summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
AgeCommit message (Collapse)Author
2017-03-01Create virtual codec APIs so chrome/fuzzers can link separatelyTom Sepez
The one step to make an actual concrete class is conditionalized in fpdfview and is unconditional in the fuzzer. Also replace the clumsy C-style callbacks with a delegate interface as long as we are making new interfaces. Change-Id: I733a437483ce5e0c34211cfbbda05105336f55b5 Reviewed-on: https://pdfium-review.googlesource.com/2887 Commit-Queue: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-01-27Limit parsing recursion levels in CPDF_StreamParserNicolas Pena
We currently only limit the array recursion levels. This recursion level may also be reset when parsing. This is insufficient to protect against stack overflows. BUG=681920 Change-Id: I69bd0c912fb45c0e68b9b9fa961d43f0adc9bdd3 Reviewed-on: https://pdfium-review.googlesource.com/2434 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-01-26Fix CSS fuzzer input sizeDan Sinclair
Currently we use the size provided by clusterfuzz when initializing the css syntax parser. This maybe incorrect as the CFX_WideString may have a different count after converting to UTF. Use the wide string length instead of the provided size. We need to guard against strings that convert to blank when doing the wide conversion so add an early exit. BUG=682551 Change-Id: I3e014647fcf869681098a1b4446306b8b3eb9323 Reviewed-on: https://pdfium-review.googlesource.com/2391 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-19Split fde/css files into individual class files.Dan Sinclair
This CL splits the files in xfa/fde/css into class per file and renames any needed files to match the class names. Update some of the classes to use std::stack. Change-Id: I4eca0fb3556d949a15a873bb0f0fd732f47e4fb1 Reviewed-on: https://pdfium-review.googlesource.com/2253 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-01-18Remove unused syntax parser initialize method.Dan Sinclair
This Cl removes the stream initializer from the FDE CSS parser. The only consumer was the css fuzzer. The fuzzer has been moved to use the string initializer to match the rest of the code. Change-Id: I65445af1159058b7c71d5e1d7c12e60383da6dbd Reviewed-on: https://pdfium-review.googlesource.com/2217 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-01-12Add postscript pathrbpotter
This patch adds the additional functions required to make postscript printing functional. The most significant additions are are two added compression functions and a new API for setting the postscript level. Not currently called from Chromium, Chromium patch to come. BUG= Review-Url: https://codereview.chromium.org/2612243005
2017-01-11Convert FDE CSS enums to enum classes.Dan Sinclair
This CL updates the possible FDE CSS enums to enum classes and fixes up any instances of incorrect values being used. A few other cleanups and changes were needed to complete the conversion. Change-Id: Ibcca5229a9ca8de1f4beb6462535f61705fd4f8c Reviewed-on: https://pdfium-review.googlesource.com/2170 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2016-12-07Use unique_ptr for CXFA_XMLParser.tsepez
Also rename CFDE_XMLParser to IFDE_XMLParser since its an interface. Review-Url: https://codereview.chromium.org/2555373002
2016-12-07Refcount IFGAS_ streams all the time, tootsepez
IFGAS_Streams are not part of the IFX_Stream hierarchy, but can be made from such. Review-Url: https://codereview.chromium.org/2559763002
2016-12-07Refcount all the IFX_ stream classes all the time.tsepez
We can remove a lot of "bOwnsStream" logic in the process. Always pass these by const reference, in case the called method wants to hang on to the stream (one exception is where we stick a raw pointer into a void* slot in a context from another layer). Review-Url: https://codereview.chromium.org/2451493002
2016-12-02Rename IFX_Stream to IFGAS_Stream.tsepez
It's a separate hierarchy unrelated to the IFX_*Stream classes. Also rename CFX_Stream to CFGAS_Stream, and so forth. Review-Url: https://codereview.chromium.org/2535723010
