summaryrefslogtreecommitdiff
path: root/testing/libfuzzer/xfa_codec_fuzzer.h
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-06-06 11:52:30 -0700
committerCommit bot <commit-bot@chromium.org>2016-06-06 11:52:30 -0700
commit5a5f251ce8646ec421aa9e35d8bbca71a984770a (patch)
tree9dcc09b3ec26c50f8a23379653c80955e7eafce3 /testing/libfuzzer/xfa_codec_fuzzer.h
parent2b6d64eb67c23c31b29371023351b399495f23f8 (diff)
downloadpdfium-5a5f251ce8646ec421aa9e35d8bbca71a984770a.tar.xz
Add GIF, BMP, JPEG and TIFF XFA fuzzers
Generalize the PNG fuzzer and add fuzzers for the other image types handled by the progressive decoder. BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839 Review-Url: https://codereview.chromium.org/2045613002
Diffstat (limited to 'testing/libfuzzer/xfa_codec_fuzzer.h')
-rw-r--r--testing/libfuzzer/xfa_codec_fuzzer.h65
1 files changed, 65 insertions, 0 deletions
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
new file mode 100644
index 0000000000..f3a3517a12
--- /dev/null
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -0,0 +1,65 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
+#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
+
+#include <memory>
+
+#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
+#include "core/fxcodec/include/fx_codec.h"
+#include "core/fxcrt/include/fx_stream.h"
+
+class XFACodecFuzzer {
+ public:
+ static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
+ std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
+ std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
+ mgr->CreateProgressiveDecoder());
+ Reader source(data, size);
+
+ FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr);
+ if (status != FXCODEC_STATUS_FRAME_READY)
+ return 0;
+
+ std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
+ bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
+
+ int32_t frames;
+ if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY ||
+ frames == 0)
+ return 0;
+
+ status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
+ bitmap->GetHeight());
+ while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
+ status = decoder->ContinueDecode();
+
+ return 0;
+ }
+
+ private:
+ class Reader : public IFX_FileRead {
+ public:
+ Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
+ ~Reader() {}
+
+ void Release() override {}
+
+ FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+ if (offset + size > m_size)
+ size = m_size - offset;
+ memcpy(buffer, m_data + offset, size);
+ return TRUE;
+ }
+
+ FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
+
+ private:
+ const uint8_t* const m_data;
+ size_t m_size;
+ };
+};
+
+#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_