summaryrefslogtreecommitdiffstats
path: root/gfx/tests/fuzz
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /gfx/tests/fuzz
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'gfx/tests/fuzz')
-rw-r--r--gfx/tests/fuzz/MockDrawTarget.h149
-rw-r--r--gfx/tests/fuzz/MockScaledFont.h58
-rw-r--r--gfx/tests/fuzz/TestCOLRv1.cpp81
-rw-r--r--gfx/tests/fuzz/moz.build13
4 files changed, 301 insertions, 0 deletions
diff --git a/gfx/tests/fuzz/MockDrawTarget.h b/gfx/tests/fuzz/MockDrawTarget.h
new file mode 100644
index 0000000000..4657f6379b
--- /dev/null
+++ b/gfx/tests/fuzz/MockDrawTarget.h
@@ -0,0 +1,149 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FUZZ_MOCKDRAWTARGET_H
+#define FUZZ_MOCKDRAWTARGET_H
+
+#include "mozilla/gfx/2D.h"
+
+class MockDrawTarget : public mozilla::gfx::DrawTarget {
+ public:
+ using Rect = mozilla::gfx::Rect;
+ using Point = mozilla::gfx::Point;
+ using DrawTargetType = mozilla::gfx::DrawTargetType;
+ using BackendType = mozilla::gfx::BackendType;
+ using SourceSurface = mozilla::gfx::SourceSurface;
+ using IntSize = mozilla::gfx::IntSize;
+ using DrawSurfaceOptions = mozilla::gfx::DrawSurfaceOptions;
+ using DrawOptions = mozilla::gfx::DrawOptions;
+ using FilterNode = mozilla::gfx::FilterNode;
+ using ShadowOptions = mozilla::gfx::ShadowOptions;
+ using CompositionOp = mozilla::gfx::CompositionOp;
+ using IntRect = mozilla::gfx::IntRect;
+ using IntPoint = mozilla::gfx::IntPoint;
+ using Pattern = mozilla::gfx::Pattern;
+ using StrokeOptions = mozilla::gfx::StrokeOptions;
+ using Path = mozilla::gfx::Path;
+ using ScaledFont = mozilla::gfx::ScaledFont;
+ using GlyphBuffer = mozilla::gfx::GlyphBuffer;
+ using Float = mozilla::gfx::Float;
+ using Matrix = mozilla::gfx::Matrix;
+ using SurfaceFormat = mozilla::gfx::SurfaceFormat;
+ using NativeSurface = mozilla::gfx::NativeSurface;
+ using PathBuilder = mozilla::gfx::PathBuilder;
+ using GradientStop = mozilla::gfx::GradientStop;
+ using GradientStops = mozilla::gfx::GradientStops;
+ using FillRule = mozilla::gfx::FillRule;
+ using ExtendMode = mozilla::gfx::ExtendMode;
+ using FilterType = mozilla::gfx::FilterType;
+
+ class MockGradientStops : public GradientStops {
+ public:
+ MockGradientStops() {}
+ virtual ~MockGradientStops() = default;
+ BackendType GetBackendType() const final { return BackendType::NONE; }
+ };
+
+ MockDrawTarget() {}
+ virtual ~MockDrawTarget() = default;
+
+ DrawTargetType GetType() const final {
+ return DrawTargetType::SOFTWARE_RASTER;
+ }
+ BackendType GetBackendType() const final { return BackendType::NONE; }
+ already_AddRefed<SourceSurface> Snapshot() final { return nullptr; }
+ already_AddRefed<SourceSurface> GetBackingSurface() final { return nullptr; }
+ IntSize GetSize() const final { return IntSize(100, 100); }
+ void Flush() final {}
+ void DrawSurface(
+ SourceSurface* aSurface, const Rect& aDest, const Rect& aSource,
+ const DrawSurfaceOptions& aSurfOptions = DrawSurfaceOptions(),
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void DrawFilter(FilterNode* aNode, const Rect& aSourceRect,
+ const Point& aDestPoint,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void DrawSurfaceWithShadow(SourceSurface* aSurface, const Point& aDest,
+ const ShadowOptions& aShadow,
+ CompositionOp aOperator) final {}
+ void ClearRect(const Rect& aRect) final {}
+ void CopySurface(SourceSurface* aSurface, const IntRect& aSourceRect,
+ const IntPoint& aDestination) final {}
+ void FillRect(const Rect& aRect, const Pattern& aPattern,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void StrokeRect(const Rect& aRect, const Pattern& aPattern,
+ const StrokeOptions& aStrokeOptions = StrokeOptions(),
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void StrokeLine(const Point& aStart, const Point& aEnd,
+ const Pattern& aPattern,
+ const StrokeOptions& aStrokeOptions = StrokeOptions(),
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void Stroke(const Path* aPath, const Pattern& aPattern,
+ const StrokeOptions& aStrokeOptions = StrokeOptions(),
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void Fill(const Path* aPath, const Pattern& aPattern,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void FillGlyphs(ScaledFont* aFont, const GlyphBuffer& aBuffer,
