From 5377267504015d056bc0860ffadc23289b21039d Mon Sep 17 00:00:00 2001 From: dsinclair Date: Thu, 16 Jun 2016 07:40:47 -0700 Subject: Add CFX_SAXReader fuzzer This CL adds a fuzzer for the CFX_SAXReader. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2070103002 --- testing/libfuzzer/BUILD.gn | 14 ++++++++++ testing/libfuzzer/fuzzers.gyp | 11 ++++++++ testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc | 37 +++++++++++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 3659c36225..1b7a7fb456 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -49,6 +49,20 @@ if (pdf_enable_xfa) { ":libfuzzer_config", ] } + source_set("pdf_cfx_saxreader_fuzzer") { + testonly = true + sources = [ + "pdf_cfx_saxreader_fuzzer.cc", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } source_set("pdf_codec_png_fuzzer") { testonly = true sources = [ diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index 5f2a4d1bd9..30c8430ff9 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -61,6 +61,17 @@ 'unittest_main.cc', ], }, + { + 'target_name': 'pdf_cfx_saxreader_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_cfx_saxreader_fuzzer.cc', + 'unittest_main.cc', + ], + }, { 'target_name': 'pdf_codec_png_fuzzer', 'type': 'executable', diff --git a/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc new file mode 100644 index 0000000000..54cc410a36 --- /dev/null +++ b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc @@ -0,0 +1,37 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include + +#include "xfa/fde/xml/cfx_saxreader.h" +#include "xfa/fgas/crt/fgas_stream.h" +#include "xfa/fxfa/parser/xfa_utils.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + CFX_WideString input = CFX_WideString::FromUTF8( + CFX_ByteStringC(data, static_cast(size))); + std::unique_ptr> stream( + XFA_CreateWideTextRead(input)); + if (!stream) + return 0; + + std::unique_ptr> fileRead( + FX_CreateFileRead(stream.get(), false)); + if (!fileRead) + return 0; + + CFX_SAXReader reader; + if (reader.StartParse(fileRead.get(), 0, -1, CFX_SaxParseMode_NotSkipSpace) < + 0) { + return 0; + } + + while (1) { + int32_t ret = reader.ContinueParse(nullptr); + if (ret < 0 || ret > 99) + break; + } + + return 0; +} -- cgit v1.2.3