From 756d37943415ca15d491b79ba78012225a06db76 Mon Sep 17 00:00:00 2001 From: dsinclair Date: Tue, 14 Jun 2016 07:34:20 -0700 Subject: Add fuzzer for FDE CSS syntax parser. This CL adds a fuzzer for the CSS Syntax parser in XFA. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2068513002 --- testing/DEPS | 2 ++ testing/libfuzzer/BUILD.gn | 16 ++++++++++++++++ testing/libfuzzer/fuzzers.gyp | 13 +++++++++++++ testing/libfuzzer/pdf_css_fuzzer.cc | 31 +++++++++++++++++++++++++++++++ xfa/fxfa/parser/xfa_basic_imp.cpp | 7 ++++--- 5 files changed, 66 insertions(+), 3 deletions(-) create mode 100644 testing/libfuzzer/pdf_css_fuzzer.cc diff --git a/testing/DEPS b/testing/DEPS index 2e7767721a..44e064607f 100644 --- a/testing/DEPS +++ b/testing/DEPS @@ -6,6 +6,8 @@ include_rules = [ '+fpdfsdk/jsapi/include', '+public', '+v8', + '+xfa/fde', + '+xfa/fgas', '+xfa/fxfa/parser', '+xfa/fxfa/fm2js', ] diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index 5382313e01..3659c36225 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -5,6 +5,8 @@ import("../../pdfium.gni") config("libfuzzer_config") { + configs = [ "//third_party/pdfium:pdfium_core_config" ] + defines = [ "PNG_PREFIX", "PNG_USE_READ_MACROS", @@ -122,6 +124,20 @@ if (pdf_enable_xfa) { ":libfuzzer_config", ] } + source_set("pdf_css_fuzzer") { + testonly = true + sources = [ + "pdf_css_fuzzer.cc", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } } source_set("pdf_jpx_fuzzer") { diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index 3f1d8123b6..5f2a4d1bd9 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -15,6 +15,8 @@ 'include_dirs': [ # This is implicit in GN. '<(DEPTH)', + '../../third_party/freetype/include', + '../../third_party/freetype/include/freetype', ], 'conditions': [ ['pdf_enable_v8==1', { @@ -119,6 +121,17 @@ 'xfa_codec_fuzzer.h', ], }, + { + 'target_name': 'pdf_css_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_css_fuzzer.cc', + 'unittest_main.cc', + ], + }, ], }], ['OS=="linux"', { diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_css_fuzzer.cc new file mode 100644 index 0000000000..da8b1f53f6 --- /dev/null +++ b/testing/libfuzzer/pdf_css_fuzzer.cc @@ -0,0 +1,31 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include + +#include "core/fxcrt/include/fx_string.h" +#include "xfa/fde/css/fde_css.h" +#include "xfa/fde/css/fde_csssyntax.h" +#include "xfa/fgas/crt/fgas_stream.h" +#include "xfa/fxfa/parser/xfa_utils.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + CFDE_CSSSyntaxParser parser; + + CFX_WideString input = CFX_WideString::FromUTF8( + CFX_ByteStringC(data, static_cast(size))); + std::unique_ptr> stream( + XFA_CreateWideTextRead(input)); + if (!stream) + return 0; + + parser.Init(stream.get(), 1024); + + FDE_CSSSYNTAXSTATUS status = parser.DoSyntaxParse(); + while (status != FDE_CSSSYNTAXSTATUS_Error && + status != FDE_CSSSYNTAXSTATUS_EOS) + status = parser.DoSyntaxParse(); + + return 0; +} diff --git a/xfa/fxfa/parser/xfa_basic_imp.cpp b/xfa/fxfa/parser/xfa_basic_imp.cpp index 86a96bbd63..f7c2606501 100644 --- a/xfa/fxfa/parser/xfa_basic_imp.cpp +++ b/xfa/fxfa/parser/xfa_basic_imp.cpp @@ -557,9 +557,10 @@ int32_t CXFA_WideTextRead::ReadString(FX_WCHAR* pStr, int32_t iMaxLength, FX_BOOL& bEOS, int32_t const* pByteSize) { - if (iMaxLength > m_wsBuffer.GetLength() - m_iPosition) { - iMaxLength = m_wsBuffer.GetLength() - m_iPosition; - } + iMaxLength = std::min(iMaxLength, m_wsBuffer.GetLength() - m_iPosition); + if (iMaxLength == 0) + return 0; + FXSYS_wcsncpy(pStr, m_wsBuffer.c_str() + m_iPosition, iMaxLength); m_iPosition += iMaxLength; bEOS = IsEOF(); -- cgit v1.2.3