diff options
author | dsinclair <dsinclair@chromium.org> | 2016-06-06 11:52:30 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-06-06 11:52:30 -0700 |
commit | 5a5f251ce8646ec421aa9e35d8bbca71a984770a (patch) | |
tree | 9dcc09b3ec26c50f8a23379653c80955e7eafce3 | |
parent | 2b6d64eb67c23c31b29371023351b399495f23f8 (diff) | |
download | pdfium-5a5f251ce8646ec421aa9e35d8bbca71a984770a.tar.xz |
Add GIF, BMP, JPEG and TIFF XFA fuzzers
Generalize the PNG fuzzer and add fuzzers for the other image types handled by
the progressive decoder.
BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839
Review-Url: https://codereview.chromium.org/2045613002
-rw-r--r-- | testing/libfuzzer/BUILD.gn | 61 | ||||
-rw-r--r-- | testing/libfuzzer/fuzzers.gyp | 49 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_bmp_fuzzer.cc | 9 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_gif_fuzzer.cc | 9 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc | 9 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_png_fuzzer.cc | 55 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_tiff_fuzzer.cc | 9 | ||||
-rw-r--r-- | testing/libfuzzer/xfa_codec_fuzzer.h | 65 |
8 files changed, 213 insertions, 53 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index e1152f9b69..5382313e01 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -51,6 +51,67 @@ if (pdf_enable_xfa) { testonly = true sources = [ "pdf_codec_png_fuzzer.cc", + "xfa_codec_fuzzer.h", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } + source_set("pdf_codec_jpeg_fuzzer") { + testonly = true + sources = [ + "pdf_codec_jpeg_fuzzer.cc", + "xfa_codec_fuzzer.h", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } + source_set("pdf_codec_gif_fuzzer") { + testonly = true + sources = [ + "pdf_codec_gif_fuzzer.cc", + "xfa_codec_fuzzer.h", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } + source_set("pdf_codec_bmp_fuzzer") { + testonly = true + sources = [ + "pdf_codec_bmp_fuzzer.cc", + "xfa_codec_fuzzer.h", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } + source_set("pdf_codec_tiff_fuzzer") { + testonly = true + sources = [ + "pdf_codec_tiff_fuzzer.cc", + "xfa_codec_fuzzer.h", ] deps = [ "//third_party/pdfium:pdfium", diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index 2339b5812e..3f1d8123b6 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -68,6 +68,55 @@ 'sources': [ 'pdf_codec_png_fuzzer.cc', 'unittest_main.cc', + 'xfa_codec_fuzzer.h', + ], + }, + { + 'target_name': 'pdf_codec_jpeg_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_codec_jpeg_fuzzer.cc', + 'unittest_main.cc', + 'xfa_codec_fuzzer.h', + ], + }, + { + 'target_name': 'pdf_codec_gif_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_codec_gif_fuzzer.cc', + 'unittest_main.cc', + 'xfa_codec_fuzzer.h', + ], + }, + { + 'target_name': 'pdf_codec_bmp_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_codec_bmp_fuzzer.cc', + 'unittest_main.cc', + 'xfa_codec_fuzzer.h', + ], + }, + { + 'target_name': 'pdf_codec_tiff_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_codec_tiff_fuzzer.cc', + 'unittest_main.cc', + 'xfa_codec_fuzzer.h', ], }, ], diff --git a/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc b/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc new file mode 100644 index 0000000000..6c80fb58b9 --- /dev/null +++ b/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc @@ -0,0 +1,9 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "testing/libfuzzer/xfa_codec_fuzzer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_BMP); +} diff --git a/testing/libfuzzer/pdf_codec_gif_fuzzer.cc b/testing/libfuzzer/pdf_codec_gif_fuzzer.cc new file mode 100644 index 0000000000..613ed1e37d --- /dev/null +++ b/testing/libfuzzer/pdf_codec_gif_fuzzer.cc @@ -0,0 +1,9 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "testing/libfuzzer/xfa_codec_fuzzer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_GIF); +} diff --git a/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc b/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc new file mode 100644 index 0000000000..862bfad535 --- /dev/null +++ b/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc @@ -0,0 +1,9 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "testing/libfuzzer/xfa_codec_fuzzer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_JPG); +} diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc index 5422a2f758..94e9321fd7 100644 --- a/testing/libfuzzer/pdf_codec_png_fuzzer.cc +++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc @@ -2,59 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include <memory> - -#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h" -#include "core/fxcodec/include/fx_codec.h" -#include "core/fxcrt/include/fx_stream.h" - -namespace { - -class Reader : public IFX_FileRead { - public: - Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {} - ~Reader() {} - - void Release() override {} - - FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { - if (offset + size > m_size) - size = m_size - offset; - memcpy(buffer, m_data + offset, size); - return TRUE; - } - - FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); } - - private: - const uint8_t* const m_data; - size_t m_size; -}; - -} // namespace +#include "testing/libfuzzer/xfa_codec_fuzzer.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr()); - std::unique_ptr<CCodec_ProgressiveDecoder> decoder( - mgr->CreateProgressiveDecoder()); - Reader source(data, size); - - FXCODEC_STATUS status = - decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr); - if (status != FXCODEC_STATUS_FRAME_READY) - return 0; - - std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap); - bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); - - int32_t frames; - if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0) - return 0; - - status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(), - bitmap->GetHeight()); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = decoder->ContinueDecode(); - - return 0; + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_PNG); } diff --git a/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc b/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc new file mode 100644 index 0000000000..483ac28306 --- /dev/null +++ b/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc @@ -0,0 +1,9 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "testing/libfuzzer/xfa_codec_fuzzer.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_TIF); +} diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h new file mode 100644 index 0000000000..f3a3517a12 --- /dev/null +++ b/testing/libfuzzer/xfa_codec_fuzzer.h @@ -0,0 +1,65 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ +#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ + +#include <memory> + +#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h" +#include "core/fxcodec/include/fx_codec.h" +#include "core/fxcrt/include/fx_stream.h" + +class XFACodecFuzzer { + public: + static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { + std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr()); + std::unique_ptr<CCodec_ProgressiveDecoder> decoder( + mgr->CreateProgressiveDecoder()); + Reader source(data, size); + + FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr); + if (status != FXCODEC_STATUS_FRAME_READY) + return 0; + + std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap); + bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); + + int32_t frames; + if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || + frames == 0) + return 0; + + status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(), + bitmap->GetHeight()); + while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) + status = decoder->ContinueDecode(); + + return 0; + } + + private: + class Reader : public IFX_FileRead { + public: + Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {} + ~Reader() {} + + void Release() override {} + + FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { + if (offset + size > m_size) + size = m_size - offset; + memcpy(buffer, m_data + offset, size); + return TRUE; + } + + FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); } + + private: + const uint8_t* const m_data; + size_t m_size; + }; +}; + +#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ |