diff options
| author | Dan Sinclair <dsinclair@chromium.org> | 2018-05-10 21:21:05 +0000 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2018-05-10 21:21:05 +0000 |
| commit | 5e0b271b69355b5692b6afd1cd2c04d08c3b380c (patch) | |
| tree | 8e7874577842b36d028198ddcda09884b8c7c93e /testing/libfuzzer | |
| parent | 5ad45e2f68bb796c562302e9fc2d963c279334c7 (diff) | |
| download | pdfium-5e0b271b69355b5692b6afd1cd2c04d08c3b380c.tar.xz | |
Fixup ASSERT in Bidi handling; Add bidi fuzzer.
This CL converts several asserts in the FX_Bidi code to continue instead
of asserting in the face of unexpected input.
A BIDI fuzzer has been added as well.
Bug: chromium:839695
Change-Id: If61f822bde7442c008d50be58f7cecffb6e5d658
Reviewed-on: https://pdfium-review.googlesource.com/32191
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'testing/libfuzzer')
| -rw-r--r-- | testing/libfuzzer/BUILD.gn | 7 | ||||
| -rw-r--r-- | testing/libfuzzer/pdf_bidi_fuzzer.cc | 36 |
2 files changed, 43 insertions, 0 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 2b2c19389b..aeceb259cd 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -38,6 +38,7 @@ group("libfuzzer") { ] if (pdf_enable_xfa) { deps += [ + ":pdf_bidi_fuzzer", ":pdf_cfx_barcode_fuzzer", ":pdf_codec_jpeg_fuzzer", ":pdf_css_fuzzer", @@ -81,6 +82,12 @@ template("pdfium_fuzzer") { } if (pdf_enable_xfa) { + pdfium_fuzzer("pdf_bidi_fuzzer") { + sources = [ + "pdf_bidi_fuzzer.cc", + ] + } + pdfium_fuzzer("pdf_cfx_barcode_fuzzer") { sources = [ "pdf_cfx_barcode_fuzzer.cc", diff --git a/testing/libfuzzer/pdf_bidi_fuzzer.cc b/testing/libfuzzer/pdf_bidi_fuzzer.cc new file mode 100644 index 0000000000..8e52688a10 --- /dev/null +++ b/testing/libfuzzer/pdf_bidi_fuzzer.cc @@ -0,0 +1,36 @@ +// Copyright 2018 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <cstdint> + +#include "core/fxcrt/fx_bidi.h" +#include "core/fxcrt/widestring.h" +#include "core/fxge/cfx_font.h" +#include "third_party/base/span.h" +#include "xfa/fgas/font/cfgas_fontmgr.h" +#include "xfa/fgas/font/cfgas_gefont.h" +#include "xfa/fgas/layout/cfx_rtfbreak.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + auto fontmgr = pdfium::MakeUnique<CFGAS_FontMgr>(); + + auto font = pdfium::MakeUnique<CFX_Font>(); + font->LoadSubst("Arial", true, 0, FXFONT_FW_NORMAL, 0, 0, 0); + assert(font); + + CFX_RTFBreak rtf_break(FX_LAYOUTSTYLE_ExpandTab); + rtf_break.SetLineBreakTolerance(1); + rtf_break.SetFont(CFGAS_GEFont::LoadFont(std::move(font), fontmgr.get())); + rtf_break.SetFontSize(12); + + WideString input = + WideString::FromUTF16LE(reinterpret_cast<const unsigned short*>(data), + size / sizeof(unsigned short)); + for (auto& ch : input) + rtf_break.AppendChar(ch); + + auto chars = rtf_break.GetCurrentLineForTesting()->m_LineChars; + FX_BidiLine(&chars, chars.size()); + return 0; +} |