+ const Pattern& aPattern,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void Mask(const Pattern& aSource, const Pattern& aMask,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void MaskSurface(const Pattern& aSource, SourceSurface* aMask, Point aOffset,
+ const DrawOptions& aOptions = DrawOptions()) final {}
+ void PushClip(const Path* aPath) final {}
+ void PushClipRect(const Rect& aRect) final {}
+ void PopClip() final {}
+ void PushLayer(bool aOpaque, Float aOpacity, SourceSurface* aMask,
+ const Matrix& aMaskTransform,
+ const IntRect& aBounds = IntRect(),
+ bool aCopyBackground = false) final {}
+ void PushLayerWithBlend(bool aOpaque, Float aOpacity, SourceSurface* aMask,
+ const Matrix& aMaskTransform,
+ const IntRect& aBounds = IntRect(),
+ bool aCopyBackground = false,
+ CompositionOp = CompositionOp::OP_OVER) final {}
+ void PopLayer() final {}
+ already_AddRefed<SourceSurface> CreateSourceSurfaceFromData(
+ unsigned char* aData, const IntSize& aSize, int32_t aStride,
+ SurfaceFormat aFormat) const final {
+ return nullptr;
+ }
+ already_AddRefed<SourceSurface> OptimizeSourceSurface(
+ SourceSurface* aSurface) const final {
+ return nullptr;
+ }
+ already_AddRefed<SourceSurface> CreateSourceSurfaceFromNativeSurface(
+ const NativeSurface& aSurface) const final {
+ return nullptr;
+ }
+ already_AddRefed<DrawTarget> CreateSimilarDrawTarget(
+ const IntSize& aSize, SurfaceFormat aFormat) const final {
+ return nullptr;
+ }
+ bool CanCreateSimilarDrawTarget(const IntSize& aSize,
+ SurfaceFormat aFormat) const final {
+ return false;
+ }
+ RefPtr<DrawTarget> CreateClippedDrawTarget(const Rect& aBounds,
+ SurfaceFormat aFormat) final {
+ return nullptr;
+ }
+ already_AddRefed<PathBuilder> CreatePathBuilder(
+ FillRule aFillRule = FillRule::FILL_WINDING) const final {
+ return nullptr;
+ }
+ already_AddRefed<GradientStops> CreateGradientStops(
+ GradientStop* aStops, uint32_t aNumStops,
+ ExtendMode aExtendMode = ExtendMode::CLAMP) const final {
+ RefPtr rv = new MockGradientStops();
+ return rv.forget();
+ }
+ already_AddRefed<FilterNode> CreateFilter(FilterType aType) final {
+ return nullptr;
+ }
+ void DetachAllSnapshots() final {}
+};
+
+#endif
diff --git a/gfx/tests/fuzz/MockScaledFont.h b/gfx/tests/fuzz/MockScaledFont.h
new file mode 100644
index 0000000000..7720179537
--- /dev/null
+++ b/gfx/tests/fuzz/MockScaledFont.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FUZZ_MOCKSCALEDFONT_H
+#define FUZZ_MOCKSCALEDFONT_H
+
+#include "mozilla/gfx/2D.h"
+
+class MockUnscaledFont : public mozilla::gfx::UnscaledFont {
+ public:
+ using FontType = mozilla::gfx::FontType;
+
+ FontType GetType() const final { return FontType::UNKNOWN; }
+};
+
+class MockScaledFont : public mozilla::gfx::ScaledFont {
+ public:
+ using FontType = mozilla::gfx::FontType;
+ using Float = mozilla::gfx::Float;
+ using Path = mozilla::gfx::Path;
+ using GlyphBuffer = mozilla::gfx::GlyphBuffer;
+ using DrawTarget = mozilla::gfx::DrawTarget;
+ using PathBuilder = mozilla::gfx::PathBuilder;
+ using Matrix = mozilla::gfx::Matrix;
+
+ MockScaledFont(const RefPtr<MockUnscaledFont>& aUnscaledFont,
+ hb_font_t* aHBFont)
+ : ScaledFont(aUnscaledFont), mHBFont(hb_font_reference(aHBFont)) {}
+ virtual ~MockScaledFont() { hb_font_destroy(mHBFont); }
+
+ FontType GetType() const final { return FontType::UNKNOWN; }
+ Float GetSize() const final {
+ int x, y;
+ hb_font_get_scale(mHBFont, &x, &y);
+ return Float(y / 65536.0);
+ }
+ already_AddRefed<Path> GetPathForGlyphs(const GlyphBuffer& aBuffer,
+ const DrawTarget* aTarget) final {
+ RefPtr builder = mozilla::gfx::Factory::CreateSimplePathBuilder();
+ CopyGlyphsToBuilder(aBuffer, builder);
+ RefPtr path = builder->Finish();
+ return path.forget();
+ }
+ void CopyGlyphsToBuilder(const GlyphBuffer& aBuffer, PathBuilder* aBuilder,
+ const Matrix* aTransformHint = nullptr) final {
+ // We could use hb_font_get_glyph_shape to extract the glyph path here,
+ // but the COLRv1 parsing code doesn't actually use it (it just passes it
+ // through to Moz2D), so for now we'll just return an empty path.
