summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-06-06 11:52:30 -0700
committerCommit bot <commit-bot@chromium.org>2016-06-06 11:52:30 -0700
commit5a5f251ce8646ec421aa9e35d8bbca71a984770a (patch)
tree9dcc09b3ec26c50f8a23379653c80955e7eafce3
parent2b6d64eb67c23c31b29371023351b399495f23f8 (diff)
downloadpdfium-5a5f251ce8646ec421aa9e35d8bbca71a984770a.tar.xz
Add GIF, BMP, JPEG and TIFF XFA fuzzers
Generalize the PNG fuzzer and add fuzzers for the other image types handled by the progressive decoder. BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839 Review-Url: https://codereview.chromium.org/2045613002
-rw-r--r--testing/libfuzzer/BUILD.gn61
-rw-r--r--testing/libfuzzer/fuzzers.gyp49
-rw-r--r--testing/libfuzzer/pdf_codec_bmp_fuzzer.cc9
-rw-r--r--testing/libfuzzer/pdf_codec_gif_fuzzer.cc9
-rw-r--r--testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc9
-rw-r--r--testing/libfuzzer/pdf_codec_png_fuzzer.cc55
-rw-r--r--testing/libfuzzer/pdf_codec_tiff_fuzzer.cc9
-rw-r--r--testing/libfuzzer/xfa_codec_fuzzer.h65
8 files changed, 213 insertions, 53 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index e1152f9b69..5382313e01 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -51,6 +51,67 @@ if (pdf_enable_xfa) {
testonly = true
sources = [
"pdf_codec_png_fuzzer.cc",
+ "xfa_codec_fuzzer.h",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
+ source_set("pdf_codec_jpeg_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_codec_jpeg_fuzzer.cc",
+ "xfa_codec_fuzzer.h",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
+ source_set("pdf_codec_gif_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_codec_gif_fuzzer.cc",
+ "xfa_codec_fuzzer.h",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
+ source_set("pdf_codec_bmp_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_codec_bmp_fuzzer.cc",
+ "xfa_codec_fuzzer.h",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
+ source_set("pdf_codec_tiff_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_codec_tiff_fuzzer.cc",
+ "xfa_codec_fuzzer.h",
]
deps = [
"//third_party/pdfium:pdfium",
diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp
index 2339b5812e..3f1d8123b6 100644
--- a/testing/libfuzzer/fuzzers.gyp
+++ b/testing/libfuzzer/fuzzers.gyp
@@ -68,6 +68,55 @@
'sources': [
'pdf_codec_png_fuzzer.cc',
'unittest_main.cc',
+ 'xfa_codec_fuzzer.h',
+ ],
+ },
+ {
+ 'target_name': 'pdf_codec_jpeg_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_codec_jpeg_fuzzer.cc',
+ 'unittest_main.cc',
+ 'xfa_codec_fuzzer.h',
+ ],
+ },
+ {
+ 'target_name': 'pdf_codec_gif_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_codec_gif_fuzzer.cc',
+ 'unittest_main.cc',
+ 'xfa_codec_fuzzer.h',
+ ],
+ },
+ {
+ 'target_name': 'pdf_codec_bmp_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_codec_bmp_fuzzer.cc',
+ 'unittest_main.cc',
+ 'xfa_codec_fuzzer.h',
+ ],
+ },
+ {
+ 'target_name': 'pdf_codec_tiff_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_codec_tiff_fuzzer.cc',
+ 'unittest_main.cc',
+ 'xfa_codec_fuzzer.h',
],
},
],
diff --git a/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc b/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc
new file mode 100644
index 0000000000..6c80fb58b9
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc
@@ -0,0 +1,9 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_BMP);
+}
diff --git a/testing/libfuzzer/pdf_codec_gif_fuzzer.cc b/testing/libfuzzer/pdf_codec_gif_fuzzer.cc
new file mode 100644
index 0000000000..613ed1e37d
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_gif_fuzzer.cc
@@ -0,0 +1,9 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_GIF);
+}
diff --git a/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc b/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc
new file mode 100644
index 0000000000..862bfad535
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc
@@ -0,0 +1,9 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_JPG);
+}
diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
index 5422a2f758..94e9321fd7 100644
--- a/testing/libfuzzer/pdf_codec_png_fuzzer.cc
+++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
@@ -2,59 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include <memory>
-
-#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
-#include "core/fxcodec/include/fx_codec.h"
-#include "core/fxcrt/include/fx_stream.h"
-
-namespace {
-
-class Reader : public IFX_FileRead {
- public:
- Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
- ~Reader() {}
-
- void Release() override {}
-
- FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
- if (offset + size > m_size)
- size = m_size - offset;
- memcpy(buffer, m_data + offset, size);
- return TRUE;
- }
-
- FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
-
- private:
- const uint8_t* const m_data;
- size_t m_size;
-};
-
-} // namespace
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
- std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
- mgr->CreateProgressiveDecoder());
- Reader source(data, size);
-
- FXCODEC_STATUS status =
- decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr);
- if (status != FXCODEC_STATUS_FRAME_READY)
- return 0;
-
- std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
- bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
-
- int32_t frames;
- if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0)
- return 0;
-
- status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
- bitmap->GetHeight());
- while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
- status = decoder->ContinueDecode();
-
- return 0;
+ return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_PNG);
}
diff --git a/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc b/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc
new file mode 100644
index 0000000000..483ac28306
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc
@@ -0,0 +1,9 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_TIF);
+}
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
new file mode 100644
index 0000000000..f3a3517a12
--- /dev/null
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -0,0 +1,65 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
+#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
+
+#include <memory>
+
+#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
+#include "core/fxcodec/include/fx_codec.h"
+#include "core/fxcrt/include/fx_stream.h"
+
+class XFACodecFuzzer {
+ public:
+ static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
+ std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
+ std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
+ mgr->CreateProgressiveDecoder());
+ Reader source(data, size);
+
+ FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr);
+ if (status != FXCODEC_STATUS_FRAME_READY)
+ return 0;
+
+ std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
+ bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
+
+ int32_t frames;
+ if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY ||
+ frames == 0)
+ return 0;
+
+ status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
+ bitmap->GetHeight());
+ while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
+ status = decoder->ContinueDecode();
+
+ return 0;
+ }
+
+ private:
+ class Reader : public IFX_FileRead {
+ public:
+ Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
+ ~Reader() {}
+
+ void Release() override {}
+
+ FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+ if (offset + size > m_size)
+ size = m_size - offset;
+ memcpy(buffer, m_data + offset, size);
+ return TRUE;
+ }
+
+ FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
+
+ private:
+ const uint8_t* const m_data;
+ size_t m_size;
+ };
+};
+
+#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_