Make sure the fuzzer read size does not go negative.

When fuzzing the image formats, its possible to get a read request which would go negative. Handle the request and return FALSE for the read. BUG=chromium:621836 Review-Url: https://codereview.chromium.org/2386343002
author: dsinclair <dsinclair@chromium.org> 2016-10-04 12:38:18 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-10-04 12:38:18 -0700
commit: fb403875dd1bbf830d9325f10e6a5650db30c6fd (patch)
tree: bd2b7cb0cb993ba74603be94b9467bb97fc15923 /testing/libfuzzer
parent: 69d9c68e705afa7a4008feb9bbeb19cea887ed47 (diff)
download: pdfium-fb403875dd1bbf830d9325f10e6a5650db30c6fd.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h
index 6a84ed8572..13a467e1ef 100644
--- a/testing/libfuzzer/xfa_codec_fuzzer.h
+++ b/testing/libfuzzer/xfa_codec_fuzzer.h
@@ -49,8 +49,13 @@ class XFACodecFuzzer {
     void Release() override {}
 
     FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+      if (offset < 0 || offset >= m_size)
+        return FALSE;
       if (offset + size > m_size)
         size = m_size - offset;
+      if (size == 0)
+        return FALSE;
+
       memcpy(buffer, m_data + offset, size);
       return TRUE;
     }
author	dsinclair <dsinclair@chromium.org>	2016-10-04 12:38:18 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-10-04 12:38:18 -0700
commit	fb403875dd1bbf830d9325f10e6a5650db30c6fd (patch)
tree	bd2b7cb0cb993ba74603be94b9467bb97fc15923 /testing/libfuzzer
parent	69d9c68e705afa7a4008feb9bbeb19cea887ed47 (diff)
download	pdfium-fb403875dd1bbf830d9325f10e6a5650db30c6fd.tar.xz