summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
AgeCommit message (Collapse)Author
2017-12-14Reduce XFA image fuzzer size limit to 64MBRyan Harrison
BUG=chromium:794351 Change-Id: Ieb876560674dfa0728d66f2ad3411f3f569d0ffa Reviewed-on: https://pdfium-review.googlesource.com/21290 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-12-11Remove default arguments to CPDF_StreamAcc::LoadAllData().Lei Zhang
Add LoadAllDataFiltered() and LoadAllDataRaw() and update callers. Change-Id: I9b80ee34a358db204968acdc8b1adc9db0b6b83f Reviewed-on: https://pdfium-review.googlesource.com/20810 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-11-30Reduce memory limit of PDF XFA fuzzersNicolas Pena
CFX_DIBitmap::Create does an allocation of size roughly 4*width*height even in xfa_codec_fuzzer.h. This CL fixes the memory limit accordingly. Bug: 789359 Change-Id: Ib5cbd08510ecacb2fbd22cb23394d24a86110bc5 Reviewed-on: https://pdfium-review.googlesource.com/19890 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-28Fix PDF fuzzers memory limitNicolas Pena
This CL reduces the memory limit in pdf_codec_jbig2_fuzzer. Note that MSAN requires the limit to be lower than the actual bot usage limit. In the testcase, we get OOM just after CFX_DIBitmap::Create. It also increases the limit in xfa_codec_fuzzer.h Bug: 784155 Change-Id: I6fc8d9533ca7dc2b19bf84b9eac23284e05b1e6d Reviewed-on: https://pdfium-review.googlesource.com/19571 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-11-27Convert CFX_GifContext::GetFrameNum to size_tDan Sinclair
This CL removes the CollectionSize and updates call locations as needed. Bug: pdfium:774 Change-Id: I813c500b3a17a194407ceb1304252b9b16fe1779 Reviewed-on: https://pdfium-review.googlesource.com/19590 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-11-08Make most CPDF_LinearizedHeader members const.chromium/3263Lei Zhang
Change-Id: I82907ad725861b9ccd6299f5dfe20ddb9d238178 Reviewed-on: https://pdfium-review.googlesource.com/17796 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-11-01Move some XFA JS code into fxjs/Dan Sinclair
This CL renames cxfa_scriptcontext to cfxjse_engine and cxfa_fm2jscontext to cfxjse_formcalc_context. From reading the code, the script context appears to handle the v8 setup and object code. The formcalc context code is related to handling the JS code generated from the transpiler. I, think, these new names make the intended usage clearer. They also move the code into fxjs/ to keep along side the rest of the JS code. Change-Id: I50619fbe48ca1f553a44cf0e0cb0210be8e45e4f Reviewed-on: https://pdfium-review.googlesource.com/17130 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-10-31Fix FPE in XFACodecFuzzerchromium/3255Ryan Harrison
This is a div by 0 issue BUG=chromium:779890 Change-Id: I91ca2969ffe52fb486b1fab32abc8609cd6567a2 Reviewed-on: https://pdfium-review.googlesource.com/17250 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-10-30Fix overflow in image size checkRyan Harrison
BUG=chromium:779342 Change-Id: I2a087a08fe87594eb73d9d955955be0e66e5cdc2 Reviewed-on: https://pdfium-review.googlesource.com/17030 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-27Limit the size of images being fuzzed in XFACodecFuzzersRyan Harrison
This limits the size detected in the header to 1,000,000 pixels, which will support 1000 x 1000 images. This is being done to remove non-useful OOM reports for very large images and improve fuzzing efficiency, since larger images are unlikely to cover new logic. BUG=pdfium:925 Change-Id: I4a7fa7cf02cbb469048b752d45bc9f64a1b60a98 Reviewed-on: https://pdfium-review.googlesource.com/17010 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-10-19Implement fuzzer for FormCalc parsingRyan Harrison
This adds a fuzzer that tests the FormCalc parsing code independent of parsing an entire XFA file or performing translation to JS. BUG=pdfium:920 Change-Id: I3d2c336d9cb6f4ebf114ded5f57a44a8342c4228 Reviewed-on: https://pdfium-review.googlesource.com/16391 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-19Implement fuzzer for LZW decompressorRyan Harrison