+ }
+
+ private:
+ hb_font_t* mHBFont;
+};
+
+#endif
diff --git a/gfx/tests/fuzz/TestCOLRv1.cpp b/gfx/tests/fuzz/TestCOLRv1.cpp
new file mode 100644
index 0000000000..9d8dc6186a
--- /dev/null
+++ b/gfx/tests/fuzz/TestCOLRv1.cpp
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "COLRFonts.h"
+#include "gfxFontUtils.h"
+#include "harfbuzz/hb.h"
+#include "MockDrawTarget.h"
+#include "MockScaledFont.h"
+#include "FuzzingInterface.h"
+#include "mozilla/Preferences.h"
+
+using namespace mozilla;
+using namespace mozilla::gfx;
+
+static int FuzzingRunCOLRv1(const uint8_t* data, size_t size) {
+ gfxFontUtils::AutoHBBlob hb_data_blob(hb_blob_create(
+ (const char*)data, size, HB_MEMORY_MODE_READONLY, nullptr, nullptr));
+
+ hb_face_t* hb_data_face = hb_face_create(hb_data_blob, 0);
+ if (!hb_data_face) {
+ return 0;
+ }
+
+ gfxFontUtils::AutoHBBlob colr(
+ hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'O', 'L', 'R')));
+ gfxFontUtils::AutoHBBlob cpal(
+ hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'P', 'A', 'L')));
+ if (!colr || !cpal || !COLRFonts::ValidateColorGlyphs(colr, cpal)) {
+ hb_face_destroy(hb_data_face);
+ return 0;
+ }
+
+ const float kPixelSize = 16.0f;
+ unsigned glyph_count = hb_face_get_glyph_count(hb_data_face);
+ hb_font_t* hb_data_font = hb_font_create(hb_data_face);
+ uint32_t scale = NS_round(kPixelSize * 65536.0); // size as 16.16 fixed-point
+ hb_font_set_scale(hb_data_font, scale, scale);
+
+ RefPtr dt = new MockDrawTarget();
+ RefPtr uf = new MockUnscaledFont();
+ RefPtr sf = new MockScaledFont(uf, hb_data_font);
+ Float f2p = kPixelSize / hb_face_get_upem(hb_data_face);
+
+ UniquePtr<nsTArray<sRGBColor>> colorPalette =
+ COLRFonts::SetupColorPalette(hb_data_face, nullptr, nullptr, "dummy"_ns);
+
+ for (unsigned i = 0; i <= glyph_count; ++i) {
+ if (COLRFonts::GetColrTableVersion(colr) == 1) {
+ Rect bounds =
+ COLRFonts::GetColorGlyphBounds(colr, hb_data_font, i, dt, sf, f2p);
+ const auto* paintGraph = COLRFonts::GetGlyphPaintGraph(colr, i);
+ if (paintGraph) {
+ dt->PushClipRect(bounds);
+ COLRFonts::PaintGlyphGraph(colr, hb_data_font, paintGraph, dt, nullptr,
+ sf, DrawOptions(), Point(), sRGBColor(),
+ colorPalette.get(), i, f2p);
+ dt->PopClip();
+ }
+ }
+ const auto* layers = COLRFonts::GetGlyphLayers(colr, i);
+ if (layers) {
+ COLRFonts::PaintGlyphLayers(colr, hb_data_face, layers, dt, nullptr, sf,
+ DrawOptions(), Point(), sRGBColor(),
+ colorPalette.get());
+ }
+ }
+
+ hb_font_destroy(hb_data_font);
+ hb_face_destroy(hb_data_face);
+
+ return 0;
+}
+
+int FuzzingInitCOLRv1(int* argc, char*** argv) {
+ Preferences::SetBool("gfx.font_rendering.colr_v1.enabled", true);
+ return 0;
+}
+
+MOZ_FUZZING_INTERFACE_RAW(FuzzingInitCOLRv1, FuzzingRunCOLRv1, GfxCOLRv1);
diff --git a/gfx/tests/fuzz/moz.build b/gfx/tests/fuzz/moz.build
new file mode 100644
index 0000000000..d7b581d056
--- /dev/null
+++ b/gfx/tests/fuzz/moz.build
@@ -0,0 +1,13 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+UNIFIED_SOURCES += [
+ "TestCOLRv1.cpp",
+]
+
+include("/tools/fuzzing/libfuzzer-config.mozbuild")
+
+FINAL_LIBRARY = "xul-gtest"