diff options
author | Lei Zhang <thestig@chromium.org> | 2018-05-25 21:47:19 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-05-25 21:47:19 +0000 |
commit | fa4d93a08d5cd4f349c480b194a3e795273b27ed (patch) | |
tree | 522fdac3c130bf525814c0c745a9cffb2f6d6a4b /testing/libfuzzer | |
parent | 0d86f765b8361b7f9f3a5fcc659de2f52c806bd0 (diff) | |
download | pdfium-fa4d93a08d5cd4f349c480b194a3e795273b27ed.tar.xz |
Move fuzzers to testing/fuzzers.
Move them out of testing/libfuzzer, to make it possible to pull
libfuzzer into that directory. Leave testing/libfuzzer/BUILD.gn there
for now as a transitional build file.
BUG=pdfium:1088
Change-Id: I4126d89dd3e075ac63477a4860e029c135866dbe
Reviewed-on: https://pdfium-review.googlesource.com/32896
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'testing/libfuzzer')
28 files changed, 86 insertions, 986 deletions
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 912c537835..2d67f0bedb 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -1,253 +1,176 @@ -# Copyright 2016 The PDFium Authors. All rights reserved. +# Copyright 2018 The PDFium Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import("../../pdfium.gni") -config("libfuzzer_config") { - configs = [ "../..:pdfium_core_config" ] - - defines = [ - "PNG_PREFIX", - "PNG_USE_READ_MACROS", - ] - include_dirs = [ "../.." ] - if (pdf_enable_v8) { - defines += [ "PDF_ENABLE_V8" ] - } - if (pdf_enable_xfa) { - defines += [ "PDF_ENABLE_XFA" ] - } -} - -group("libfuzzer") { - testonly = true - deps = [ - ":pdf_cmap_fuzzer", - ":pdf_codec_a85_fuzzer", - ":pdf_codec_fax_fuzzer", - ":pdf_codec_icc_fuzzer", - ":pdf_codec_jbig2_fuzzer", - ":pdf_codec_rle_fuzzer", - ":pdf_font_fuzzer", - ":pdf_hint_table_fuzzer", - ":pdf_jpx_fuzzer", - ":pdf_psengine_fuzzer", - ":pdf_streamparser_fuzzer", - ":pdf_xml_fuzzer", - ] - if (pdf_enable_xfa) { - deps += [ - ":pdf_bidi_fuzzer", - ":pdf_cfx_barcode_fuzzer", - ":pdf_codec_jpeg_fuzzer", - ":pdf_css_fuzzer", - ":pdf_fm2js_fuzzer", - ":pdf_formcalc_fuzzer", - ] - if (pdf_enable_xfa_bmp) { - deps += [ ":pdf_codec_bmp_fuzzer" ] - } - if (pdf_enable_xfa_gif) { - deps += [ - ":pdf_codec_gif_fuzzer", - ":pdf_lzw_fuzzer", - ] - } - if (pdf_enable_xfa_png) { - deps += [ ":pdf_codec_png_fuzzer" ] - } - if (pdf_enable_xfa_tiff) { - deps += [ ":pdf_codec_tiff_fuzzer" ] - } - } -} - -template("pdfium_fuzzer") { - source_set(target_name) { - sources = invoker.sources + [ "pdf_fuzzer_init.cc" ] +if (pdf_enable_xfa) { + group("pdf_bidi_fuzzer") { deps = [ - "../..:pdfium", + "../fuzzers/:pdf_bidi_fuzzer_src", ] - if (defined(invoker.deps)) { - deps += invoker.deps - } testonly = true - configs -= [ "//build/config/compiler:chromium_code" ] - configs += [ - "//build/config/compiler:no_chromium_code", - ":libfuzzer_config", - ] - } -} - -if (pdf_enable_xfa) { - pdfium_fuzzer("pdf_bidi_fuzzer") { - sources = [ - "pdf_bidi_fuzzer.cc", - ] } - pdfium_fuzzer("pdf_cfx_barcode_fuzzer") { - sources = [ - "pdf_cfx_barcode_fuzzer.cc", + group("pdf_cfx_barcode_fuzzer") { + deps = [ + "../fuzzers/:pdf_cfx_barcode_fuzzer_src", ] + testonly = true } if (pdf_enable_xfa_bmp) { - pdfium_fuzzer("pdf_codec_bmp_fuzzer") { - sources = [ - "pdf_codec_bmp_fuzzer.cc", - "xfa_codec_fuzzer.h", - ] + group("pdf_codec_bmp_fuzzer") { deps = [ - "../../:test_support", + "../fuzzers/:pdf_codec_bmp_fuzzer_src", ] + testonly = true } } if (pdf_enable_xfa_gif) { - pdfium_fuzzer("pdf_codec_gif_fuzzer") { - sources = [ - "pdf_codec_gif_fuzzer.cc", - "xfa_codec_fuzzer.h", - ] + group("pdf_codec_gif_fuzzer") { deps = [ - "../../:test_support", + "../fuzzers/:pdf_codec_gif_fuzzer_src", ] + testonly = true } - pdfium_fuzzer("pdf_lzw_fuzzer") { - sources = [ - "pdf_lzw_fuzzer.cc", + group("pdf_lzw_fuzzer") { + deps = [ + "../fuzzers/:pdf_lzw_fuzzer_src", ] + testonly = true } } - pdfium_fuzzer("pdf_codec_jpeg_fuzzer") { - sources = [ - "pdf_codec_jpeg_fuzzer.cc", - "xfa_codec_fuzzer.h", - ] + group("pdf_codec_jpeg_fuzzer") { deps = [ - "../../:test_support", + "../fuzzers/:pdf_codec_jpeg_fuzzer_src", ] + testonly = true } if (pdf_enable_xfa_png) { - pdfium_fuzzer("pdf_codec_png_fuzzer") { - sources = [ - "pdf_codec_png_fuzzer.cc", - "xfa_codec_fuzzer.h", - ] + group("pdf_codec_png_fuzzer") { deps = [ - "../../:test_support", + "../fuzzers/:pdf_codec_png_fuzzer_src", ] + testonly = true } } if (pdf_enable_xfa_tiff) { - pdfium_fuzzer("pdf_codec_tiff_fuzzer") { - sources = [ - "pdf_codec_tiff_fuzzer.cc", - "xfa_codec_fuzzer.h", - ] + group("pdf_codec_tiff_fuzzer") { deps = [ - "../../:test_support", + "../fuzzers/:pdf_codec_tiff_fuzzer_src", ] + testonly = true } } - pdfium_fuzzer("pdf_css_fuzzer") { - sources = [ - "pdf_css_fuzzer.cc", + group("pdf_css_fuzzer") { + deps = [ + "../fuzzers/:pdf_css_fuzzer_src", ] + testonly = true } - pdfium_fuzzer("pdf_fm2js_fuzzer") { - sources = [ - "pdf_fm2js_fuzzer.cc", + group("pdf_fm2js_fuzzer") { + deps = [ + "../fuzzers/:pdf_fm2js_fuzzer_src", ] + testonly = true } - pdfium_fuzzer("pdf_formcalc_fuzzer") { - sources = [ - "pdf_formcalc_fuzzer.cc", + group("pdf_formcalc_fuzzer") { + deps = [ + "../fuzzers/:pdf_formcalc_fuzzer_src", ] + testonly = true } } -pdfium_fuzzer("pdf_cmap_fuzzer") { - sources = [ - "pdf_cmap_fuzzer.cc", +group("pdf_cmap_fuzzer") { + deps = [ + "../fuzzers/:pdf_cmap_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_codec_a85_fuzzer") { - sources = [ - "pdf_codec_a85_fuzzer.cc", +group("pdf_codec_a85_fuzzer") { + deps = [ + "../fuzzers/:pdf_codec_a85_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_codec_fax_fuzzer") { - sources = [ - "pdf_codec_fax_fuzzer.cc", +group("pdf_codec_fax_fuzzer") { + deps = [ + "../fuzzers/:pdf_codec_fax_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_codec_icc_fuzzer") { +group("pdf_codec_icc_fuzzer") { deps = [ - "../../third_party/:lcms2", - ] - sources = [ - "pdf_codec_icc_fuzzer.cc", + "../fuzzers/:pdf_codec_icc_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_codec_jbig2_fuzzer") { - sources = [ - "pdf_codec_jbig2_fuzzer.cc", +group("pdf_codec_jbig2_fuzzer") { + deps = [ + "../fuzzers/:pdf_codec_jbig2_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_codec_rle_fuzzer") { - sources = [ - "pdf_codec_rle_fuzzer.cc", +group("pdf_codec_rle_fuzzer") { + deps = [ + "../fuzzers/:pdf_codec_rle_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_font_fuzzer") { - sources = [ - "pdf_font_fuzzer.cc", +group("pdf_font_fuzzer") { + deps = [ + "../fuzzers/:pdf_font_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_hint_table_fuzzer") { - sources = [ - "pdf_hint_table_fuzzer.cc", +group("pdf_hint_table_fuzzer") { + deps = [ + "../fuzzers/:pdf_hint_table_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_jpx_fuzzer") { - sources = [ - "pdf_jpx_fuzzer.cc", +group("pdf_jpx_fuzzer") { + deps = [ + "../fuzzers/:pdf_jpx_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_psengine_fuzzer") { - sources = [ - "pdf_psengine_fuzzer.cc", +group("pdf_psengine_fuzzer") { + deps = [ + "../fuzzers/:pdf_psengine_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_streamparser_fuzzer") { - sources = [ - "pdf_streamparser_fuzzer.cc", +group("pdf_streamparser_fuzzer") { + deps = [ + "../fuzzers/:pdf_streamparser_fuzzer_src", ] + testonly = true } -pdfium_fuzzer("pdf_xml_fuzzer") { - sources = [ - "pdf_xml_fuzzer.cc", +group("pdf_xml_fuzzer") { + deps = [ + "../fuzzers/:pdf_xml_fuzzer_src", ] + testonly = true } diff --git a/testing/libfuzzer/DEPS b/testing/libfuzzer/DEPS deleted file mode 100644 index b1d034ed8c..0000000000 --- a/testing/libfuzzer/DEPS +++ /dev/null @@ -1,3 +0,0 @@ -include_rules = [ - '+xfa', -] diff --git a/testing/libfuzzer/pdf_bidi_fuzzer.cc b/testing/libfuzzer/pdf_bidi_fuzzer.cc deleted file mode 100644 index 8e52688a10..0000000000 --- a/testing/libfuzzer/pdf_bidi_fuzzer.cc +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2018 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fxcrt/fx_bidi.h" -#include "core/fxcrt/widestring.h" -#include "core/fxge/cfx_font.h" -#include "third_party/base/span.h" -#include "xfa/fgas/font/cfgas_fontmgr.h" -#include "xfa/fgas/font/cfgas_gefont.h" -#include "xfa/fgas/layout/cfx_rtfbreak.