summaryrefslogtreecommitdiff
path: root/testing/libfuzzer
AgeCommit message (Collapse)Author
2018-04-16Use CFX_XML instead of CXML in CPDF_Metadatadan sinclair
This CL converts CPDF_Metadata to use the CFX_XML classes instead of CXML classes. This also moves the CFX_XML classes from being XFA only to being used everywhere. Change-Id: Idb784f8aaa0bc843d8a3415ba5262ccf4949308a Reviewed-on: https://pdfium-review.googlesource.com/30650 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-12Remove CFX_XMLDoc and call the parser directlyDan Sinclair
This CL removes the CFX_XMLDoc and calls the CFX_XMLParser directly from CXFA_DocumentParser. Change-Id: I4d715cca90cd15b5e1d79827e0bb2781e873e371 Reviewed-on: https://pdfium-review.googlesource.com/30251 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-12Allow retrieving the XML tree from the CFX_XMLDocDan Sinclair
This CL allows the CXFA_SimpleParser to retrieve the XML tree from the CFX_XMLDoc. This way, we don't have to keep the doc around and can store the pointer to the tree in the CXFA_SimpleParser. Change-Id: I5b478acbe61e6f1ca5fa04d03133a2b327a0cb1c Reviewed-on: https://pdfium-review.googlesource.com/30210 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-12Cleanup some CFX_XMLParser codeDan Sinclair
This CL cleans up minor nits in the CFX_XMLParser code. Change-Id: Ie19d12d3dcce16c9ce6088160ecdec3d9855c11f Reviewed-on: https://pdfium-review.googlesource.com/30170 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-12[xfa] Remove form checksum abilitiesDan Sinclair
This CL removes the code for verifying and creating checksums associated with form elements in XFA documents. This was the only code requiring the SAXReader which has also been removed. According to the XFA spec and application can decide which parts of the signatures are supported. This feature is being removed until we determine if/when it is needed. Bug: pdfium:1063 Change-Id: Iec2261282340f8fc72a1225d2e0d3e6ddf05edcb Reviewed-on: https://pdfium-review.googlesource.com/30150 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-09Use pdfium::span<> in CFX_BitStream, CPDF_SimpleParser.Tom Sepez
Get bounds checks in parsers automatically when using spans. Change-Id: I71fbe7b838435d455376db2f89817d807a9cdcfd Reviewed-on: https://pdfium-review.googlesource.com/29830 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-04-09Move the CFX_XMLParser out of CXFA_SimpleParserDan Sinclair
This CL removes the CFX_XMLParser from CXFA_SimpleParser and constructs it in the CFX_XMLDoc. Change-Id: Id69b396f091892170a4c4654ac1d0fd65d1efbb6 Reviewed-on: https://pdfium-review.googlesource.com/29970 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2018-04-06Add span.h from chromium base.chromium/3392Tom Sepez
Allows indexing with better bounds-checking to occur. Some small modifications are required to deal with PDFium being intentionally held at C++11 compliance, not C++14. Use in one place as check on correctness. Change-Id: Id2875cf0a93980112bc536a93c4f9ec5306c0dac Reviewed-on: https://pdfium-review.googlesource.com/29671 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2018-03-28Use ByteStringView in parsersDan Sinclair
This CL converts the CPDF_SimpleParser to accept a ByteStringView. Several of the callers of SimpleParser are also updated to use a ByteStringView instead of <char*,size>. Change-Id: Ic2df3a06f92e77b53745a0419b44368142f9d8e6 Reviewed-on: https://pdfium-review.googlesource.com/29351 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2018-03-21Rename "des_foo" to "dest_foo".Lei Zhang
Destination variables usually have "dest" or "dst" as the prefix. Change-Id: If5bb01a5eafe1e4b42d1a6d653abb1b444b1b2fa Reviewed-on: https://pdfium-review.googlesource.com/28970 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2018-02-13Cleanup CFX_XMLNode pointersDan Sinclair
This CL cleans up hte CFX_XMLNode pointers. Each pointer has been renamed to make the usage clearer, the NodeItems method has been removed in favour of distinct accessors and the node pointers have been made private. Change-Id: I5459a77a0ae93b08741a0cd59266ef9c81ddad75 Reviewed-on: https://pdfium-review.googlesource.com/26550 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2018-01-26Clean up construction of CFX_BarcodeRyan Harrison
