diff options
| author | dsinclair <dsinclair@chromium.org> | 2016-06-16 07:40:47 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-06-16 07:40:47 -0700 |
| commit | 5377267504015d056bc0860ffadc23289b21039d (patch) | |
| tree | aecbd448c6853bb5a56406e61fe909bd492405c2 | |
| parent | 23c9c47096376be564bd6d5f3ab939e327928f6b (diff) | |
| download | pdfium-5377267504015d056bc0860ffadc23289b21039d.tar.xz | |
Add CFX_SAXReader fuzzer
This CL adds a fuzzer for the CFX_SAXReader.
BUG=chromium:587126
Review-Url: https://codereview.chromium.org/2070103002
| -rw-r--r-- | testing/libfuzzer/BUILD.gn | 14 | ||||
| -rw-r--r-- | testing/libfuzzer/fuzzers.gyp | 11 | ||||
| -rw-r--r-- | testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc | 37 |
3 files changed, 62 insertions, 0 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 3659c36225..1b7a7fb456 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -49,6 +49,20 @@ if (pdf_enable_xfa) { ":libfuzzer_config", ] } + source_set("pdf_cfx_saxreader_fuzzer") { + testonly = true + sources = [ + "pdf_cfx_saxreader_fuzzer.cc", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } source_set("pdf_codec_png_fuzzer") { testonly = true sources = [ diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index 5f2a4d1bd9..30c8430ff9 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -62,6 +62,17 @@ ], }, { + 'target_name': 'pdf_cfx_saxreader_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_cfx_saxreader_fuzzer.cc', + 'unittest_main.cc', + ], + }, + { 'target_name': 'pdf_codec_png_fuzzer', 'type': 'executable', 'dependencies': [ diff --git a/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc new file mode 100644 index 0000000000..54cc410a36 --- /dev/null +++ b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc @@ -0,0 +1,37 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> + +#include "xfa/fde/xml/cfx_saxreader.h" +#include "xfa/fgas/crt/fgas_stream.h" +#include "xfa/fxfa/parser/xfa_utils.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + CFX_WideString input = CFX_WideString::FromUTF8( + CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size))); + std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream( + XFA_CreateWideTextRead(input)); + if (!stream) + return 0; + + std::unique_ptr<IFX_FileRead, ReleaseDeleter<IFX_FileRead>> fileRead( + FX_CreateFileRead(stream.get(), false)); + if (!fileRead) + return 0; + + CFX_SAXReader reader; + if (reader.StartParse(fileRead.get(), 0, -1, CFX_SaxParseMode_NotSkipSpace) < + 0) { + return 0; + } + + while (1) { + int32_t ret = reader.ContinueParse(nullptr); + if (ret < 0 || ret > 99) + break; + } + + return 0; +} |