diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /gfx/tests/fuzz | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | gfx/tests/fuzz/MockDrawTarget.h | 149 | ||||
-rw-r--r-- | gfx/tests/fuzz/MockScaledFont.h | 58 | ||||
-rw-r--r-- | gfx/tests/fuzz/TestCOLRv1.cpp | 81 | ||||
-rw-r--r-- | gfx/tests/fuzz/moz.build | 13 |
4 files changed, 301 insertions, 0 deletions
diff --git a/gfx/tests/fuzz/MockDrawTarget.h b/gfx/tests/fuzz/MockDrawTarget.h new file mode 100644 index 0000000000..4657f6379b --- /dev/null +++ b/gfx/tests/fuzz/MockDrawTarget.h @@ -0,0 +1,149 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FUZZ_MOCKDRAWTARGET_H +#define FUZZ_MOCKDRAWTARGET_H + +#include "mozilla/gfx/2D.h" + +class MockDrawTarget : public mozilla::gfx::DrawTarget { + public: + using Rect = mozilla::gfx::Rect; + using Point = mozilla::gfx::Point; + using DrawTargetType = mozilla::gfx::DrawTargetType; + using BackendType = mozilla::gfx::BackendType; + using SourceSurface = mozilla::gfx::SourceSurface; + using IntSize = mozilla::gfx::IntSize; + using DrawSurfaceOptions = mozilla::gfx::DrawSurfaceOptions; + using DrawOptions = mozilla::gfx::DrawOptions; + using FilterNode = mozilla::gfx::FilterNode; + using ShadowOptions = mozilla::gfx::ShadowOptions; + using CompositionOp = mozilla::gfx::CompositionOp; + using IntRect = mozilla::gfx::IntRect; + using IntPoint = mozilla::gfx::IntPoint; + using Pattern = mozilla::gfx::Pattern; + using StrokeOptions = mozilla::gfx::StrokeOptions; + using Path = mozilla::gfx::Path; + using ScaledFont = mozilla::gfx::ScaledFont; + using GlyphBuffer = mozilla::gfx::GlyphBuffer; + using Float = mozilla::gfx::Float; + using Matrix = mozilla::gfx::Matrix; + using SurfaceFormat = mozilla::gfx::SurfaceFormat; + using NativeSurface = mozilla::gfx::NativeSurface; + using PathBuilder = mozilla::gfx::PathBuilder; + using GradientStop = mozilla::gfx::GradientStop; + using GradientStops = mozilla::gfx::GradientStops; + using FillRule = mozilla::gfx::FillRule; + using ExtendMode = mozilla::gfx::ExtendMode; + using FilterType = mozilla::gfx::FilterType; + + class MockGradientStops : public GradientStops { + public: + MockGradientStops() {} + virtual ~MockGradientStops() = default; + BackendType GetBackendType() const final { return BackendType::NONE; } + }; + + MockDrawTarget() {} + virtual ~MockDrawTarget() = default; + + DrawTargetType GetType() const final { + return DrawTargetType::SOFTWARE_RASTER; + } + BackendType GetBackendType() const final { return BackendType::NONE; } + already_AddRefed<SourceSurface> Snapshot() final { return nullptr; } + already_AddRefed<SourceSurface> GetBackingSurface() final { return nullptr; } + IntSize GetSize() const final { return IntSize(100, 100); } + void Flush() final {} + void DrawSurface( + SourceSurface* aSurface, const Rect& aDest, const Rect& aSource, + const DrawSurfaceOptions& aSurfOptions = DrawSurfaceOptions(), + const DrawOptions& aOptions = DrawOptions()) final {} + void DrawFilter(FilterNode* aNode, const Rect& aSourceRect, + const Point& aDestPoint, + const DrawOptions& aOptions = DrawOptions()) final {} + void DrawSurfaceWithShadow(SourceSurface* aSurface, const Point& aDest, + const ShadowOptions& aShadow, + CompositionOp aOperator) final {} + void ClearRect(const Rect& aRect) final {} + void CopySurface(SourceSurface* aSurface, const IntRect& aSourceRect, + const IntPoint& aDestination) final {} + void FillRect(const Rect& aRect, const Pattern& aPattern, + const DrawOptions& aOptions = DrawOptions()) final {} + void StrokeRect(const Rect& aRect, const Pattern& aPattern, + const StrokeOptions& aStrokeOptions = StrokeOptions(), + const DrawOptions& aOptions = DrawOptions()) final {} + void StrokeLine(const Point& aStart, const Point& aEnd, + const Pattern& aPattern, + const StrokeOptions& aStrokeOptions = StrokeOptions(), + const DrawOptions& aOptions = DrawOptions()) final {} + void Stroke(const Path* aPath, const Pattern& aPattern, + const StrokeOptions& aStrokeOptions = StrokeOptions(), + const DrawOptions& aOptions = DrawOptions()) final {} + void Fill(const Path* aPath, const Pattern& aPattern, + const DrawOptions& aOptions = DrawOptions()) final {} + void FillGlyphs(ScaledFont* aFont, const GlyphBuffer& aBuffer, + const Pattern& aPattern, + const DrawOptions& aOptions = DrawOptions()) final {} + void Mask(const Pattern& aSource, const Pattern& aMask, + const DrawOptions& aOptions = DrawOptions()) final {} + void MaskSurface(const Pattern& aSource, SourceSurface* aMask, Point aOffset, + const DrawOptions& aOptions = DrawOptions()) final {} + void PushClip(const Path* aPath) final {} + void PushClipRect(const Rect& aRect) final {} + void PopClip() final {} + void PushLayer(bool aOpaque, Float aOpacity, SourceSurface* aMask, + const Matrix& aMaskTransform, + const IntRect& aBounds = IntRect(), + bool aCopyBackground = false) final {} + void PushLayerWithBlend(bool aOpaque, Float aOpacity, SourceSurface* aMask, + const Matrix& aMaskTransform, + const IntRect& aBounds = IntRect(), + bool aCopyBackground = false, + CompositionOp = CompositionOp::OP_OVER) final {} + void PopLayer() final {} + already_AddRefed<SourceSurface> CreateSourceSurfaceFromData( + unsigned char* aData, const IntSize& aSize, int32_t aStride, + SurfaceFormat aFormat) const final { + return nullptr; + } + already_AddRefed<SourceSurface> OptimizeSourceSurface( + SourceSurface* aSurface) const final { + return nullptr; + } + already_AddRefed<SourceSurface> CreateSourceSurfaceFromNativeSurface( + const NativeSurface& aSurface) const final { + return nullptr; + } + already_AddRefed<DrawTarget> CreateSimilarDrawTarget( + const IntSize& aSize, SurfaceFormat aFormat) const final { + return nullptr; + } + bool CanCreateSimilarDrawTarget(const IntSize& aSize, + SurfaceFormat aFormat) const final { + return false; + } + RefPtr<DrawTarget> CreateClippedDrawTarget(const Rect& aBounds, + SurfaceFormat aFormat) final { + return nullptr; + } + already_AddRefed<PathBuilder> CreatePathBuilder( + FillRule aFillRule = FillRule::FILL_WINDING) const final { + return nullptr; + } + already_AddRefed<GradientStops> CreateGradientStops( + GradientStop* aStops, uint32_t aNumStops, + ExtendMode aExtendMode = ExtendMode::CLAMP) const final { + RefPtr rv = new MockGradientStops(); + return rv.forget(); + } + already_AddRefed<FilterNode> CreateFilter(FilterType aType) final { + return nullptr; + } + void DetachAllSnapshots() final {} +}; + +#endif diff --git a/gfx/tests/fuzz/MockScaledFont.h b/gfx/tests/fuzz/MockScaledFont.h new file mode 100644 index 0000000000..7720179537 --- /dev/null +++ b/gfx/tests/fuzz/MockScaledFont.h @@ -0,0 +1,58 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef FUZZ_MOCKSCALEDFONT_H +#define FUZZ_MOCKSCALEDFONT_H + +#include "mozilla/gfx/2D.h" + +class MockUnscaledFont : public mozilla::gfx::UnscaledFont { + public: + using FontType = mozilla::gfx::FontType; + + FontType GetType() const final { return FontType::UNKNOWN; } +}; + +class MockScaledFont : public mozilla::gfx::ScaledFont { + public: + using FontType = mozilla::gfx::FontType; + using Float = mozilla::gfx::Float; + using Path = mozilla::gfx::Path; + using GlyphBuffer = mozilla::gfx::GlyphBuffer; + using DrawTarget = mozilla::gfx::DrawTarget; + using PathBuilder = mozilla::gfx::PathBuilder; + using Matrix = mozilla::gfx::Matrix; + + MockScaledFont(const RefPtr<MockUnscaledFont>& aUnscaledFont, + hb_font_t* aHBFont) + : ScaledFont(aUnscaledFont), mHBFont(hb_font_reference(aHBFont)) {} + virtual ~MockScaledFont() { hb_font_destroy(mHBFont); } + + FontType GetType() const final { return FontType::UNKNOWN; } + Float GetSize() const final { + int x, y; + hb_font_get_scale(mHBFont, &x, &y); + return Float(y / 65536.0); + } + already_AddRefed<Path> GetPathForGlyphs(const GlyphBuffer& aBuffer, + const DrawTarget* aTarget) final { + RefPtr builder = mozilla::gfx::Factory::CreateSimplePathBuilder(); + CopyGlyphsToBuilder(aBuffer, builder); + RefPtr path = builder->Finish(); + return path.forget(); + } + void CopyGlyphsToBuilder(const GlyphBuffer& aBuffer, PathBuilder* aBuilder, + const Matrix* aTransformHint = nullptr) final { + // We could use hb_font_get_glyph_shape to extract the glyph path here, + // but the COLRv1 parsing code doesn't actually use it (it just passes it + // through to Moz2D), so for now we'll just return an empty path. + } + + private: + hb_font_t* mHBFont; +}; + +#endif diff --git a/gfx/tests/fuzz/TestCOLRv1.cpp b/gfx/tests/fuzz/TestCOLRv1.cpp new file mode 100644 index 0000000000..9d8dc6186a --- /dev/null +++ b/gfx/tests/fuzz/TestCOLRv1.cpp @@ -0,0 +1,81 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "COLRFonts.h" +#include "gfxFontUtils.h" +#include "harfbuzz/hb.h" +#include "MockDrawTarget.h" +#include "MockScaledFont.h" +#include "FuzzingInterface.h" +#include "mozilla/Preferences.h" + +using namespace mozilla; +using namespace mozilla::gfx; + +static int FuzzingRunCOLRv1(const uint8_t* data, size_t size) { + gfxFontUtils::AutoHBBlob hb_data_blob(hb_blob_create( + (const char*)data, size, HB_MEMORY_MODE_READONLY, nullptr, nullptr)); + + hb_face_t* hb_data_face = hb_face_create(hb_data_blob, 0); + if (!hb_data_face) { + return 0; + } + + gfxFontUtils::AutoHBBlob colr( + hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'O', 'L', 'R'))); + gfxFontUtils::AutoHBBlob cpal( + hb_face_reference_table(hb_data_face, TRUETYPE_TAG('C', 'P', 'A', 'L'))); + if (!colr || !cpal || !COLRFonts::ValidateColorGlyphs(colr, cpal)) { + hb_face_destroy(hb_data_face); + return 0; + } + + const float kPixelSize = 16.0f; + unsigned glyph_count = hb_face_get_glyph_count(hb_data_face); + hb_font_t* hb_data_font = hb_font_create(hb_data_face); + uint32_t scale = NS_round(kPixelSize * 65536.0); // size as 16.16 fixed-point + hb_font_set_scale(hb_data_font, scale, scale); + + RefPtr dt = new MockDrawTarget(); + RefPtr uf = new MockUnscaledFont(); + RefPtr sf = new MockScaledFont(uf, hb_data_font); + Float f2p = kPixelSize / hb_face_get_upem(hb_data_face); + + UniquePtr<nsTArray<sRGBColor>> colorPalette = + COLRFonts::SetupColorPalette(hb_data_face, nullptr, nullptr, "dummy"_ns); + + for (unsigned i = 0; i <= glyph_count; ++i) { + if (COLRFonts::GetColrTableVersion(colr) == 1) { + Rect bounds = + COLRFonts::GetColorGlyphBounds(colr, hb_data_font, i, dt, sf, f2p); + const auto* paintGraph = COLRFonts::GetGlyphPaintGraph(colr, i); + if (paintGraph) { + dt->PushClipRect(bounds); + COLRFonts::PaintGlyphGraph(colr, hb_data_font, paintGraph, dt, nullptr, + sf, DrawOptions(), Point(), sRGBColor(), + colorPalette.get(), i, f2p); + dt->PopClip(); + } + } + const auto* layers = COLRFonts::GetGlyphLayers(colr, i); + if (layers) { + COLRFonts::PaintGlyphLayers(colr, hb_data_face, layers, dt, nullptr, sf, + DrawOptions(), Point(), sRGBColor(), + colorPalette.get()); + } + } + + hb_font_destroy(hb_data_font); + hb_face_destroy(hb_data_face); + + return 0; +} + +int FuzzingInitCOLRv1(int* argc, char*** argv) { + Preferences::SetBool("gfx.font_rendering.colr_v1.enabled", true); + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitCOLRv1, FuzzingRunCOLRv1, GfxCOLRv1); diff --git a/gfx/tests/fuzz/moz.build b/gfx/tests/fuzz/moz.build new file mode 100644 index 0000000000..d7b581d056 --- /dev/null +++ b/gfx/tests/fuzz/moz.build @@ -0,0 +1,13 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + "TestCOLRv1.cpp", +] + +include("/tools/fuzzing/libfuzzer-config.mozbuild") + +FINAL_LIBRARY = "xul-gtest" |