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - auto fontmgr = pdfium::MakeUnique<CFGAS_FontMgr>(); - - auto font = pdfium::MakeUnique<CFX_Font>(); - font->LoadSubst("Arial", true, 0, FXFONT_FW_NORMAL, 0, 0, 0); - assert(font); - - CFX_RTFBreak rtf_break(FX_LAYOUTSTYLE_ExpandTab); - rtf_break.SetLineBreakTolerance(1); - rtf_break.SetFont(CFGAS_GEFont::LoadFont(std::move(font), fontmgr.get())); - rtf_break.SetFontSize(12); - - WideString input = - WideString::FromUTF16LE(reinterpret_cast<const unsigned short*>(data), - size / sizeof(unsigned short)); - for (auto& ch : input) - rtf_break.AppendChar(ch); - - auto chars = rtf_break.GetCurrentLineForTesting()->m_LineChars; - FX_BidiLine(&chars, chars.size()); - return 0; -} diff --git a/testing/libfuzzer/pdf_cfx_barcode_fuzzer.cc b/testing/libfuzzer/pdf_cfx_barcode_fuzzer.cc deleted file mode 100644 index aaeebf3ace..0000000000 --- a/testing/libfuzzer/pdf_cfx_barcode_fuzzer.cc +++ /dev/null @@ -1,38 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <memory> - -#include "core/fxcrt/fx_string.h" -#include "xfa/fwl/cfx_barcode.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < 2 * sizeof(wchar_t)) - return 0; - - BC_TYPE type = static_cast<BC_TYPE>(data[0] % (BC_DATAMATRIX + 1)); - - // Only used one byte, but align with wchar_t for string below. - data += sizeof(wchar_t); - size -= sizeof(wchar_t); - - auto barcode = CFX_Barcode::Create(type); - if (!barcode) - return 0; - - // TODO(tsepez): Setup more options from |data|. - barcode->SetModuleHeight(300); - barcode->SetModuleWidth(420); - barcode->SetHeight(298); - barcode->SetWidth(418); - - WideStringView content(reinterpret_cast<const wchar_t*>(data), - size / sizeof(wchar_t)); - - if (!barcode->Encode(content)) - return 0; - - // TODO(tsepez): Output to device. - return 0; -} diff --git a/testing/libfuzzer/pdf_cmap_fuzzer.cc b/testing/libfuzzer/pdf_cmap_fuzzer.cc deleted file mode 100644 index 0c0ff11f36..0000000000 --- a/testing/libfuzzer/pdf_cmap_fuzzer.cc +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fpdfapi/font/cpdf_cmap.h" -#include "third_party/base/ptr_util.h" -#include "third_party/base/span.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - pdfium::MakeRetain<CPDF_CMap>()->LoadEmbedded(pdfium::make_span(data, size)); - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_a85_fuzzer.cc b/testing/libfuzzer/pdf_codec_a85_fuzzer.cc deleted file mode 100644 index 20bd792886..0000000000 --- a/testing/libfuzzer/pdf_codec_a85_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <memory> - -#include "core/fxcodec/codec/ccodec_basicmodule.h" -#include "core/fxcrt/fx_memory.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - uint8_t* dest_buf = nullptr; - uint32_t dest_size = 0; - CCodec_BasicModule encoder_module; - encoder_module.A85Encode(data, size, &dest_buf, &dest_size); - FX_Free(dest_buf); - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc b/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc deleted file mode 100644 index 6c80fb58b9..0000000000 --- a/testing/libfuzzer/pdf_codec_bmp_fuzzer.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "testing/libfuzzer/xfa_codec_fuzzer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_BMP); -} diff --git a/testing/libfuzzer/pdf_codec_fax_fuzzer.cc b/testing/libfuzzer/pdf_codec_fax_fuzzer.cc deleted file mode 100644 index f6cc1e7200..0000000000 --- a/testing/libfuzzer/pdf_codec_fax_fuzzer.cc +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <memory> - -#include "core/fxcodec/codec/ccodec_faxmodule.h" -#include "core/fxcodec/codec/ccodec_scanlinedecoder.h" - -static int GetInteger(const uint8_t* data) { - return data[0] | data[1] << 8 | data[2] << 16 | data[3] << 24; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - const int kParameterSize = 21; - if (size < kParameterSize) - return 0; - - int width = GetInteger(data); - int height = GetInteger(data + 4); - int K = GetInteger(data + 8); - int Columns = GetInteger(data + 12); - int Rows = GetInteger(data + 16); - bool EndOfLine = !(data[20] & 0x01); - bool ByteAlign = !(data[20] & 0x02); - bool BlackIs1 = !(data[20] & 0x04); - data += kParameterSize; - size -= kParameterSize; - - CCodec_FaxModule fax_module; - std::unique_ptr<CCodec_ScanlineDecoder> decoder( - fax_module.CreateDecoder(data, size, width, height, K, EndOfLine, - ByteAlign, BlackIs1, Columns, Rows)); - - if (decoder) { - int line = 0; - while (decoder->GetScanline(line)) - line++; - } - - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_gif_fuzzer.cc b/testing/libfuzzer/pdf_codec_gif_fuzzer.cc deleted file mode 100644 index 613ed1e37d..0000000000 --- a/testing/libfuzzer/pdf_codec_gif_fuzzer.