12-17 18:27:47 +0000
commit: 96d9dd8d016391813f0baefc81f08b088f71b982 (patch)
tree: 000bebc077164414e80a8b478b54d407d6ce1953 /fuzz
parent: cc4f7ebf280cd475c35ee10de007c6ff5709f73f (diff)
download: platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.tar.gz
platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.tar.bz2
platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/fuzz/FuzzCommon.cpp b/fuzz/FuzzCommon.cpp
index 94e8c85531..79ffdee563 100644
--- a/fuzz/FuzzCommon.cpp
+++ b/fuzz/FuzzCommon.cpp
@@ -29,7 +29,7 @@ static void fuzz_nice_rect(Fuzz* fuzz, SkRect* r) {
 
 // allows some float values for path points
 void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps) {
-    if (maxOps <= 0) {
+    if (maxOps <= 0 || fuzz->exhausted() || path->countPoints() > 100000) {
         return;
     }
     uint8_t fillType;
@@ -38,8 +38,15 @@ void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps) {
     uint8_t numOps;
     fuzz->nextRange(&numOps, 0, maxOps);
     for (uint8_t i = 0; i < numOps; ++i) {
+        // When we start adding the path to itself, the fuzzer can make an
+        // exponentially long path, which causes timeouts.
+        if (path->countPoints() > 100000) {
+            return;
+        }
+        // How many items in the switch statement below.
+        constexpr uint8_t PATH_OPERATIONS = 32;
         uint8_t op;
-        fuzz->nextRange(&op, 0, 32);
+        fuzz->nextRange(&op, 0, PATH_OPERATIONS);
         bool test;
         SkPath p;
         SkMatrix m;
@@ -205,7 +212,7 @@ void FuzzNicePath(Fuzz* fuzz, SkPath* path, int maxOps) {
                 fuzz_nice_float(fuzz, &a, &b);
                 path->setLastPt(a, b);
                 break;
-            case 32:
+            case PATH_OPERATIONS:
                 path->shrinkToFit();
                 break;
author	Kevin Lubick <kjlubick@google.com>	2018-12-17 12:57:53 -0500
committer	Skia Commit-Bot <skia-commit-bot@chromium.org>	2018-12-17 18:27:47 +0000
commit	96d9dd8d016391813f0baefc81f08b088f71b982 (patch)
tree	000bebc077164414e80a8b478b54d407d6ce1953 /fuzz
parent	cc4f7ebf280cd475c35ee10de007c6ff5709f73f (diff)
download	platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.tar.gz platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.tar.bz2 platform_external_skqp-96d9dd8d016391813f0baefc81f08b088f71b982.zip