summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
AgeCommit message (Collapse)Author
2017-03-28Init PDFium in fuzzer codeDan Sinclair
Due to the partition alloc change we need to initialize the PDFium library in the fuzzers now. This will initialize the needed partitions. Without this, we fail in various places when attempting to create items into the partitions Bug: pdfium:687 Change-Id: I1c40ae3f442cb781cfdb7545b022ee1f4e64e264 Reviewed-on: https://pdfium-review.googlesource.com/3246 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-28Revert "Revert "Refcount all CFX_DIBSources (and subclasses) all the time.""Tom Sepez
This reverts commit 31b08d4cdaa17d7a03f35e087096a77036af98ec. Re-landing the patch after fixing skia build issue. Change-Id: Ie7039890088b803a6ec5ce365d70f57277459b48 Reviewed-on: https://pdfium-review.googlesource.com/3245 Commit-Queue: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-03-28Revert "Refcount all CFX_DIBSources (and subclasses) all the time."dsinclair
This reverts commit 0004f29bf6ee3c6060a272c79f14993e92e053c7. Reason for revert: Breaks build with skia_paths enabled (which will break the chrome roll). ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1858:38: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>' ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:1861:42: error: no member named 'get' in 'CFX_RetainPtr<CFX_DIBitmap>' ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2987:15: error: no viable overloaded '=' ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2991:18: error: no viable overloaded '=' ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:2999:17: error: no viable overloaded '=' ../../third_party/pdfium/core/fxge/skia/fx_skia_device.cpp:3001:43: error: no member named 'GetObject' in 'CFX_RetainPtr<CFX_DIBitmap>' Original change's description: > Refcount all CFX_DIBSources (and subclasses) all the time. > > There are currently several ownership models for these objects, > including ad-hoc logic for sharing and deletion, and the > now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs. > > Replace them all with the internal refcount scheme. > > Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872 > Reviewed-on: https://pdfium-review.googlesource.com/3166 > Reviewed-by: dsinclair <dsinclair@chromium.org> > Commit-Queue: dsinclair <dsinclair@chromium.org> > TBR=thestig@chromium.org,tsepez@chromium.org,dsinclair@chromium.org,pdfium-reviews@googlegroups.com NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Change-Id: I678b1fbc5e666cf7a19372ebaff3270fb115ba5e Reviewed-on: https://pdfium-review.googlesource.com/3243 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-28Refcount all CFX_DIBSources (and subclasses) all the time.Tom Sepez
There are currently several ownership models for these objects, including ad-hoc logic for sharing and deletion, and the now-redundant CFX_DIBitmapRef externally-counted handle to the DIBs. Replace them all with the internal refcount scheme. Change-Id: I2db399dfc19219eda384f94cc989353b78ce2872 Reviewed-on: https://pdfium-review.googlesource.com/3166 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-24Refcount CPDF_CMap all the time.chromium/3052chromium/3051Tom Sepez
Change-Id: I85ea9529f4188bf818ee96c37944e4546411f79c Reviewed-on: https://pdfium-review.googlesource.com/3211 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org>
2017-03-14Replace FX_FLOAT with underlying float type.Dan Sinclair
Change-Id: I158b7d80b0ec28b742a9f2d5a96f3dde7fb3ab56 Reviewed-on: https://pdfium-review.googlesource.com/3031 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-03-01Create virtual codec APIs so chrome/fuzzers can link separatelyTom Sepez
The one step to make an actual concrete class is conditionalized in fpdfview and is unconditional in the fuzzer. Also replace the clumsy C-style callbacks with a delegate interface as long as we are making new interfaces. Change-Id: I733a437483ce5e0c34211cfbbda05105336f55b5 Reviewed-on: https://pdfium-review.googlesource.com/2887 Commit-Queue: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-27Limit parsing recursion levels in CPDF_StreamParserNicolas Pena
We currently only limit the array recursion levels. This recursion level may also be reset when parsing. This is insufficient to protect against stack overflows. BUG=681920 Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3 Reviewed-on: https://pdfium-review.googlesource.com/2434 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-26Fix CSS fuzzer input sizeDan Sinclair