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "testing/libfuzzer/xfa_codec_fuzzer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_GIF); -} diff --git a/testing/libfuzzer/pdf_codec_icc_fuzzer.cc b/testing/libfuzzer/pdf_codec_icc_fuzzer.cc deleted file mode 100644 index 7021017953..0000000000 --- a/testing/libfuzzer/pdf_codec_icc_fuzzer.cc +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fxcodec/codec/ccodec_iccmodule.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - CCodec_IccModule icc_module; - uint32_t nComponent = 0; - std::unique_ptr<CLcmsCmm> transform = - icc_module.CreateTransform_sRGB(data, size, &nComponent); - - if (transform) { - float src[4]; - float dst[4]; - for (int i = 0; i < 4; i++) - src[i] = 0.5f; - icc_module.SetComponents(nComponent); - icc_module.Translate(transform.get(), src, dst); - } - - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc b/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc deleted file mode 100644 index 7b8e2aac33..0000000000 --- a/testing/libfuzzer/pdf_codec_jbig2_fuzzer.cc +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fpdfapi/parser/cpdf_stream.h" -#include "core/fpdfapi/parser/cpdf_stream_acc.h" -#include "core/fxcodec/JBig2_DocumentContext.h" -#include "core/fxcodec/codec/ccodec_jbig2module.h" -#include "core/fxcodec/jbig2/JBig2_Context.h" -#include "core/fxcrt/fx_safe_types.h" -#include "core/fxge/dib/cfx_dibitmap.h" -#include "core/fxge/fx_dib.h" -#include "third_party/base/ptr_util.h" - -static uint32_t GetInteger(const uint8_t* data) { - return data[0] | data[1] << 8 | data[2] << 16 | data[3] << 24; -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - const size_t kParameterSize = 8; - if (size < kParameterSize) - return 0; - - uint32_t width = GetInteger(data); - uint32_t height = GetInteger(data + 4); - size -= kParameterSize; - data += kParameterSize; - - static constexpr uint32_t kMemLimit = 512000000; // 512 MB - static constexpr uint32_t k1bppRgbComponents = 4; // From CFX_DIBitmap impl. - FX_SAFE_UINT32 mem = width; - mem *= height; - mem *= k1bppRgbComponents; - if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit) - return 0; - - auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>(); - if (!bitmap->Create(width, height, FXDIB_1bppRgb)) - return 0; - - auto stream = pdfium::MakeUnique<CPDF_Stream>(); - stream->AsStream()->SetData(data, size); - - auto src_stream = pdfium::MakeRetain<CPDF_StreamAcc>(stream->AsStream()); - src_stream->LoadAllDataRaw(); - - CCodec_Jbig2Module module; - CCodec_Jbig2Context jbig2_context; - std::unique_ptr<JBig2_DocumentContext> document_context; - FXCODEC_STATUS status = module.StartDecode( - &jbig2_context, &document_context, width, height, src_stream, nullptr, - bitmap->GetBuffer(), bitmap->GetPitch(), nullptr); - - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = module.ContinueDecode(&jbig2_context, nullptr); - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc b/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc deleted file mode 100644 index 862bfad535..0000000000 --- a/testing/libfuzzer/pdf_codec_jpeg_fuzzer.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "testing/libfuzzer/xfa_codec_fuzzer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_JPG); -} diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc deleted file mode 100644 index 94e9321fd7..0000000000 --- a/testing/libfuzzer/pdf_codec_png_fuzzer.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "testing/libfuzzer/xfa_codec_fuzzer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_PNG); -} diff --git a/testing/libfuzzer/pdf_codec_rle_fuzzer.cc b/testing/libfuzzer/pdf_codec_rle_fuzzer.cc deleted file mode 100644 index c86671e5f4..0000000000 --- a/testing/libfuzzer/pdf_codec_rle_fuzzer.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <memory> - -#include "core/fxcodec/codec/ccodec_basicmodule.h" -#include "core/fxcrt/fx_memory.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - uint8_t* dest_buf = nullptr; - uint32_t dest_size = 0; - CCodec_BasicModule encoder_module; - encoder_module.RunLengthEncode(data, size, &dest_buf, &dest_size); - FX_Free(dest_buf); - return 0; -} diff --git a/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc b/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc deleted file mode 100644 index 8e28d0fd12..0000000000 --- a/testing/libfuzzer/pdf_codec_tiff_fuzzer.cc +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "testing/libfuzzer/xfa_codec_fuzzer.