diff options
author | Dan Sinclair <dsinclair@chromium.org> | 2017-01-25 11:37:16 -0500 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-01-26 14:14:14 +0000 |
commit | cff5618d4e847b9f13e1f051d56e09ee00cfb089 (patch) | |
tree | e4538dd8fb0dacb37f382873884263222dc96744 /testing/libfuzzer/pdf_css_fuzzer.cc | |
parent | 5c1673db6deae2e1858c4ffc3b3a0b79901dd827 (diff) | |
download | pdfium-cff5618d4e847b9f13e1f051d56e09ee00cfb089.tar.xz |
Fix CSS fuzzer input size
Currently we use the size provided by clusterfuzz when initializing the
css syntax parser. This maybe incorrect as the CFX_WideString may have a
different count after converting to UTF. Use the wide string length instead
of the provided size.
We need to guard against strings that convert to blank when doing the wide
conversion so add an early exit.
BUG=682551
Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323
Reviewed-on: https://pdfium-review.googlesource.com/2391
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'testing/libfuzzer/pdf_css_fuzzer.cc')
-rw-r--r-- | testing/libfuzzer/pdf_css_fuzzer.cc | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_css_fuzzer.cc index 9135b25f3d..f02f006ea0 100644 --- a/testing/libfuzzer/pdf_css_fuzzer.cc +++ b/testing/libfuzzer/pdf_css_fuzzer.cc @@ -15,8 +15,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { CFX_WideString input = CFX_WideString::FromUTF8( CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size))); + // If we convert the input into an empty string bail out. + if (input.GetLength() == 0) + return 0; + CFDE_CSSSyntaxParser parser; - parser.Init(input.c_str(), size); + parser.Init(input.c_str(), input.GetLength()); FDE_CSSSyntaxStatus status; do { |