This adds a fuzzer that tests the LZW decompression code used by our GIF decoder. BUG=pdfium:908 Change-Id: I1381f3ebb2eddf8d2c6f0394b1bb00f67d64a600 Reviewed-on: https://pdfium-review.googlesource.com/16310 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-09-29Extract test subclasses of IFX_SeekableReadStreamRyan Harrison
There are multiple instances of subclasses that either act as an invalid stream or one backed by a memory buffer. Merging all of these into two shared stream classes and removing the others. BUG=pdfium:911 Change-Id: I264602808c6dc0e5c878da462a5e00883fe43e51 Reviewed-on: https://pdfium-review.googlesource.com/15093 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-09-27Replace FX_SAFE_STRSIZE with FX_SAFE_SIZE_TRyan Harrison
BUG=pdfium:828 Change-Id: If9560338c456b28f968e743a90a3629791d87df0 Reviewed-on: https://pdfium-review.googlesource.com/14832 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-09-27Remove FX_STRSIZE and replace with size_tRyan Harrison
BUG=pdfium:828 Change-Id: I5c40237433ebabaeabdb43aec9cdf783e41dfe16 Reviewed-on: https://pdfium-review.googlesource.com/13230 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-09-22Fix crash when rendering invalid GIFRyan Harrison
The core fix in this CL is a change to how LWZ decompression works, so that when the min code table size and the color palette size are different, color codes after the end of the defined color palette are considered errors. This CL also introduces a bunch of tweaks to the call return path, since there were multiple locations where the GIF decode failing status was being dropped on the floor, so the end widget would have a bitmap with the default colour in it, instead of nothing. BUG=chromium:616671 Change-Id: Id6f40d552dc24650c91e9903f710ff2fa63bc774 Reviewed-on: https://pdfium-review.googlesource.com/14630 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-09-21Rename CFX_RetainPtr to RetainPtrDan Sinclair
This CL renames CFX_RetainPtr to RetainPtr and places in the fxcrt namespace. Bug: pdfium:898 Change-Id: I8798a9f79cb0840d3f037e8d04937cedd742914e Reviewed-on: https://pdfium-review.googlesource.com/14616 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-20Isolate lcms2 usage to a few files.Lei Zhang
Then set up the right dependencies for them. BUG=chromium:765914 Change-Id: I036cd888c741927d5efe0d020c6676f169e7cbb1 Reviewed-on: https://pdfium-review.googlesource.com/14410 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-09-19Remove unneeded core/fxcodec/fx_codec.h includes.chromium/3220Lei Zhang
Change-Id: I703321108712e8c4a11a8343ecf8b1a8804c1d1a Reviewed-on: https://pdfium-review.googlesource.com/14352 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-09-18Convert string class namesRyan Harrison
Automated using git grep & sed. Replace StringC classes with StringView classes. Remove the CFX_ prefix and put string classes in fxcrt namespace. Change AsStringC() to AsStringView(). Rename tests from TEST(fxcrt, *String*Foo) to TEST(*String*, Foo). Couple of tests needed to have their names regularlized. BUG=pdfium:894 Change-Id: I7ca038685c8d803795f3ed02545124f7a224c83d Reviewed-on: https://pdfium-review.googlesource.com/14151 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-09-05Remove isDevice parameter from barcode Render().Henrique Nakashima
isDevice is currently false in tests and fuzzers and true in real usage. This CL changes it all to true. Change-Id: Idea14795d7f0bb70031e04e5c58e248de72fd39e Reviewed-on: https://pdfium-review.googlesource.com/13130 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-31Remove fx_basic.hDan Sinclair
This CL removes the fx_basic.h header and fixes up includes as needed. Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040 Reviewed-on: https://pdfium-review.googlesource.com/12670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Move CFX_WideTextBuf out of fx_basicDan Sinclair
This CL moves CFX_WideTextBuf to its own files and updates includes as needed. Change-Id: Ibe66ecf3e66f8f01dd8e9eaf6b467588be86ad4f Reviewed-on: https://pdfium-review.googlesource.com/12413 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_BitStream to its own fileDan Sinclair
This CL moves the CFX_BitStream code out of fx_basic and into cfx_bitstream. Bug: pdfium:867 Change-Id: I5b7e6190a7db1fe1d24feb6bd676035a5c73ee92 Reviewed-on: https://pdfium-review.googlesource.com/12350 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-28Limit pdf_codec_jbig2_fuzzer memory usage.Lei Zhang
BUG=chromium:749610 Change-Id: Ia83558568293398c72b7215e9b3fe4e4df6f969a Reviewed-on: https://pdfium-review.googlesource.com/11931 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Limit pdf_jpx_fuzzer memory usage.Lei Zhang
BUG=chromium:738711 Change-Id: I4a308694c3e6fcd17431515b7897969d54486071 Reviewed-on: https://pdfium-review.googlesource.com/11870 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-24Fix some nits in XFACodecFuzzer.chromium/3196Lei Zhang
Change-Id: Ia9738e14d90a813b6ec7abd72843248fd3a3bff0 Reviewed-on: https://pdfium-review.googlesource.com/11910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-08Move CSS code to coreDan Sinclair
The xfa/fde/css code has no other links into xfa/. This CL moves the css code to core/fxcrt/css and sets to only build when pdf_enable_xfa is enabled. Change-Id: Iefd208e1f83a28b80b567c574e841e87bce310be Reviewed-on: https://pdfium-review.googlesource.com/9251 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-12Cleanup ICC code part 1Nicolas Pena
This CL switches void* to CLcmsCmm*, simplifies the ownership and destruction of CLcmsCmm, and reduces unnecessary function calling in fx_codec_icc.cpp. Change-Id: Ifdbf59dcdaede497d1684b161dd066726cf08ee3 Reviewed-on: https://pdfium-review.googlesource.com/7590 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-30Split CFDE_CSSTextBuf in two.Lei Zhang
For the external buffer use case, use a CFDE_CSSExtTextBuf instead. With the split, both text buffer implementations are simpler now. As a result, it becomes obvious where it never fails. Adjust callers accordingly. Change-Id: I7b53d36593172487b8c939e6a55af2437ea4ee5a Reviewed-on: https://pdfium-review.googlesource.com/6932 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-05-26Use proper file names in core/fpdfapi/fontNicolas Pena
This CL splits up font_int.h into files by classes. It also renames the unittests to match the class being tested. Finally, it renames the ttgsubtable files to match the class name. Change-Id: I6187caa9e82d12b9a66e955113fe327d52042ae0 Reviewed-on: https://pdfium-review.googlesource.com/6090 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-17Add font loading fuzzerNicolas Pena
Bug: pdfium:667 Change-Id: Ibef9a2131b97da1a1e6b9469d389aa5fb914c797 Reviewed-on: https://pdfium-review.googlesource.com/5631 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-17Adding CXFA_Parse unittestsDan Sinclair
This CL adds the beginning of unittests for the CXFA_Parse code. Change-Id: I06e556f1a35405bc683c536d390071917ee330a6 Reviewed-on: https://pdfium-review.googlesource.com/5556 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-17Rename formcalc files to better match contentsDan Sinclair
Most files match the contents. The expression files are named to match their base type even though they contain all the expression subclasses. Change-Id: I3b7705c7b206a9fa1afae8b677f765e8b788e84d Reviewed-on: https://pdfium-review.googlesource.com/5492 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-16Update formcalc return typesDan Sinclair
Update return types to be bools instead of ints. Make some methods private. Change-Id: I5d55c48a861f90e9bd116ef835c11cdb515002a6 Reviewed-on: https://pdfium-review.googlesource.com/5553 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-04Cleanup more null IFX_Pause parametersDan Sinclair
This Cl cleans up more IFX_Pause parameters which are always null. Change-Id: Ia48600f06216db64a2db8e6e97222a91bd4ba149 Reviewed-on: https://pdfium-review.googlesource.com/4890 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-03Actually build fuzzers with the pdfium_all target.chromium/3089Lei Zhang
Change-Id: Icc6b62f92d1a82ec60d1dd463d93376088017827 Reviewed-on: https://pdfium-review.googlesource.com/4792 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-04-27Add barcode test skeletonTom Sepez
Individual tests need some more fleshing out. Fix spelling of "Destroy" while we're at it. Bug: pdfium:699 Change-Id: I05f1da8654bfdf92cb264adae16e1b3209587a31 Reviewed-on: https://pdfium-review.googlesource.com/4550 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-20Convert IFX_MemoryStream to CFX_MemoryStreamDan Sinclair
