diff options
| author | dsinclair <dsinclair@chromium.org> | 2016-06-06 11:52:30 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-06-06 11:52:30 -0700 |
| commit | 5a5f251ce8646ec421aa9e35d8bbca71a984770a (patch) | |
| tree | 9dcc09b3ec26c50f8a23379653c80955e7eafce3 /testing/libfuzzer/pdf_codec_png_fuzzer.cc | |
| parent | 2b6d64eb67c23c31b29371023351b399495f23f8 (diff) | |
| download | pdfium-5a5f251ce8646ec421aa9e35d8bbca71a984770a.tar.xz | |
Add GIF, BMP, JPEG and TIFF XFA fuzzers
Generalize the PNG fuzzer and add fuzzers for the other image types handled by
the progressive decoder.
BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839
Review-Url: https://codereview.chromium.org/2045613002
Diffstat (limited to 'testing/libfuzzer/pdf_codec_png_fuzzer.cc')
| -rw-r--r-- | testing/libfuzzer/pdf_codec_png_fuzzer.cc | 55 |
1 files changed, 2 insertions, 53 deletions
diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc index 5422a2f758..94e9321fd7 100644 --- a/testing/libfuzzer/pdf_codec_png_fuzzer.cc +++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc @@ -2,59 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include <memory> - -#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h" -#include "core/fxcodec/include/fx_codec.h" -#include "core/fxcrt/include/fx_stream.h" - -namespace { - -class Reader : public IFX_FileRead { - public: - Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {} - ~Reader() {} - - void Release() override {} - - FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { - if (offset + size > m_size) - size = m_size - offset; - memcpy(buffer, m_data + offset, size); - return TRUE; - } - - FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); } - - private: - const uint8_t* const m_data; - size_t m_size; -}; - -} // namespace +#include "testing/libfuzzer/xfa_codec_fuzzer.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr()); - std::unique_ptr<CCodec_ProgressiveDecoder> decoder( - mgr->CreateProgressiveDecoder()); - Reader source(data, size); - - FXCODEC_STATUS status = - decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr); - if (status != FXCODEC_STATUS_FRAME_READY) - return 0; - - std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap); - bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); - - int32_t frames; - if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0) - return 0; - - status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(), - bitmap->GetHeight()); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = decoder->ContinueDecode(); - - return 0; + return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_PNG); } |