From b1a7134afb4fe5d47ebbc4f728cf97eaa173e9d0 Mon Sep 17 00:00:00 2001
From: kcwu <kcwu@chromium.org>
Date: Mon, 19 Sep 2016 11:06:32 -0700
Subject: Add fuzzer for fax codec

Review-Url: https://codereview.chromium.org/2342203006
---
 testing/libfuzzer/BUILD.gn                | 15 +++++++++++
 testing/libfuzzer/pdf_codec_fax_fuzzer.cc | 42 +++++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)
 create mode 100644 testing/libfuzzer/pdf_codec_fax_fuzzer.cc

diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn
index 698953c7b4..6ffa6665e7 100644
--- a/testing/libfuzzer/BUILD.gn
+++ b/testing/libfuzzer/BUILD.gn
@@ -154,6 +154,21 @@ if (pdf_enable_xfa) {
   }
 }
 
+source_set("pdf_codec_fax_fuzzer") {
+  testonly = true
+  sources = [
+    "pdf_codec_fax_fuzzer.cc",
+  ]
+  deps = [
+    "//third_party/pdfium:pdfium",
+  ]
+  configs -= [ "//build/config/compiler:chromium_code" ]
+  configs += [
+    "//build/config/compiler:no_chromium_code",
+    ":libfuzzer_config",
+  ]
+}
+
 source_set("pdf_jpx_fuzzer") {
   testonly = true
   sources = [
diff --git a/testing/libfuzzer/pdf_codec_fax_fuzzer.cc b/testing/libfuzzer/pdf_codec_fax_fuzzer.cc
new file mode 100644
index 0000000000..1a04c31aa0
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_fax_fuzzer.cc
@@ -0,0 +1,42 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <cstdint>
+#include <memory>
+
+#include "core/fxcodec/codec/ccodec_faxmodule.h"
+#include "core/fxcodec/codec/ccodec_scanlinedecoder.h"
+
+static int GetInteger(const uint8_t* data) {
+  return data[0] | data[1] << 8 | data[2] << 16 | data[3] << 24;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  const int kParameterSize = 21;
+  if (size < kParameterSize)
+    return 0;
+
+  int width = GetInteger(data);
+  int height = GetInteger(data + 4);
+  int K = GetInteger(data + 8);
+  int Columns = GetInteger(data + 12);
+  int Rows = GetInteger(data + 16);
+  FX_BOOL EndOfLine = (data[20] & 0x01) == 0;
+  FX_BOOL ByteAlign = (data[20] & 0x02) == 0;
+  FX_BOOL BlackIs1 = (data[20] & 0x04) == 0;
+  data += kParameterSize;
+  size -= kParameterSize;
+
+  CCodec_FaxModule fax_module;
+  std::unique_ptr<CCodec_ScanlineDecoder> decoder;
+  decoder.reset(fax_module.CreateDecoder(data, size, width, height, K,
+                                         EndOfLine, ByteAlign, BlackIs1,
+                                         Columns, Rows));
+
+  int line = 0;
+  while (decoder->GetScanline(line))
+    line++;
+
+  return 0;
+}
-- 
cgit v1.2.3