From 5377267504015d056bc0860ffadc23289b21039d Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Thu, 16 Jun 2016 07:40:47 -0700
Subject: Add CFX_SAXReader fuzzer

This CL adds a fuzzer for the CFX_SAXReader.

BUG=chromium:587126

Review-Url: https://codereview.chromium.org/2070103002
---
 testing/libfuzzer/BUILD.gn                    | 14 ++++++++++
 testing/libfuzzer/fuzzers.gyp                 | 11 ++++++++
 testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc | 37 +++++++++++++++++++++++++++
 3 files changed, 62 insertions(+)
 create mode 100644 testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index 3659c36225..1b7a7fb456 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -49,6 +49,20 @@ if (pdf_enable_xfa) {
       ":libfuzzer_config",
     ]
   }
+  source_set("pdf_cfx_saxreader_fuzzer") {
+    testonly = true
+    sources = [
+      "pdf_cfx_saxreader_fuzzer.cc",
+    ]
+    deps = [
+      "//third_party/pdfium:pdfium",
+    ]
+    configs -= [ "//build/config/compiler:chromium_code" ]
+    configs += [
+      "//build/config/compiler:no_chromium_code",
+      ":libfuzzer_config",
+    ]
+  }
   source_set("pdf_codec_png_fuzzer") {
     testonly = true
     sources = [
diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp
index 5f2a4d1bd9..30c8430ff9 100644
--- a/testing/libfuzzer/fuzzers.gyp
+++ b/testing/libfuzzer/fuzzers.gyp
@@ -61,6 +61,17 @@
             'unittest_main.cc',
           ],
         },
+        {
+          'target_name': 'pdf_cfx_saxreader_fuzzer',
+          'type': 'executable',
+          'dependencies': [
+            '../../pdfium.gyp:pdfium',
+          ],
+          'sources': [
+            'pdf_cfx_saxreader_fuzzer.cc',
+            'unittest_main.cc',
+          ],
+        },
         {
           'target_name': 'pdf_codec_png_fuzzer',
           'type': 'executable',
diff --git a/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc
new file mode 100644
index 0000000000..54cc410a36
--- /dev/null
+++ b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc
@@ -0,0 +1,37 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "xfa/fde/xml/cfx_saxreader.h"
+#include "xfa/fgas/crt/fgas_stream.h"
+#include "xfa/fxfa/parser/xfa_utils.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  CFX_WideString input = CFX_WideString::FromUTF8(
+      CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size)));
+  std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream(
+      XFA_CreateWideTextRead(input));
+  if (!stream)
+    return 0;
+
+  std::unique_ptr<IFX_FileRead, ReleaseDeleter<IFX_FileRead>> fileRead(
+      FX_CreateFileRead(stream.get(), false));
+  if (!fileRead)
+    return 0;
+
+  CFX_SAXReader reader;
+  if (reader.StartParse(fileRead.get(), 0, -1, CFX_SaxParseMode_NotSkipSpace) <
+      0) {
+    return 0;
+  }
+
+  while (1) {
+    int32_t ret = reader.ContinueParse(nullptr);
+    if (ret < 0 || ret > 99)
+      break;
+  }
+
+  return 0;
+}
-- 
cgit v1.2.3