Because certain enum values can cause the initialization of the class to fail there is a seperate init method from the constructor. This CL is converting the code to use a standard factory pattern for this, instead of the existing implementation. Change-Id: Ia2293ce94ad0db5862db9796aeb8a224fd2b45f9 Reviewed-on: https://pdfium-review.googlesource.com/24230 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-12-14Reduce XFA image fuzzer size limit to 64MBRyan Harrison
BUG=chromium:794351 Change-Id: Ieb876560674dfa0728d66f2ad3411f3f569d0ffa Reviewed-on: https://pdfium-review.googlesource.com/21290 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-12-11Remove default arguments to CPDF_StreamAcc::LoadAllData().Lei Zhang
Add LoadAllDataFiltered() and LoadAllDataRaw() and update callers. Change-Id: I9b80ee34a358db204968acdc8b1adc9db0b6b83f Reviewed-on: https://pdfium-review.googlesource.com/20810 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-11-30Reduce memory limit of PDF XFA fuzzersNicolas Pena
CFX_DIBitmap::Create does an allocation of size roughly 4*width*height even in xfa_codec_fuzzer.h. This CL fixes the memory limit accordingly. Bug: 789359 Change-Id: Ib5cbd08510ecacb2fbd22cb23394d24a86110bc5 Reviewed-on: https://pdfium-review.googlesource.com/19890 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña Moreno <npm@chromium.org>
2017-11-28Fix PDF fuzzers memory limitNicolas Pena
This CL reduces the memory limit in pdf_codec_jbig2_fuzzer. Note that MSAN requires the limit to be lower than the actual bot usage limit. In the testcase, we get OOM just after CFX_DIBitmap::Create. It also increases the limit in xfa_codec_fuzzer.h Bug: 784155 Change-Id: I6fc8d9533ca7dc2b19bf84b9eac23284e05b1e6d Reviewed-on: https://pdfium-review.googlesource.com/19571 Commit-Queue: Nicolás Peña Moreno <npm@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-11-27Convert CFX_GifContext::GetFrameNum to size_tDan Sinclair
This CL removes the CollectionSize and updates call locations as needed. Bug: pdfium:774 Change-Id: I813c500b3a17a194407ceb1304252b9b16fe1779 Reviewed-on: https://pdfium-review.googlesource.com/19590 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
2017-11-08Make most CPDF_LinearizedHeader members const.chromium/3263Lei Zhang
Change-Id: I82907ad725861b9ccd6299f5dfe20ddb9d238178 Reviewed-on: https://pdfium-review.googlesource.com/17796 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-11-01Move some XFA JS code into fxjs/Dan Sinclair
This CL renames cxfa_scriptcontext to cfxjse_engine and cxfa_fm2jscontext to cfxjse_formcalc_context. From reading the code, the script context appears to handle the v8 setup and object code. The formcalc context code is related to handling the JS code generated from the transpiler. I, think, these new names make the intended usage clearer. They also move the code into fxjs/ to keep along side the rest of the JS code. Change-Id: I50619fbe48ca1f553a44cf0e0cb0210be8e45e4f Reviewed-on: https://pdfium-review.googlesource.com/17130 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-10-31Fix FPE in XFACodecFuzzerchromium/3255Ryan Harrison
This is a div by 0 issue BUG=chromium:779890 Change-Id: I91ca2969ffe52fb486b1fab32abc8609cd6567a2 Reviewed-on: https://pdfium-review.googlesource.com/17250 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-10-30Fix overflow in image size checkRyan Harrison
BUG=chromium:779342 Change-Id: I2a087a08fe87594eb73d9d955955be0e66e5cdc2 Reviewed-on: https://pdfium-review.googlesource.com/17030 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-27Limit the size of images being fuzzed in XFACodecFuzzersRyan Harrison
This limits the size detected in the header to 1,000,000 pixels, which will support 1000 x 1000 images. This is being done to remove non-useful OOM reports for very large images and improve fuzzing efficiency, since larger images are unlikely to cover new logic. BUG=pdfium:925 Change-Id: I4a7fa7cf02cbb469048b752d45bc9f64a1b60a98 Reviewed-on: https://pdfium-review.googlesource.com/17010 Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-10-19Implement fuzzer for FormCalc parsingRyan Harrison
This adds a fuzzer that tests the FormCalc parsing code independent of parsing an entire XFA file or performing translation to JS. BUG=pdfium:920 Change-Id: I3d2c336d9cb6f4ebf114ded5f57a44a8342c4228 Reviewed-on: https://pdfium-review.googlesource.com/16391 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-10-19Implement fuzzer for LZW decompressorRyan Harrison