2016-12-01Move Init to constructor in CXFA_FMProgramNicolas Pena
Change-Id: I6b2d1a5b06211b32f3053aad4d7ae7501ec8d8f6 Reviewed-on: https://pdfium-review.googlesource.com/2093 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2016-11-30Convert loose FX_Create* functions into static methodstsepez
Also remove a bool that is always false. Review-Url: https://codereview.chromium.org/2539203002
2016-11-22Continue splitting pageint.h into per-class filestsepez
Add cpdf_streamparser.h and cpdf_contentparser.h since there are already corresponding .cpp files with the same name. Review-Url: https://codereview.chromium.org/2521123003
2016-11-21Remove some WrapUnique() calls by returing unique_ptrstsepez
Return these from underlying methods as appropriate. Review-Url: https://codereview.chromium.org/2520133002
2016-11-21Check dimensions and content of bitmaps in EmbedderTests.chromium/2927thestig
Review-Url: https://codereview.chromium.org/2514173002
2016-11-18Make CPDF_Dictionary use unique pointers.chromium/2926tsepez
Some changes were required to match underlying ctors as invoked by the templated methods. Many release() calls go away, a few WrapUniques() are introduced to avoid going deeper into other code. Review-Url: https://codereview.chromium.org/2510223002
2016-11-16Make CPDF_Array take unique_ptrstsepez
BUG= Review-Url: https://codereview.chromium.org/2498223005
2016-11-08Compile fuzzer sources in standalone builds. (try 2)thestig
- Add a template for fuzzers to remove redundancy. - Sort fuzzers in alphabetical order. Previous attempt: https://codereview.chromium.org/2480043002/ Review-Url: https://codereview.chromium.org/2481933003
2016-11-07Fix #include after commit c09625ca.thestig
TBR=tsepez@chromium.org Review-Url: https://codereview.chromium.org/2477323004
2016-11-07Rename CPDF_Linearized to CPDF_LinearizedHeadertsepez
My OCD insists that classes be named after nouns, and "linearized" feels like an adjective. Remove a redundant "if" while at it. Review-Url: https://codereview.chromium.org/2482973002
2016-11-07Reland of Unify some codeart-snake
Unify some code Move parsing of linearized header into separate CPDF_Linearized class. Original review: https://codereview.chromium.org/2466023002/ Revert review: https://codereview.chromium.org/2474283005/ Revert reason was: Breaking the chrome roll. See https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/331856 ___ Added Fix for fuzzers. Review-Url: https://codereview.chromium.org/2477213003
2016-11-07Revert of Compile fuzzer sources in standalone builds. (patchset #3 id:40001 ↵npm
of https://codereview.chromium.org/2480043002/ ) Reason for revert: Breaking the tree: https://build.chromium.org/p/client.pdfium/builders/windows_xfa_32/builds/619/steps/compile%20with%20ninja/logs/stdio Original issue's description: > Compile fuzzer sources in standalone builds. > > - Add a template for fuzzers to remove redundancy. > - Sort fuzzers in alphabetical order. > > Committed: https://pdfium.googlesource.com/pdfium/+/470b5fa8f8dbfd2aa702d9d8cfdc03a7b486b374 TBR=dsinclair@chromium.org,thestig@chromium.org # Skipping CQ checks because original CL landed less than 1 days ago. NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true Review-Url: https://codereview.chromium.org/2480323002
2016-11-07Compile fuzzer sources in standalone builds.thestig
- Add a template for fuzzers to remove redundancy. - Sort fuzzers in alphabetical order. Review-Url: https://codereview.chromium.org/2480043002
2016-11-04Reland "Remove CPDF_Object::Release() in favor of direct delete"tsepez
This reverts commit f0d5b6c35fa343108a3ab7a25bc2cc2b3cf105b3. Review-Url: https://codereview.chromium.org/2478303002
2016-11-03Fix roll after TRUE conversiondsinclair
TBR=tsepez@chromium.org Review-Url: https://codereview.chromium.org/2471253004
2016-11-03Remove FX_BOOL entirely.tsepez
FX_BOOL was a type just like a regular C++ bool, except that it took 4x the space and frequently was used to hold values besides true or false. Review-Url: https://codereview.chromium.org/2471353002
2016-11-01libfuzzer: FALSE is not a pointertsepez
BUG=661291 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2469923002
2016-10-27Fix libfuzzer build broken at 9f7f7f8tsepez
BUG=660015 TBR=npm@chromium.org Review-Url: https://codereview.chromium.org/2452523005
2016-10-24Rename IFX_ stream nameschromium/2900tsepez
It's been troubling for some time that an IFX_FileStream might actually be an in-memory buffer with no backing file. Review-Url: https://codereview.chromium.org/2443723002
2016-10-04Fix fuzzer pathsdsinclair
Missed these again. Scripting fail. BUG=pdfium:603 Review-Url: https://codereview.chromium.org/2393433003
2016-10-04Make sure the fuzzer read size does not go negative.dsinclair
When fuzzing the image formats, its possible to get a read request which would go negative. Handle the request and return FALSE for the read. BUG=chromium:621836 Review-Url: https://codereview.chromium.org/2386343002
2016-09-30Fix #includes in libfuzzer so pdfium can be rollednpm
Note: pdfium bots don't seem to touch these files. Review-Url: https://codereview.chromium.org/2379973005
2016-09-29Move core/fxcrt/include to core/fxcrtdsinclair
BUG=pdfium:611 Review-Url: https://codereview.chromium.org/2382723003
2016-09-27Add fuzzer for jbig2 parsingkcwu
Review-Url: https://codereview.chromium.org/2370943004
2016-09-26Clean up fx_codec_fax.cpp.thestig
Review-Url: https://codereview.chromium.org/2357173005
2016-09-26Add fuzzer for cmap parsingchromium/2873kcwu
Review-Url: https://codereview.chromium.org/2365143002
2016-09-23Bail out on bad width and height in CCodec_FaxDecoder::CreateDecoderkcwu
BUG=648935,649436 Review-Url: https://codereview.chromium.org/2360283004
2016-09-22Add fuzzer for icc codeckcwu
Review-Url: https://codereview.chromium.org/2362623002
2016-09-19Add fuzzer for fax codeckcwu
Review-Url: https://codereview.chromium.org/2342203006
2016-08-26Remove most things GYP.thestig
BUG=pdfium:559 Review-Url: https://codereview.chromium.org/2286653002
2016-08-22Add fuzzer for CPDF_StreamParsertsepez
Review-Url: https://codereview.chromium.org/2262703003
2016-08-19Add a fuzzer for CPDF_HintTables.thestig
BUG=636559 Review-Url: https://codereview.chromium.org/2255083004
2016-08-18Add llvm fuzzer for CPDF_PSEnginetsepez
Put class definition into its own header file so fuzzer can find it. Fix a pair of div by 0s immediately hit by the fuzzer. Review-Url: https://codereview.chromium.org/2253193003
2016-07-21Move xfa_basic_imp to cxfa_widetextread.dsinclair
This Cl splits out the CXFA_WideTextRead class into it's own file. The helper methods have been moved into xfa_utils.cpp and their pre-declarations into xfa_utils.h. Review-Url: https://codereview.chromium.org/2165993002
2016-07-11Break xfa_parser_imp apartdsinclair
This CL splits the three parsers into individual files to make working with the code easier. Review-Url: https://codereview.chromium.org/2129963002
2016-07-11Remove IXFA_Parser, cleanup XFA parser code.dsinclair
The IXFA_Parser only created a CXFA_SimpleParser, the CXFA_DocumentParser is only created in one spot and doesn't need all the IXFA_Parser methods. This CL removes IXFA_Parser, instantiates the CXFA_SimpleParser where needed and cleans up surrounding code. Review-Url: https://codereview.chromium.org/2123133004
2016-06-16Add CFX_SAXReader fuzzerdsinclair
This CL adds a fuzzer for the CFX_SAXReader. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2070103002
2016-06-14Add fuzzer for FDE CSS syntax parser.dsinclair
This CL adds a fuzzer for the CSS Syntax parser in XFA. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2068513002
2016-06-13Optionally skip image type detection in progressive decoder.dsinclair
The progressive decoder will attempt to verify that the provided image type matches the actual image content. We need to disable this check when running the fuzzer in order to target the fuzzing to specific decoders otherwise each fuzzer will end up fuzzing all of the decoders. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2061733002