Currently we use the size provided by clusterfuzz when initializing the css syntax parser. This maybe incorrect as the CFX_WideString may have a different count after converting to UTF. Use the wide string length instead of the provided size. We need to guard against strings that convert to blank when doing the wide conversion so add an early exit. BUG=682551 Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323 Reviewed-on: https://pdfium-review.googlesource.com/2391 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-19Split fde/css files into individual class files.Dan Sinclair
This CL splits the files in xfa/fde/css into class per file and renames any needed files to match the class names. Update some of the classes to use std::stack. Change-Id: I4eca0fb3556d949a15a873bb0f0fd732f47e4fb1 Reviewed-on: https://pdfium-review.googlesource.com/2253 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-01-18Remove unused syntax parser initialize method.Dan Sinclair
This Cl removes the stream initializer from the FDE CSS parser. The only consumer was the css fuzzer. The fuzzer has been moved to use the string initializer to match the rest of the code. Change-Id: I65445af1159058b7c71d5e1d7c12e60383da6dbd Reviewed-on: https://pdfium-review.googlesource.com/2217 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-12Add postscript pathrbpotter
This patch adds the additional functions required to make postscript printing functional. The most significant additions are are two added compression functions and a new API for setting the postscript level. Not currently called from Chromium, Chromium patch to come. BUG= Review-Url: https://codereview.chromium.org/2612243005
2017-01-11Convert FDE CSS enums to enum classes.Dan Sinclair
This CL updates the possible FDE CSS enums to enum classes and fixes up any instances of incorrect values being used. A few other cleanups and changes were needed to complete the conversion. Change-Id: Ibcca5229a9ca8de1f4beb6462535f61705fd4f8c Reviewed-on: https://pdfium-review.googlesource.com/2170 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2016-12-07Use unique_ptr for CXFA_XMLParser.tsepez
Also rename CFDE_XMLParser to IFDE_XMLParser since its an interface. Review-Url: https://codereview.chromium.org/2555373002
2016-12-07Refcount IFGAS_ streams all the time, tootsepez
IFGAS_Streams are not part of the IFX_Stream hierarchy, but can be made from such. Review-Url: https://codereview.chromium.org/2559763002
2016-12-07Refcount all the IFX_ stream classes all the time.tsepez
We can remove a lot of "bOwnsStream" logic in the process. Always pass these by const reference, in case the called method wants to hang on to the stream (one exception is where we stick a raw pointer into a void* slot in a context from another layer). Review-Url: https://codereview.chromium.org/2451493002
2016-12-02Rename IFX_Stream to IFGAS_Stream.tsepez
It's a separate hierarchy unrelated to the IFX_*Stream classes. Also rename CFX_Stream to CFGAS_Stream, and so forth. Review-Url: https://codereview.chromium.org/2535723010
2016-12-01Move Init to constructor in CXFA_FMProgramNicolas Pena
Change-Id: I6b2d1a5b06211b32f3053aad4d7ae7501ec8d8f6 Reviewed-on: https://pdfium-review.googlesource.com/2093 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2016-11-30Convert loose FX_Create* functions into static methodstsepez
Also remove a bool that is always false. Review-Url: https://codereview.chromium.org/2539203002
2016-11-22Continue splitting pageint.h into per-class filestsepez
Add cpdf_streamparser.h and cpdf_contentparser.h since there are already corresponding .cpp files with the same name. Review-Url: https://codereview.chromium.org/2521123003
2016-11-21Remove some WrapUnique() calls by returing unique_ptrstsepez
Return these from underlying methods as appropriate. Review-Url: https://codereview.chromium.org/2520133002
2016-11-21Check dimensions and content of bitmaps in EmbedderTests.chromium/2927thestig
Review-Url: https://codereview.chromium.org/2514173002
2016-11-18Make CPDF_Dictionary use unique pointers.chromium/2926tsepez
Some changes were required to match underlying ctors as invoked by the templated methods. Many release() calls go away, a few WrapUniques() are introduced to avoid going deeper into other code. Review-Url: https://codereview.chromium.org/2510223002
2016-11-16Make CPDF_Array take unique_ptrstsepez
BUG= Review-Url: https://codereview.chromium.org/2498223005
2016-11-08Compile fuzzer sources in standalone builds. (try 2)thestig
- Add a template for fuzzers to remove redundancy. - Sort fuzzers in alphabetical order. Previous attempt: https://codereview.chromium.org/2480043002/ Review-Url: https://codereview.chromium.org/2481933003
2016-11-07Fix #include after commit c09625ca.thestig
TBR=tsepez@chromium.org Review-Url: https://codereview.chromium.org/2477323004
2016-11-07Rename CPDF_Linearized to CPDF_LinearizedHeadertsepez
My OCD insists that classes be named after nouns, and "linearized" feels like an adjective. Remove a redundant "if" while at it. Review-Url: https://codereview.chromium.org/2482973002
2016-11-07Reland of Unify some codeart-snake
Unify some code Move parsing of linearized header into separate CPDF_Linearized class. Original review: https://codereview.chromium.org/2466023002/ Revert review: https://codereview.chromium.org/2474283005/ Revert reason was: Breaking the chrome roll. See https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331856 ___ Added Fix for fuzzers. Review-Url: https://codereview.chromium.org/2477213003
2016-11-07Revert of Compile fuzzer sources in standalone builds. (patchset #3 id:40001 ↵npm
of https://codereview.chromium.org/2480043002/ ) Reason for revert: Breaking the tree: https://build.chromium.org/p/client.pdfium/builders/windows_xfa_32/builds/619/steps/compile%20with%20ninja/logs/stdio Original issue's description: > Compile fuzzer sources in standalone builds. > > - Add a template for fuzzers to remove redundancy. > - Sort fuzzers in alphabetical order. > > Committed: https://pdfium.googlesource.com/pdfium/+/470b5fa8f8dbfd2aa702d9d8cfdc03a7b486b374 TBR=dsinclair@chromium.org,thestig@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2480323002
2016-11-07Compile fuzzer sources in standalone builds.thestig
- Add a template for fuzzers to remove redundancy. - Sort fuzzers in alphabetical order. Review-Url: https://codereview.chromium.org/2480043002
2016-11-04Reland "Remove CPDF_Object::Release() in favor of direct delete"tsepez
This reverts commit f0d5b6c35fa343108a3ab7a25bc2cc2b3cf105b3. Review-Url: https://codereview.chromium.org/2478303002
2016-11-03Fix roll after TRUE conversiondsinclair
TBR=tsepez@chromium.org Review-Url: https://codereview.chromium.org/2471253004
2016-11-03Remove FX_BOOL entirely.tsepez
FX_BOOL was a type just like a regular C++ bool, except that it took 4x the space and frequently was used to hold values besides true or false. Review-Url: https://codereview.chromium.org/2471353002
2016-11-01libfuzzer: FALSE is not a pointertsepez
BUG=661291 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2469923002
2016-10-27Fix libfuzzer build broken at 9f7f7f8tsepez
BUG=660015 TBR=npm@chromium.org Review-Url: https://codereview.chromium.org/2452523005
2016-10-24Rename IFX_ stream nameschromium/2900tsepez
It's been troubling for some time that an IFX_FileStream might actually be an in-memory buffer with no backing file. Review-Url: https://codereview.chromium.org/2443723002
2016-10-04Fix fuzzer pathsdsinclair
Missed these again. Scripting fail. BUG=pdfium:603 Review-Url: https://codereview.chromium.org/2393433003
2016-10-04Make sure the fuzzer read size does not go negative.dsinclair
When fuzzing the image formats, its possible to get a read request which would go negative. Handle the request and return FALSE for the read. BUG=chromium:621836 Review-Url: https://codereview.chromium.org/2386343002
2016-09-30Fix #includes in libfuzzer so pdfium can be rollednpm
Note: pdfium bots don't seem to touch these files. Review-Url: https://codereview.chromium.org/2379973005
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-27Add fuzzer for jbig2 parsingkcwu
Review-Url: https://codereview.chromium.org/2370943004
2016-09-26Clean up fx_codec_fax.cpp.thestig
Review-Url: https://codereview.chromium.org/2357173005
2016-09-26Add fuzzer for cmap parsingchromium/2873kcwu
Review-Url: https://codereview.chromium.org/2365143002
2016-09-23Bail out on bad width and height in CCodec_FaxDecoder::CreateDecoderkcwu
BUG=648935,649436 Review-Url: https://codereview.chromium.org/2360283004
2016-09-22Add fuzzer for icc codeckcwu
Review-Url: https://codereview.chromium.org/2362623002
2016-09-19Add fuzzer for fax codeckcwu
Review-Url: https://codereview.chromium.org/2342203006
2016-08-26Remove most things GYP.thestig
BUG=pdfium:559 Review-Url: https://codereview.chromium.org/2286653002
2016-08-22Add fuzzer for CPDF_StreamParsertsepez
Review-Url: https://codereview.chromium.org/2262703003
2016-08-19Add a fuzzer for CPDF_HintTables.thestig
BUG=636559 Review-Url: https://codereview.chromium.org/2255083004
2016-08-18Add llvm fuzzer for CPDF_PSEnginetsepez
Put class definition into its own header file so fuzzer can find it. Fix a pair of div by 0s immediately hit by the fuzzer. Review-Url: https://codereview.chromium.org/2253193003