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_TIFF); -} diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_css_fuzzer.cc deleted file mode 100644 index 4f2f410aa3..0000000000 --- a/testing/libfuzzer/pdf_css_fuzzer.cc +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <memory> - -#include "core/fxcrt/css/cfx_css.h" -#include "core/fxcrt/css/cfx_csssyntaxparser.h" -#include "core/fxcrt/fx_string.h" -#include "core/fxcrt/retain_ptr.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - WideString input = - WideString::FromUTF8(ByteStringView(data, static_cast<size_t>(size))); - - // If we convert the input into an empty string bail out. - if (input.GetLength() == 0) - return 0; - - CFX_CSSSyntaxParser parser(input.c_str(), input.GetLength()); - CFX_CSSSyntaxStatus status; - do { - status = parser.DoSyntaxParse(); - } while (status != CFX_CSSSyntaxStatus::Error && - status != CFX_CSSSyntaxStatus::EOS); - return 0; -} diff --git a/testing/libfuzzer/pdf_fm2js_fuzzer.cc b/testing/libfuzzer/pdf_fm2js_fuzzer.cc deleted file mode 100644 index 2541dfbcc8..0000000000 --- a/testing/libfuzzer/pdf_fm2js_fuzzer.cc +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstddef> -#include <cstdint> - -#include "core/fxcrt/cfx_widetextbuf.h" -#include "core/fxcrt/fx_safe_types.h" -#include "core/fxcrt/fx_string.h" -#include "fxjs/cfxjse_formcalc_context.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - FX_SAFE_SIZE_T safe_size = size; - if (!safe_size.IsValid()) - return 0; - - CFX_WideTextBuf js; - WideString input = - WideString::FromUTF8(ByteStringView(data, safe_size.ValueOrDie())); - CFXJSE_FormCalcContext::Translate(input.AsStringView(), &js); - return 0; -} diff --git a/testing/libfuzzer/pdf_font_fuzzer.cc b/testing/libfuzzer/pdf_font_fuzzer.cc deleted file mode 100644 index 7c596307f0..0000000000 --- a/testing/libfuzzer/pdf_font_fuzzer.cc +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstring> -#include <memory> - -#include "public/cpp/fpdf_scopers.h" -#include "public/fpdf_edit.h" -#include "public/fpdfview.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size < 2) - return 0; - - ScopedFPDFDocument doc(FPDF_CreateNewDocument()); - ScopedFPDFPage page(FPDFPage_New(doc.get(), 0, 612, 792)); - int font_type = data[0]; - FPDF_BOOL cid = data[1]; - data += 2; - size -= 2; - ScopedFPDFFont font(FPDFText_LoadFont(doc.get(), data, size, font_type, cid)); - if (!font) - return 0; - - FPDF_PAGEOBJECT text_object = - FPDFPageObj_CreateTextObj(doc.get(), font.get(), 12.0f); - FPDFPage_InsertObject(page.get(), text_object); - FPDFPage_GenerateContent(page.get()); - return 0; -} diff --git a/testing/libfuzzer/pdf_formcalc_fuzzer.cc b/testing/libfuzzer/pdf_formcalc_fuzzer.cc deleted file mode 100644 index 08e22bb247..0000000000 --- a/testing/libfuzzer/pdf_formcalc_fuzzer.cc +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "core/fxcrt/cfx_widetextbuf.h" -#include "core/fxcrt/fx_string.h" -#include "xfa/fxfa/fm2js/cxfa_fmparser.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - WideString input = WideString::FromUTF8(ByteStringView(data, size)); - - CXFA_FMParser parser(input.AsStringView()); - parser.Parse(); - - return 0; -} diff --git a/testing/libfuzzer/pdf_fuzzer_init.cc b/testing/libfuzzer/pdf_fuzzer_init.cc deleted file mode 100644 index 4b9790c3f8..0000000000 --- a/testing/libfuzzer/pdf_fuzzer_init.cc +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <string.h> - -#include "public/fpdfview.h" - -// Initialize the library once for all runs of the fuzzer. -struct TestCase { - TestCase() { - memset(&config, '\0', sizeof(config)); - config.version = 2; - config.m_pUserFontPaths = nullptr; - config.m_pIsolate = nullptr; - config.m_v8EmbedderSlot = 0; - FPDF_InitLibraryWithConfig(&config); - } - FPDF_LIBRARY_CONFIG config; -}; -static TestCase* testCase = new TestCase(); diff --git a/testing/libfuzzer/pdf_hint_table_fuzzer.cc b/testing/libfuzzer/pdf_hint_table_fuzzer.cc deleted file mode 100644 index 50ca5cd693..0000000000 --- a/testing/libfuzzer/pdf_hint_table_fuzzer.cc +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fpdfapi/parser/cpdf_array.h" -#include "core/fpdfapi/parser/cpdf_boolean.h" -#include "core/fpdfapi/parser/cpdf_dictionary.h" -#include "core/fpdfapi/parser/cpdf_hint_tables.h" -#include "core/fpdfapi/parser/cpdf_linearized_header.h" -#include "core/fpdfapi/parser/cpdf_number.h" -#include "core/fxcrt/cfx_bitstream.h" -#include "third_party/base/ptr_util.h" -#include "third_party/base/span.h" - -int32_t GetData(const int32_t** data32, const uint8_t** data, size_t* size) { - const int32_t* ret = *data32; - ++(*data32); - *data += 4; - *size -= 4; - return *ret; -} - -class HintTableForFuzzing : public CPDF_HintTables { - public: - HintTableForFuzzing(CPDF_LinearizedHeader* pLinearized, - int shared_hint_table_offset) - : CPDF_HintTables(nullptr, pLinearized), - shared_hint_table_offset_(shared_hint_table_offset) {} - ~HintTableForFuzzing() {} - - void Fuzz(const uint8_t* data, size_t size) { - if (shared_hint_table_offset_ <= 0) - return; - - if (size < static_cast<size_t>(shared_hint_table_offset_)) - return; - - CFX_BitStream bs(pdfium::make_span(data, size)); - if (!ReadPageHintTable(&bs)) - return; - ReadSharedObjHintTable(&bs, shared_hint_table_offset_); - } - - private: - int shared_hint_table_offset_; -}; - -class FakeLinearized : public CPDF_LinearizedHeader { - public: - explicit FakeLinearized(CPDF_Dictionary* linearized_dict) - : CPDF_LinearizedHeader(linearized_dict, 0) {} -}; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - // Need 28 bytes for |linearized_dict|. - // The header section of page offset hint table is 36 bytes. - // The header section of shared object hint table is 24 bytes. - if (size < 28 + 36 + 24) - return 0; - - const int32_t* data32 = reinterpret_cast<const int32_t*>(data); - - auto linearized_dict = pdfium::MakeUnique<CPDF_Dictionary>(); - // Set initial value. - linearized_dict->SetNewFor<CPDF_Boolean>("Linearized", true); - // Set first page end offset - linearized_dict->SetNewFor<CPDF_Number>("E", GetData(&data32, &data, &size)); - // Set page count - linearized_dict->SetNewFor<CPDF_Number>("N", GetData(&data32, &data, &size)); - // Set first page obj num - linearized_dict->SetNewFor<CPDF_Number>("O", GetData(&data32, &data, &size)); - // Set first page no - linearized_dict->SetNewFor<CPDF_Number>("P", GetData(&data32, &data, &size)); - - auto hint_info = pdfium::MakeUnique<CPDF_Array>(); - // Add primary hint stream offset - hint_info->AddNew<CPDF_Number>(GetData(&data32, &data, &size)); - // Add primary hint stream size - hint_info->AddNew<CPDF_Number>(GetData(&data32, &data, &size)); - // Set hint stream info. - linearized_dict->SetFor("H", std::move(hint_info)); - - const int shared_hint_table_offset = GetData(&data32, &data, &size); - - { - FakeLinearized linearized(linearized_dict.get()); - HintTableForFuzzing hint_table(&linearized, shared_hint_table_offset); - hint_table.Fuzz(data, size); - } - return 0; -} diff --git a/testing/libfuzzer/pdf_jpx_fuzzer.cc b/testing/libfuzzer/pdf_jpx_fuzzer.cc deleted file mode 100644 index da65bc2d9a..0000000000 --- a/testing/libfuzzer/pdf_jpx_fuzzer.cc +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <memory> -#include <vector> - -#include "core/fxcodec/codec/ccodec_jpxmodule.h" -#include "core/fxcodec/codec/cjpx_decoder.h" -#include "core/fxcrt/fx_safe_types.h" -#include "core/fxge/dib/cfx_dibitmap.h" -#include "core/fxge/fx_dib.h" - -CCodec_JpxModule g_module; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - std::unique_ptr<CJPX_Decoder> decoder = - g_module.CreateDecoder(data, size, nullptr); - if (!decoder) - return 0; - - uint32_t width; - uint32_t height; - uint32_t components; - g_module.GetImageInfo(decoder.get(), &width, &height, &components); - - static constexpr uint32_t kMemLimit = 1024 * 1024 * 1024; // 1 GB. - FX_SAFE_UINT32 mem = width; - mem *= height; - mem *= components; - if (!mem.IsValid() || mem.ValueOrDie() > kMemLimit) - return 0; - - FXDIB_Format format; - if (components == 1) { - format = FXDIB_8bppRgb; - } else if (components <= 3) { - format = FXDIB_Rgb; - } else if (components == 4) { - format = FXDIB_Rgb32; - } else { - width = (width * components + 2) / 3; - format = FXDIB_Rgb; - } - auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>(); - if (!bitmap->Create(width, height, format)) - return 0; - - std::vector<uint8_t> output_offsets(components); - for (uint32_t i = 0; i < components; ++i) - output_offsets[i] = i; - - g_module.Decode(decoder.get(), bitmap->GetBuffer(), bitmap->GetPitch(), - output_offsets); - return 0; -} diff --git a/testing/libfuzzer/pdf_lzw_fuzzer.cc b/testing/libfuzzer/pdf_lzw_fuzzer.cc deleted file mode 100644 index 7e10d2a1ee..0000000000 --- a/testing/libfuzzer/pdf_lzw_fuzzer.cc +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2017 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <vector> - -#include "core/fxcodec/gif/cfx_lzwdecompressor.h" -#include "third_party/base/numerics/safe_conversions.h" - -// Between 2x and 5x is a standard range for LZW according to a quick -// search of papers. Running up to 10x to catch any niche cases. -constexpr uint32_t kMinCompressionRatio = 2; -constexpr uint32_t kMaxCompressionRatio = 10; - -void LZWFuzz(const uint8_t* src_buf, - size_t src_size, - uint8_t color_exp, - uint8_t code_exp) { - std::unique_ptr<CFX_LZWDecompressor> decompressor = - CFX_LZWDecompressor::Create(color_exp, code_exp); - if (!decompressor) - return; - - for (uint32_t compressions_ratio = kMinCompressionRatio; - compressions_ratio <= kMaxCompressionRatio; compressions_ratio++) { - std::vector<uint8_t> dest_buf(compressions_ratio * src_size); - // This cast should be safe since the caller is checking for overflow on - // the initial data. - uint32_t dest_size = static_cast<uint32_t>(dest_buf.size()); - if (CFX_GifDecodeStatus::InsufficientDestSize != - decompressor->Decode(const_cast<uint8_t*>(src_buf), src_size, - dest_buf.data(), &dest_size)) - return; - } -} - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - // Need at least 3 bytes to do anything. - if (size < 3) - return 0; - - // Normally the GIF would provide the code and color sizes, instead, going - // to assume they are the first two bytes of data provided. - uint8_t color_exp = data[0]; - uint8_t code_exp = data[1]; - const uint8_t* lzw_data = data + 2; - uint32_t lzw_data_size = static_cast<uint32_t>(size - 2); - // Check that there isn't going to be an overflow in the destination buffer - // size. - if (lzw_data_size > - std::numeric_limits<uint32_t>::max() / kMaxCompressionRatio) { - return 0; - } - - LZWFuzz(lzw_data, lzw_data_size, color_exp, code_exp); - - return 0; -} diff --git a/testing/libfuzzer/pdf_psengine_fuzzer.cc b/testing/libfuzzer/pdf_psengine_fuzzer.cc deleted file mode 100644 index d72088d4e3..0000000000 --- a/testing/libfuzzer/pdf_psengine_fuzzer.cc +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> - -#include "core/fpdfapi/page/cpdf_psengine.h" -#include "third_party/base/span.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - CPDF_PSEngine engine; - if (engine.Parse(pdfium::make_span(data, size))) - engine.Execute(); - return 0; -} diff --git a/testing/libfuzzer/pdf_streamparser_fuzzer.cc b/testing/libfuzzer/pdf_streamparser_fuzzer.cc deleted file mode 100644 index 4d9a368916..0000000000 --- a/testing/libfuzzer/pdf_streamparser_fuzzer.cc +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <memory> - -#include "core/fpdfapi/page/cpdf_streamparser.h" -#include "core/fpdfapi/parser/cpdf_object.h" -#include "third_party/base/span.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - CPDF_StreamParser parser(pdfium::make_span(data, size)); - while (std::unique_ptr<CPDF_Object> pObj = - parser.ReadNextObject(true, false, 0)) - continue; - - return 0; -} diff --git a/testing/libfuzzer/pdf_xml_fuzzer.cc b/testing/libfuzzer/pdf_xml_fuzzer.cc deleted file mode 100644 index a3c399f78d..0000000000 --- a/testing/libfuzzer/pdf_xml_fuzzer.cc +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstddef> -#include <cstdint> -#include <memory> - -#include "core/fxcrt/cfx_memorystream.h" -#include "core/fxcrt/fx_safe_types.h" -#include "core/fxcrt/fx_system.h" -#include "core/fxcrt/xml/cfx_xmldocument.h" -#include "core/fxcrt/xml/cfx_xmlelement.h" -#include "core/fxcrt/xml/cfx_xmlparser.h" -#include "third_party/base/ptr_util.h" - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - FX_SAFE_SIZE_T safe_size = size; - if (!safe_size.IsValid()) - return 0; - - auto stream = pdfium::MakeRetain<CFX_MemoryStream>(const_cast<uint8_t*>(data), - size, false); - - CFX_XMLParser parser(stream); - std::unique_ptr<CFX_XMLDocument> doc = parser.Parse(); - if (!doc || !doc->GetRoot()) - return 0; - - for (CFX_XMLNode* pXMLNode = doc->GetRoot()->GetFirstChild(); pXMLNode; - pXMLNode = pXMLNode->GetNextSibling()) { - if (pXMLNode->GetType() == FX_XMLNODE_Element) - break; - } - return 0; -} diff --git a/testing/libfuzzer/unittest_main.cc b/testing/libfuzzer/unittest_main.cc deleted file mode 100644 index f6b29e483f..0000000000 --- a/testing/libfuzzer/unittest_main.cc +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -// A simple unit-test style driver for libfuzzer tests. -// Usage: <fuzzer_test> <file>... - -#include <fstream> -#include <iostream> -#include <iterator> -#include <vector> - -// Libfuzzer API. -extern "C" { -// User function. -int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size); -// Initialization function. -__attribute__((weak)) int LLVMFuzzerInitialize(int* argc, char*** argv); -} - -std::vector<char> readFile(std::string path) { - std::ifstream in(path); - return std::vector<char>((std::istreambuf_iterator<char>(in)), - std::istreambuf_iterator<char>()); -} - -int main(int argc, char** argv) { - if (argc == 1) { - std::cerr << "Usage: " << argv[0] << " <file>..." << std::endl; - exit(1); - } - - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); - - for (int i = 1; i < argc; ++i) { - std::cout << argv[i] << std::endl; - auto v = readFile(argv[i]); - LLVMFuzzerTestOneInput((const unsigned char*)v.data(), v.size()); - } -} diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h deleted file mode 100644 index bcc3a5c7fe..0000000000 --- a/testing/libfuzzer/xfa_codec_fuzzer.h +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2016 The PDFium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ -#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ - -#include <memory> - -#include "core/fxcodec/codec/ccodec_progressivedecoder.h" -#include "core/fxcodec/fx_codec.h" -#include "core/fxge/dib/cfx_dibitmap.h" -#include "testing/fx_string_testhelpers.h" -#include "third_party/base/ptr_util.h" - -#ifdef PDF_ENABLE_XFA_BMP -#include "core/fxcodec/codec/ccodec_bmpmodule.h" -#endif // PDF_ENABLE_XFA_BMP - -#ifdef PDF_ENABLE_XFA_GIF -#include "core/fxcodec/codec/ccodec_gifmodule.h" -#endif // PDF_ENABLE_XFA_GIF - -#ifdef PDF_ENABLE_XFA_PNG -#include "core/fxcodec/codec/ccodec_pngmodule.h" -#endif // PDF_ENABLE_XFA_PNG - -#ifdef PDF_ENABLE_XFA_TIFF -#include "core/fxcodec/codec/ccodec_tiffmodule.h" -#endif // PDF_ENABLE_XFA_TIFF - -// Support up to 64 MB. This prevents trivial OOM when MSAN is on and -// time outs. -const int kXFACodecFuzzerPixelLimit = 64000000; - -class XFACodecFuzzer { - public: - static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { - auto mgr = pdfium::MakeUnique<CCodec_ModuleMgr>(); -#ifdef PDF_ENABLE_XFA_BMP - mgr->SetBmpModule(pdfium::MakeUnique<CCodec_BmpModule>()); -#endif // PDF_ENABLE_XFA_BMP -#ifdef PDF_ENABLE_XFA_GIF - mgr->SetGifModule(pdfium::MakeUnique<CCodec_GifModule>()); -#endif // PDF_ENABLE_XFA_GIF -#ifdef PDF_ENABLE_XFA_PNG - mgr->SetPngModule(pdfium::MakeUnique<CCodec_PngModule>()); -#endif // PDF_ENABLE_XFA_PNG -#ifdef PDF_ENABLE_XFA_TIFF - mgr->SetTiffModule(pdfium::MakeUnique<CCodec_TiffModule>()); -#endif // PDF_ENABLE_XFA_TIFF - - std::unique_ptr<CCodec_ProgressiveDecoder> decoder = - mgr->CreateProgressiveDecoder(); - auto source = pdfium::MakeRetain<CFX_BufferSeekableReadStream>(data, size); - FXCODEC_STATUS status = decoder->LoadImageInfo(source, type, nullptr, true); - if (status != FXCODEC_STATUS_FRAME_READY) - return 0; - - // Skipping very large images, since they will take a long time and may lead - // to OOM. - FX_SAFE_UINT32 bitmap_size = decoder->GetHeight(); - bitmap_size *= decoder->GetWidth(); - bitmap_size *= 4; // From CFX_DIBitmap impl. - if (!bitmap_size.IsValid() || - bitmap_size.ValueOrDie() > kXFACodecFuzzerPixelLimit) { - return 0; - } - - auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>(); - bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); - - size_t frames; - std::tie(status, frames) = decoder->GetFrames(); - if (status != FXCODEC_STATUS_DECODE_READY || frames == 0) - return 0; - - status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(), - bitmap->GetHeight()); - while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) - status = decoder->ContinueDecode(); - - return 0; - } -}; - -#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ |