summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
diff options
context:
space:
mode:
authordsinclair <dsinclair@chromium.org>2016-06-06 08:48:50 -0700
committerCommit bot <commit-bot@chromium.org>2016-06-06 08:48:50 -0700
commitf7e108b2d0c2f67a143e99693df084bfff7037ec (patch)
tree51a987a7e62129a57d88553406d36a562d8d446e /testing/libfuzzer
parentd1b859c0bc849759ee57dba000687eef4fee9757 (diff)
downloadpdfium-f7e108b2d0c2f67a143e99693df084bfff7037ec.tar.xz
This CL creates a fuzzer for the CCodec_PngModule code. BUG=chromium:616838 Review-Url: https://codereview.chromium.org/2047453002
Diffstat (limited to 'testing/libfuzzer')
-rw-r--r--testing/libfuzzer/BUILD.gn14
-rw-r--r--testing/libfuzzer/fuzzers.gyp11
-rw-r--r--testing/libfuzzer/pdf_codec_png_fuzzer.cc60
3 files changed, 85 insertions, 0 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index 0ee8b29e38..e1152f9b69 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -47,6 +47,20 @@ if (pdf_enable_xfa) {
":libfuzzer_config",
]
}
+ source_set("pdf_codec_png_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_codec_png_fuzzer.cc",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
}
source_set("pdf_jpx_fuzzer") {
diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp
index 1f04baa77f..2339b5812e 100644
--- a/testing/libfuzzer/fuzzers.gyp
+++ b/testing/libfuzzer/fuzzers.gyp
@@ -59,6 +59,17 @@
'unittest_main.cc',
],
},
+ {
+ 'target_name': 'pdf_codec_png_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_codec_png_fuzzer.cc',
+ 'unittest_main.cc',
+ ],
+ },
],
}],
['OS=="linux"', {
diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
new file mode 100644
index 0000000000..5422a2f758
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
@@ -0,0 +1,60 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
+#include "core/fxcodec/include/fx_codec.h"
+#include "core/fxcrt/include/fx_stream.h"
+
+namespace {
+
+class Reader : public IFX_FileRead {
+ public:
+ Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
+ ~Reader() {}
+
+ void Release() override {}
+
+ FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+ if (offset + size > m_size)
+ size = m_size - offset;
+ memcpy(buffer, m_data + offset, size);
+ return TRUE;
+ }
+
+ FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
+
+ private:
+ const uint8_t* const m_data;
+ size_t m_size;
+};
+
+} // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
+ std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
+ mgr->CreateProgressiveDecoder());
+ Reader source(data, size);
+
+ FXCODEC_STATUS status =
+ decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr);
+ if (status != FXCODEC_STATUS_FRAME_READY)
+ return 0;
+
+ std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
+ bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
+
+ int32_t frames;
+ if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0)
+ return 0;
+
+ status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
+ bitmap->GetHeight());
+ while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
+ status = decoder->ContinueDecode();
+
+ return 0;
+}