From 82e24b1c5047076b982c073671315071760b9880 Mon Sep 17 00:00:00 2001 From: dsinclair Date: Mon, 13 Jun 2016 13:46:49 -0700 Subject: Optionally skip image type detection in progressive decoder. The progressive decoder will attempt to verify that the provided image type matches the actual image content. We need to disable this check when running the fuzzer in order to target the fuzzing to specific decoders otherwise each fuzzer will end up fuzzing all of the decoders. BUG=chromium:587126 Review-Url: https://codereview.chromium.org/2061733002 --- core/fxcodec/codec/fx_codec_progress.cpp | 7 ++++--- core/fxcodec/codec/include/ccodec_progressivedecoder.h | 3 ++- testing/libfuzzer/xfa_codec_fuzzer.h | 3 ++- xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp | 3 ++- xfa/fxfa/app/xfa_ffwidget.cpp | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/core/fxcodec/codec/fx_codec_progress.cpp b/core/fxcodec/codec/fx_codec_progress.cpp index bdb158f7ca..d63bdb895a 100644 --- a/core/fxcodec/codec/fx_codec_progress.cpp +++ b/core/fxcodec/codec/fx_codec_progress.cpp @@ -1286,7 +1286,8 @@ FX_BOOL CCodec_ProgressiveDecoder::DetectImageType( FXCODEC_STATUS CCodec_ProgressiveDecoder::LoadImageInfo( IFX_FileRead* pFile, FXCODEC_IMAGE_TYPE imageType, - CFX_DIBAttribute* pAttribute) { + CFX_DIBAttribute* pAttribute, + bool bSkipImageTypeCheck) { switch (m_status) { case FXCODEC_STATUS_FRAME_READY: case FXCODEC_STATUS_FRAME_TOBECONTINUE: @@ -1309,8 +1310,8 @@ FXCODEC_STATUS CCodec_ProgressiveDecoder::LoadImageInfo( m_startX = m_startY = 0; m_sizeX = m_sizeY = 0; m_SrcPassNumber = 0; - if (imageType != FXCODEC_IMAGE_UNKNOWN && - DetectImageType(imageType, pAttribute)) { + if (bSkipImageTypeCheck || (imageType != FXCODEC_IMAGE_UNKNOWN && + DetectImageType(imageType, pAttribute))) { m_imagType = imageType; m_status = FXCODEC_STATUS_FRAME_READY; return m_status; diff --git a/core/fxcodec/codec/include/ccodec_progressivedecoder.h b/core/fxcodec/codec/include/ccodec_progressivedecoder.h index 5774371ff1..5df2c4f733 100644 --- a/core/fxcodec/codec/include/ccodec_progressivedecoder.h +++ b/core/fxcodec/codec/include/ccodec_progressivedecoder.h @@ -47,7 +47,8 @@ class CCodec_ProgressiveDecoder { FXCODEC_STATUS LoadImageInfo(IFX_FileRead* pFile, FXCODEC_IMAGE_TYPE imageType, - CFX_DIBAttribute* pAttribute); + CFX_DIBAttribute* pAttribute, + bool bSkipImageTypeCheck); FXCODEC_IMAGE_TYPE GetType() const { return m_imagType; } int32_t GetWidth() const { return m_SrcWidth; } diff --git a/testing/libfuzzer/xfa_codec_fuzzer.h b/testing/libfuzzer/xfa_codec_fuzzer.h index f3a3517a12..38c4e0ac33 100644 --- a/testing/libfuzzer/xfa_codec_fuzzer.h +++ b/testing/libfuzzer/xfa_codec_fuzzer.h @@ -19,7 +19,8 @@ class XFACodecFuzzer { mgr->CreateProgressiveDecoder()); Reader source(data, size); - FXCODEC_STATUS status = decoder->LoadImageInfo(&source, type, nullptr); + FXCODEC_STATUS status = + decoder->LoadImageInfo(&source, type, nullptr, true); if (status != FXCODEC_STATUS_FRAME_READY) return 0; diff --git a/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp b/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp index 814f300b2d..f822349972 100644 --- a/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp +++ b/xfa/fxbarcode/BC_BufferedImageLuminanceSource.cpp @@ -38,7 +38,8 @@ static CFX_DIBitmap* CreateDIBSource(IFX_FileRead* fileread) { std::unique_ptr pImageCodec( pCodecMgr->CreateProgressiveDecoder()); FXCODEC_STATUS status = FXCODEC_STATUS_DECODE_FINISH; - status = pImageCodec->LoadImageInfo(fileread, FXCODEC_IMAGE_UNKNOWN, nullptr); + status = pImageCodec->LoadImageInfo(fileread, FXCODEC_IMAGE_UNKNOWN, nullptr, + false); if (status != FXCODEC_STATUS_FRAME_READY) return nullptr; diff --git a/xfa/fxfa/app/xfa_ffwidget.cpp b/xfa/fxfa/app/xfa_ffwidget.cpp index 8925cd35cf..fb9ab5f580 100644 --- a/xfa/fxfa/app/xfa_ffwidget.cpp +++ b/xfa/fxfa/app/xfa_ffwidget.cpp @@ -1069,7 +1069,7 @@ CFX_DIBitmap* XFA_LoadImageFromBuffer(IFX_FileRead* pImageFileRead, CFX_DIBitmap* pBitmap = NULL; CCodec_ProgressiveDecoder* pProgressiveDecoder = pCodecMgr->CreateProgressiveDecoder(); - pProgressiveDecoder->LoadImageInfo(pImageFileRead, type, &dibAttr); + pProgressiveDecoder->LoadImageInfo(pImageFileRead, type, &dibAttr, false); switch (dibAttr.m_wDPIUnit) { case FXCODEC_RESUNIT_CENTIMETER: dibAttr.m_nXDPI = (int32_t)(dibAttr.m_nXDPI * 2.54f); -- cgit v1.2.3