This adds a fuzzer that tests the LZW decompression code used by our GIF decoder. BUG=pdfium:908 Change-Id: I1381f3ebb2eddf8d2c6f0394b1bb00f67d64a600 Reviewed-on: https://pdfium-review.googlesource.com/16310 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-09-29Extract test subclasses of IFX_SeekableReadStreamRyan Harrison
There are multiple instances of subclasses that either act as an invalid stream or one backed by a memory buffer. Merging all of these into two shared stream classes and removing the others. BUG=pdfium:911 Change-Id: I264602808c6dc0e5c878da462a5e00883fe43e51 Reviewed-on: https://pdfium-review.googlesource.com/15093 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-09-27Replace FX_SAFE_STRSIZE with FX_SAFE_SIZE_TRyan Harrison
BUG=pdfium:828 Change-Id: If9560338c456b28f968e743a90a3629791d87df0 Reviewed-on: https://pdfium-review.googlesource.com/14832 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-09-27Remove FX_STRSIZE and replace with size_tRyan Harrison
BUG=pdfium:828 Change-Id: I5c40237433ebabaeabdb43aec9cdf783e41dfe16 Reviewed-on: https://pdfium-review.googlesource.com/13230 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-09-22Fix crash when rendering invalid GIFRyan Harrison
The core fix in this CL is a change to how LWZ decompression works, so that when the min code table size and the color palette size are different, color codes after the end of the defined color palette are considered errors. This CL also introduces a bunch of tweaks to the call return path, since there were multiple locations where the GIF decode failing status was being dropped on the floor, so the end widget would have a bitmap with the default colour in it, instead of nothing. BUG=chromium:616671 Change-Id: Id6f40d552dc24650c91e9903f710ff2fa63bc774 Reviewed-on: https://pdfium-review.googlesource.com/14630 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-09-21Rename CFX_RetainPtr to RetainPtrDan Sinclair
This CL renames CFX_RetainPtr to RetainPtr and places in the fxcrt namespace. Bug: pdfium:898 Change-Id: I8798a9f79cb0840d3f037e8d04937cedd742914e Reviewed-on: https://pdfium-review.googlesource.com/14616 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-09-20Isolate lcms2 usage to a few files.Lei Zhang
Then set up the right dependencies for them. BUG=chromium:765914 Change-Id: I036cd888c741927d5efe0d020c6676f169e7cbb1 Reviewed-on: https://pdfium-review.googlesource.com/14410 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-09-19Remove unneeded core/fxcodec/fx_codec.h includes.chromium/3220Lei Zhang
Change-Id: I703321108712e8c4a11a8343ecf8b1a8804c1d1a Reviewed-on: https://pdfium-review.googlesource.com/14352 Reviewed-by: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-09-18Convert string class namesRyan Harrison
Automated using git grep & sed. Replace StringC classes with StringView classes. Remove the CFX_ prefix and put string classes in fxcrt namespace. Change AsStringC() to AsStringView(). Rename tests from TEST(fxcrt, *String*Foo) to TEST(*String*, Foo). Couple of tests needed to have their names regularlized. BUG=pdfium:894 Change-Id: I7ca038685c8d803795f3ed02545124f7a224c83d Reviewed-on: https://pdfium-review.googlesource.com/14151 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
2017-09-05Remove isDevice parameter from barcode Render().Henrique Nakashima
isDevice is currently false in tests and fuzzers and true in real usage. This CL changes it all to true. Change-Id: Idea14795d7f0bb70031e04e5c58e248de72fd39e Reviewed-on: https://pdfium-review.googlesource.com/13130 Commit-Queue: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-31Remove fx_basic.hDan Sinclair
This CL removes the fx_basic.h header and fixes up includes as needed. Change-Id: I49af32a8327bdbcda40c50a61ffbd75d06609040 Reviewed-on: https://pdfium-review.googlesource.com/12670 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-30Move CFX_WideTextBuf out of fx_basicDan Sinclair
This CL moves CFX_WideTextBuf to its own files and updates includes as needed. Change-Id: Ibe66ecf3e66f8f01dd8e9eaf6b467588be86ad4f Reviewed-on: https://pdfium-review.googlesource.com/12413 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-08-30Move CFX_BitStream to its own fileDan Sinclair
This CL moves the CFX_BitStream code out of fx_basic and into cfx_bitstream. Bug: pdfium:867 Change-Id: I5b7e6190a7db1fe1d24feb6bd676035a5c73ee92 Reviewed-on: https://pdfium-review.googlesource.com/12350 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-08-28Limit pdf_codec_jbig2_fuzzer memory usage.Lei Zhang
BUG=chromium:749610 Change-Id: Ia83558568293398c72b7215e9b3fe4e4df6f969a Reviewed-on: https://pdfium-review.googlesource.com/11931 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-28Limit pdf_jpx_fuzzer memory usage.Lei Zhang
BUG=chromium:738711 Change-Id: I4a308694c3e6fcd17431515b7897969d54486071 Reviewed-on: https://pdfium-review.googlesource.com/11870 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-24Fix some nits in XFACodecFuzzer.chromium/3196Lei Zhang
Change-Id: Ia9738e14d90a813b6ec7abd72843248fd3a3bff0 Reviewed-on: https://pdfium-review.googlesource.com/11910 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
2017-08-08Move CSS code to coreDan Sinclair
The xfa/fde/css code has no other links into xfa/. This CL moves the css code to core/fxcrt/css and sets to only build when pdf_enable_xfa is enabled. Change-Id: Iefd208e1f83a28b80b567c574e841e87bce310be Reviewed-on: https://pdfium-review.googlesource.com/9251 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-07-12Cleanup ICC code part 1Nicolas Pena
This CL switches void* to CLcmsCmm*, simplifies the ownership and destruction of CLcmsCmm, and reduces unnecessary function calling in fx_codec_icc.cpp. Change-Id: Ifdbf59dcdaede497d1684b161dd066726cf08ee3 Reviewed-on: https://pdfium-review.googlesource.com/7590 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-06-30Split CFDE_CSSTextBuf in two.Lei Zhang
For the external buffer use case, use a CFDE_CSSExtTextBuf instead. With the split, both text buffer implementations are simpler now. As a result, it becomes obvious where it never fails. Adjust callers accordingly. Change-Id: I7b53d36593172487b8c939e6a55af2437ea4ee5a Reviewed-on: https://pdfium-review.googlesource.com/6932 Commit-Queue: Lei Zhang <thestig@chromium.org> Reviewed-by: Henrique Nakashima <hnakashima@chromium.org>
2017-05-26Use proper file names in core/fpdfapi/fontNicolas Pena
This CL splits up font_int.h into files by classes. It also renames the unittests to match the class being tested. Finally, it renames the ttgsubtable files to match the class name. Change-Id: I6187caa9e82d12b9a66e955113fe327d52042ae0 Reviewed-on: https://pdfium-review.googlesource.com/6090 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
2017-05-17Add font loading fuzzerNicolas Pena
Bug: pdfium:667 Change-Id: Ibef9a2131b97da1a1e6b9469d389aa5fb914c797 Reviewed-on: https://pdfium-review.googlesource.com/5631 Commit-Queue: Nicolás Peña <npm@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>
2017-05-17Adding CXFA_Parse unittestsDan Sinclair
This CL adds the beginning of unittests for the CXFA_Parse code. Change-Id: I06e556f1a35405bc683c536d390071917ee330a6 Reviewed-on: https://pdfium-review.googlesource.com/5556 Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: dsinclair <dsinclair@chromium.org>
2017-05-17Rename formcalc files to better match contentsDan Sinclair
Most files match the contents. The expression files are named to match their base type even though they contain all the expression subclasses. Change-Id: I3b7705c7b206a9fa1afae8b677f765e8b788e84d Reviewed-on: https://pdfium-review.googlesource.com/5492 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
2017-05-16Update formcalc return typesDan Sinclair
Update return types to be bools instead of ints. Make some methods private. Change-Id: I5d55c48a861f90e9bd116ef835c11cdb515002a6 Reviewed-on: https://pdfium-review.googlesource.com/5553 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-04Cleanup more null IFX_Pause parametersDan Sinclair
This Cl cleans up more IFX_Pause parameters which are always null. Change-Id: Ia48600f06216db64a2db8e6e97222a91bd4ba149 Reviewed-on: https://pdfium-review.googlesource.com/4890 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org>
2017-05-03Actually build fuzzers with the pdfium_all target.chromium/3089Lei Zhang
Change-Id: Icc6b62f92d1a82ec60d1dd463d93376088017827 Reviewed-on: https://pdfium-review.googlesource.com/4792 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
2017-04-27Add barcode test skeletonTom Sepez
Individual tests need some more fleshing out. Fix spelling of "Destroy" while we're at it. Bug: pdfium:699 Change-Id: I05f1da8654bfdf92cb264adae16e1b3209587a31 Reviewed-on: https://pdfium-review.googlesource.com/4550 Commit-Queue: Tom Sepez <tsepez@chromium.org> Reviewed-by: Lei Zhang <thestig@chromium.org>