summaryrefslogtreecommitdiff
path: root/testing
diff options
context:
space:
mode:
Diffstat (limited to 'testing')
-rw-r--r--testing/DEPS1
-rw-r--r--testing/libfuzzer/BUILD.gn14
-rw-r--r--testing/libfuzzer/fuzzers.gyp15
-rw-r--r--testing/libfuzzer/pdf_jpx_fuzzer.cc52
4 files changed, 82 insertions, 0 deletions
diff --git a/testing/DEPS b/testing/DEPS
index 86d3090407..ce8bbe45f7 100644
--- a/testing/DEPS
+++ b/testing/DEPS
@@ -1,5 +1,6 @@
include_rules = [
'+core/include',
+ '+core/fxcodec',
'+fpdfsdk/include',
'+public',
'+v8',
diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index d5ccb7f40f..0fb43f2790 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -47,4 +47,18 @@ if (pdf_enable_xfa) {
":libfuzzer_config",
]
}
+ source_set("pdf_jpx_fuzzer") {
+ testonly = true
+ sources = [
+ "pdf_jpx_fuzzer.cc",
+ ]
+ deps = [
+ "//third_party/pdfium:pdfium",
+ ]
+ configs -= [ "//build/config/compiler:chromium_code" ]
+ configs += [
+ "//build/config/compiler:no_chromium_code",
+ ":libfuzzer_config",
+ ]
+ }
}
diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp
index bdd9086592..1f04baa77f 100644
--- a/testing/libfuzzer/fuzzers.gyp
+++ b/testing/libfuzzer/fuzzers.gyp
@@ -61,6 +61,21 @@
},
],
}],
+ ['OS=="linux"', {
+ 'targets': [
+ {
+ 'target_name': 'pdf_jpx_fuzzer',
+ 'type': 'executable',
+ 'dependencies': [
+ '../../pdfium.gyp:pdfium',
+ ],
+ 'sources': [
+ 'pdf_jpx_fuzzer.cc',
+ 'unittest_main.cc',
+ ],
+ },
+ ],
+ }],
],
# Empty target so that nonxfa builds work.
'targets': [
diff --git a/testing/libfuzzer/pdf_jpx_fuzzer.cc b/testing/libfuzzer/pdf_jpx_fuzzer.cc
new file mode 100644
index 0000000000..8e16f24abc
--- /dev/null
+++ b/testing/libfuzzer/pdf_jpx_fuzzer.cc
@@ -0,0 +1,52 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <cstdint>
+#include <memory>
+#include <vector>
+
+#include "core/fxcodec/codec/codec_int.h"
+#include "core/include/fxge/fx_dib.h"
+
+CCodec_JpxModule g_module;
+
+struct DecoderDeleter {
+ void operator()(CJPX_Decoder* decoder) { g_module.DestroyDecoder(decoder); }
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::unique_ptr<CJPX_Decoder, DecoderDeleter> decoder(
+ g_module.CreateDecoder(data, size, nullptr));
+ if (!decoder)
+ return 0;
+
+ FX_DWORD width;
+ FX_DWORD height;
+ FX_DWORD components;
+ g_module.GetImageInfo(decoder.get(), &width, &height, &components);
+
+ FXDIB_Format format;
+ if (components == 1) {
+ format = FXDIB_8bppRgb;
+ } else if (components <= 3) {
+ format = FXDIB_Rgb;
+ } else if (components == 4) {
+ format = FXDIB_Rgb32;
+ } else {
+ width = (width * components + 2) / 3;
+ format = FXDIB_Rgb;
+ }
+
+ std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
+ if (!bitmap->Create(width, height, format))
+ return 0;
+
+ std::vector<uint8_t> output_offsets(components);
+ for (FX_DWORD i = 0; i < components; ++i)
+ output_offsets[i] = i;
+
+ g_module.Decode(decoder.get(), bitmap->GetBuffer(), bitmap->GetPitch(),
+ output_offsets);
+ return 0;
+}