The CFX_MemoryStream is the only implementation of IFX_MemoryStream. This CL removes the interfaces and uses CFX_MemoryStream directly. Change-Id: I2f43fa39e82dafa7673517d214ae15fd2d0df331 Reviewed-on: https://pdfium-review.googlesource.com/4391 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-19Move fde XML parser to coreDan Sinclair
This CL moves the XML parser from FDE into FXCRT and renames to CFX_ from CFDE_. Change-Id: I21a9590bf74daf5517df630d7e7a5de89da99ea4 Reviewed-on: https://pdfium-review.googlesource.com/4312 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-19Move CFGAS_Stream to CFX_SeekableStreamProxyDan Sinclair
This CL moves the FGAS stream code into core/fxcrt and renames to CFX_SeekableStreamProxy. Change-Id: I6641fe0cca45a128ef3ec281b0b40f8d60296387 Reviewed-on: https://pdfium-review.googlesource.com/4311 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-18Rename IFGAS_Stream to CFGAS_StreamDan Sinclair
This CL replaces IFGAS_Stream with the only implementation CFGAS_Stream. The CreateReadStream and CreateWriteStream methods are removed in favour of calling MakeRetain directly. Change-Id: I882a89258f642e24fc3d631587db05652bd53ded Reviewed-on: https://pdfium-review.googlesource.com/4210 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-04-18Remove IFGAS_Stream::CreateWideStringReadStreamDan Sinclair
This Cl removes the wide string read stream and passes through a memory stream as needed. The callers were updated to pass the correct types. Change-Id: I8e2660859a85e38ed1c3f4c596ef7c8242762084 Reviewed-on: https://pdfium-review.googlesource.com/4172 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-04-12Fold CXFA_WideTextRead into IFGAS_StreamDan Sinclair
This Cl moves CXFA_WideTextRead to be in the anonymous namespace of IFGAS_Stream and adds a IFGAS_Stream::CreateWideStringReadStream() method. This is done so we have all the implementations of IFGAS_Stream centralized. Change-Id: I9fbbf0a493fc2dd05fcd544e344268214a75d8a1 Reviewed-on: https://pdfium-review.googlesource.com/4052 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-04-12Remove MakeSeekableReadStreamDan Sinclair
This Cl removes the MakeSeekableReadStream call and, at the one place it's used, creates an IFX_MemoryStream which is a seekable read stream. Change-Id: I6b0b23636eff47f8caca5432313ba99703e21e4d Reviewed-on: https://pdfium-review.googlesource.com/4037 Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-04-04RefCount CPDF_StreamAcc all the time.Tom Sepez
Pass stream argument to constructor; it feels like a stream accessor should always be made from a stream rather than passing one in after the fact. Change-Id: Iaa46cb37677b81f0170f5d39bab76ad38ea4af44 Reviewed-on: https://pdfium-review.googlesource.com/3620 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-04-04Finish splitting up fx_dib.hNicolas Pena
After this CL, fx_dib.h only has some definitions used in multiple places. Definitions that were of restricted usage were moved out to the corresponding place. Includes in fx_dib were reduced, thus revealing other needed includes. Change-Id: I3607da0af81c491256d64c0aa085225631efbdcc Reviewed-on: https://pdfium-review.googlesource.com/3594 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-04-03Split the FDE XML file into indiviual class files.Dan Sinclair
This Cl splits the fde_xml_int file apart into individual class files. Includes are fixed as needed. fde_xml.h is also removed and the needed defines moved to more appropiate places. Change-Id: I29774dabc4d0fb2d5092fcbbe7853f03401b6ec7 Reviewed-on: https://pdfium-review.googlesource.com/3616 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-03-30Move CXFA_XMLParser to CFDE_XMLParserDan Sinclair
There is nothing XFA specific in the CXFA_XMLParser. This Cl moves it to the CFDE_XMLParser and co-locates with the other XML code. Change-Id: I86c12da3f6f5732be54b8019562978f88234e2fc Reviewed-on: https://pdfium-review.googlesource.com/3432 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-03-30Add some calls to MakeUniqueDan Sinclair
This CL replaces some new's with pdfium::MakeUnique. Change-Id: I50faf3ed55e7730b094c14a7989a9dd51cf33cbb Reviewed-on: https://pdfium-review.googlesource.com/3430 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>