diff options
author | dsinclair <dsinclair@chromium.org> | 2016-06-06 08:48:50 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-06-06 08:48:50 -0700 |
commit | f7e108b2d0c2f67a143e99693df084bfff7037ec (patch) | |
tree | 51a987a7e62129a57d88553406d36a562d8d446e /testing/libfuzzer | |
parent | d1b859c0bc849759ee57dba000687eef4fee9757 (diff) | |
download | pdfium-f7e108b2d0c2f67a143e99693df084bfff7037ec.tar.xz |
XFA PNG Fuzzerchromium/2762chromium/2761
This CL creates a fuzzer for the CCodec_PngModule code.
BUG=chromium:616838
Review-Url: https://codereview.chromium.org/2047453002
Diffstat (limited to 'testing/libfuzzer')
-rw-r--r-- | testing/libfuzzer/BUILD.gn | 14 | ||||
-rw-r--r-- | testing/libfuzzer/fuzzers.gyp | 11 | ||||
-rw-r--r-- | testing/libfuzzer/pdf_codec_png_fuzzer.cc | 60 |
3 files changed, 85 insertions, 0 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 0ee8b29e38..e1152f9b69 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -47,6 +47,20 @@ if (pdf_enable_xfa) { ":libfuzzer_config", ] } + source_set("pdf_codec_png_fuzzer") { + testonly = true + sources = [ + "pdf_codec_png_fuzzer.cc", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } } source_set("pdf_jpx_fuzzer") { diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index 1f04baa77f..2339b5812e 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -59,6 +59,17 @@ 'unittest_main.cc', ], }, + { + 'target_name': 'pdf_codec_png_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_codec_png_fuzzer.cc', + 'unittest_main.cc', + ], + }, ], }], ['OS=="linux"', { diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc new file mode 100644 index 0000000000..5422a2f758 --- /dev/null +++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc @@ -0,0 +1,60 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <memory> + +#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h" +#include "core/fxcodec/include/fx_codec.h" +#include "core/fxcrt/include/fx_stream.h" + +namespace { + +class Reader : public IFX_FileRead { + public: + Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {} + ~Reader() {} + + void Release() override {} + + FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override { + if (offset + size > m_size) + size = m_size - offset; + memcpy(buffer, m_data + offset, size); + return TRUE; + } + + FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); } + + private: + const uint8_t* const m_data; + size_t m_size; +}; + +} // namespace + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr()); + std::unique_ptr<CCodec_ProgressiveDecoder> decoder( + mgr->CreateProgressiveDecoder()); + Reader source(data, size); + + FXCODEC_STATUS status = + decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr); + if (status != FXCODEC_STATUS_FRAME_READY) + return 0; + + std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap); + bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); + + int32_t frames; + if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0) + return 0; + + status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(), + bitmap->GetHeight()); + while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) + status = decoder->ContinueDecode(); + + return 0; +} |