diff options
author | dsinclair <dsinclair@chromium.org> | 2016-06-06 11:52:30 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-06-06 11:52:30 -0700 |
commit | 5a5f251ce8646ec421aa9e35d8bbca71a984770a (patch) | |
tree | 9dcc09b3ec26c50f8a23379653c80955e7eafce3 /testing/libfuzzer/xfa_codec_fuzzer.h | |
parent | 2b6d64eb67c23c31b29371023351b399495f23f8 (diff) | |
download | pdfium-5a5f251ce8646ec421aa9e35d8bbca71a984770a.tar.xz |
Add GIF, BMP, JPEG and TIFF XFA fuzzers
Generalize the PNG fuzzer and add fuzzers for the other image types handled by
the progressive decoder.
BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839
Review-Url: https://codereview.chromium.org/2045613002
Diffstat (limited to 'testing/libfuzzer/xfa_codec_fuzzer.h')
-rw-r--r-- | testing/libfuzzer/xfa_codec_fuzzer.h | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h new file mode 100644 index 0000000000..f3a3517a12 --- /dev/null +++ b/testing/libfuzzer/xfa_codec_fuzzer.h @@ -0,0 +1,65 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ +#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ + +#include <memory> + +#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h" +#include "core/fxcodec/include/fx_codec.h" +#include "core/fxcrt/include/fx_stream.h" + +class XFACodecFuzzer { + public: + static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { + std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr()); + std::unique_ptr<CCodec_ProgressiveDecoder> decoder( + mgr->CreateProgressiveDecoder()); + Reader source(data, size); + + FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr); + if (status != FXCODEC_STATUS_FRAME_READY) + return 0; + + std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap); + bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); + + int32_t frames; + if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || + frames == 0) + return 0; + + status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(), + bitmap->GetHeight()); + while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) + status = decoder->ContinueDecode(); + + return 0; + } + + private: + class Reader : public IFX_FileRead { + public: + Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {} + ~Reader() {} + + void Release() override {} + + FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { + if (offset + size > m_size) + size = m_size - offset; + memcpy(buffer, m_data + offset, size); + return TRUE; + } + + FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); } + + private: + const uint8_t* const m_data; + size_t m_size; + }; +}; + +#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ |