Implement fuzzer for FormCalc parsing

This adds a fuzzer that tests the FormCalc parsing code independent of
parsing an entire XFA file or performing translation to JS.

BUG=pdfium:920

Change-Id: I3d2c336d9cb6f4ebf114ded5f57a44a8342c4228
Reviewed-on: https://pdfium-review.googlesource.com/16391
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>

2 files changed, 23 insertions, 0 deletions

diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index d23fb88376..20c64d9835 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -46,6 +46,7 @@ group("libfuzzer") {
       ":pdf_codec_tiff_fuzzer",
       ":pdf_css_fuzzer",
       ":pdf_fm2js_fuzzer",
+      ":pdf_formcalc_fuzzer",
       ":pdf_lzw_fuzzer",
       ":pdf_xml_fuzzer",
     ]
@@ -130,6 +131,12 @@ if (pdf_enable_xfa) {
     ]
   }
 
+  pdfium_fuzzer("pdf_formcalc_fuzzer") {
+    sources = [
+      "pdf_formcalc_fuzzer.cc",
+    ]
+  }
+
   pdfium_fuzzer("pdf_lzw_fuzzer") {
     sources = [
       "pdf_lzw_fuzzer.cc",
diff --git a/testing/libfuzzer/pdf_formcalc_fuzzer.cc b/testing/libfuzzer/pdf_formcalc_fuzzer.cc
new file mode 100644
index 0000000000..08e22bb247
--- /dev/null
+++ b/testing/libfuzzer/pdf_formcalc_fuzzer.cc
@@ -0,0 +1,16 @@
+// Copyright 2017 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/fxcrt/cfx_widetextbuf.h"
+#include "core/fxcrt/fx_string.h"
+#include "xfa/fxfa/fm2js/cxfa_fmparser.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  WideString input = WideString::FromUTF8(ByteStringView(data, size));
+
+  CXFA_FMParser parser(input.AsStringView());
+  parser.Parse();
+
+  return 0;
+}