summaryrefslogtreecommitdiff
path: root/testing/libfuzzer/pdf_css_fuzzer.cc
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-01-25 11:37:16 -0500
committerChromium commit bot <commit-bot@chromium.org>2017-01-26 14:14:14 +0000
commitcff5618d4e847b9f13e1f051d56e09ee00cfb089 (patch)
treee4538dd8fb0dacb37f382873884263222dc96744 /testing/libfuzzer/pdf_css_fuzzer.cc
parent5c1673db6deae2e1858c4ffc3b3a0b79901dd827 (diff)
downloadpdfium-cff5618d4e847b9f13e1f051d56e09ee00cfb089.tar.xz
Fix CSS fuzzer input size
Currently we use the size provided by clusterfuzz when initializing the css syntax parser. This maybe incorrect as the CFX_WideString may have a different count after converting to UTF. Use the wide string length instead of the provided size. We need to guard against strings that convert to blank when doing the wide conversion so add an early exit. BUG=682551 Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323 Reviewed-on: https://pdfium-review.googlesource.com/2391 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'testing/libfuzzer/pdf_css_fuzzer.cc')
-rw-r--r--testing/libfuzzer/pdf_css_fuzzer.cc6
1 files changed, 5 insertions, 1 deletions
diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_css_fuzzer.cc
index 9135b25f3d..f02f006ea0 100644
--- a/testing/libfuzzer/pdf_css_fuzzer.cc
+++ b/testing/libfuzzer/pdf_css_fuzzer.cc
@@ -15,8 +15,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
CFX_WideString input = CFX_WideString::FromUTF8(
CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size)));
+ // If we convert the input into an empty string bail out.
+ if (input.GetLength() == 0)
+ return 0;
+
CFDE_CSSSyntaxParser parser;
- parser.Init(input.c_str(), size);
+ parser.Init(input.c_str(), input.GetLength());
FDE_CSSSyntaxStatus status;
do {