Optionally skip image type detection in progressive decoder.

The progressive decoder will attempt to verify that the provided image type matches the actual image content. We need to disable this check when running the fuzzer in order to target the fuzzing to specific decoders otherwise each fuzzer will end up fuzzing all of the decoders. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2061733002
author: dsinclair <dsinclair@chromium.org> 2016-06-13 13:46:49 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-06-13 13:46:49 -0700
commit: 82e24b1c5047076b982c073671315071760b9880 (patch)
tree: e295661ad5381c3a8135d5421f9d0e4d265d9efd
parent: 754646948a572745380bcbdc23433337ca3dc562 (diff)
download: pdfium-82e24b1c5047076b982c073671315071760b9880.tar.xz
5 files changed, 11 insertions, 7 deletions
diff --git a/core/fxcodec/codec/fx_codec_progress.cpp b/core/fxcodec/codec/fx_codec_progress.cpp
index bdb158f7ca..d63bdb895a 100644
--- a/core/fxcodec/codec/fx_codec_progress.cpp
+++ b/core/fxcodec/codec/fx_codec_progress.cpp
@@ -1286,7 +1286,8 @@ FX_BOOL CCodec_ProgressiveDecoder::DetectImageType(
 FXCODEC_STATUS CCodec_ProgressiveDecoder::LoadImageInfo(
     IFX_FileRead* pFile,
     FXCODEC_IMAGE_TYPE imageType,
-    CFX_DIBAttribute* pAttribute) {
+    CFX_DIBAttribute* pAttribute,
+    bool bSkipImageTypeCheck) {
   switch (m_status) {
     case FXCODEC_STATUS_FRAME_READY:
     case FXCODEC_STATUS_FRAME_TOBECONTINUE:
@@ -1309,8 +1310,8 @@ FXCODEC_STATUS CCodec_ProgressiveDecoder::LoadImageInfo(
   m_startX = m_startY = 0;
   m_sizeX = m_sizeY = 0;
   m_SrcPassNumber = 0;
-  if (imageType != FXCODEC_IMAGE_UNKNOWN &&
-      DetectImageType(imageType, pAttribute)) {
+  if (bSkipImageTypeCheck || (imageType != FXCODEC_IMAGE_UNKNOWN &&
+                              DetectImageType(imageType, pAttribute))) {
     m_imagType = imageType;
     m_status = FXCODEC_STATUS_FRAME_READY;
     return m_status;
diff --git a/core/fxcodec/codec/include/ccodec_progressivedecoder.h b/core/fxcodec/codec/include/ccodec_progressivedecoder.h
index 5774371ff1..5df2c4f733 100644
--- a/core/fxcodec/codec/include/ccodec_progressivedecoder.h
+++ b/core/fxcodec/codec/include/ccodec_progressivedecoder.h
@@ -47,7 +47,8 @@ class CCodec_ProgressiveDecoder {
 
   FXCODEC_STATUS LoadImageInfo(IFX_FileRead* pFile,
                                FXCODEC_IMAGE_TYPE imageType,
-                               CFX_DIBAttribute* pAttribute);
+                               CFX_DIBAttribute* pAttribute,
+                               bool bSkipImageTypeCheck);
 
   FXCODEC_IMAGE_TYPE GetType() const { return m_imagType; }
   int32_t GetWidth() const { return m_SrcWidth; }
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
index f3a3517a12..38c4e0ac33 100644
--- a/testing/libfuzzer/xfa_codec_fuzzer.h
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -19,7 +19,8 @@ class XFACodecFuzzer {
         mgr->CreateProgressiveDecoder());
     Reader source(data, size);
 
-    FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr);
+    FXCODEC_STATUS status =
+        decoder->LoadImageInfo(&source, type, nullptr, true);
     if (status != FXCODEC_STATUS_FRAME_READY)
       return 0;
 
diff --git a/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp b/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp
index 814f300b2d..f822349972 100644
--- a/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp
+++ b/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp
@@ -38,7 +38,8 @@ static CFX_DIBitmap* CreateDIBSource(IFX_FileRead* fileread) {
   std::unique_ptr<CCodec_ProgressiveDecoder> pImageCodec(
       pCodecMgr->CreateProgressiveDecoder());
   FXCODEC_STATUS status = FXCODEC_STATUS_DECODE_FINISH;
-  status = pImageCodec->LoadImageInfo(fileread, FXCODEC_IMAGE_UNKNOWN, nullptr);
+  status = pImageCodec->LoadImageInfo(fileread, FXCODEC_IMAGE_UNKNOWN, nullptr,
+                                      false);
   if (status != FXCODEC_STATUS_FRAME_READY)
     return nullptr;
 
diff --git a/xfa/fxfa/app/xfa_ffwidget.cpp b/xfa/fxfa/app/xfa_ffwidget.cpp
index 8925cd35cf..fb9ab5f580 100644
--- a/xfa/fxfa/app/xfa_ffwidget.cpp
+++ b/xfa/fxfa/app/xfa_ffwidget.cpp
@@ -1069,7 +1069,7 @@ CFX_DIBitmap* XFA_LoadImageFromBuffer(IFX_FileRead* pImageFileRead,
   CFX_DIBitmap* pBitmap = NULL;
   CCodec_ProgressiveDecoder* pProgressiveDecoder =
       pCodecMgr->CreateProgressiveDecoder();
-  pProgressiveDecoder->LoadImageInfo(pImageFileRead, type, &dibAttr);
+  pProgressiveDecoder->LoadImageInfo(pImageFileRead, type, &dibAttr, false);
   switch (dibAttr.m_wDPIUnit) {
     case FXCODEC_RESUNIT_CENTIMETER:
       dibAttr.m_nXDPI = (int32_t)(dibAttr.m_nXDPI * 2.54f);
author	dsinclair <dsinclair@chromium.org>	2016-06-13 13:46:49 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-06-13 13:46:49 -0700
commit	82e24b1c5047076b982c073671315071760b9880 (patch)
tree	e295661ad5381c3a8135d5421f9d0e4d265d9efd
parent	754646948a572745380bcbdc23433337ca3dc562 (diff)
download	pdfium-82e24b1c5047076b982c073671315071760b9880.tar.xz