From 5a5f251ce8646ec421aa9e35d8bbca71a984770a Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Mon, 6 Jun 2016 11:52:30 -0700
Subject: Add GIF, BMP, JPEG and TIFF XFA fuzzers

Generalize the PNG fuzzer and add fuzzers for the other image types handled by
the progressive decoder.

BUG=chromium:617659, chromium:616842, chromium:616841, chromium:616839

Review-Url: https://codereview.chromium.org/2045613002
---
 testing/libfuzzer/pdf_codec_png_fuzzer.cc | 55 ++-----------------------------
 1 file changed, 2 insertions(+), 53 deletions(-)

(limited to 'testing/libfuzzer/pdf_codec_png_fuzzer.cc')

diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
index 5422a2f758..94e9321fd7 100644
--- a/testing/libfuzzer/pdf_codec_png_fuzzer.cc
+++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
@@ -2,59 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include <memory>
-
-#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
-#include "core/fxcodec/include/fx_codec.h"
-#include "core/fxcrt/include/fx_stream.h"
-
-namespace {
-
-class Reader : public IFX_FileRead {
- public:
-  Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
-  ~Reader() {}
-
-  void Release() override {}
-
-  FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
-    if (offset + size > m_size)
-      size = m_size - offset;
-    memcpy(buffer, m_data + offset, size);
-    return TRUE;
-  }
-
-  FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
-
- private:
-  const uint8_t* const m_data;
-  size_t m_size;
-};
-
-}  // namespace
+#include "testing/libfuzzer/xfa_codec_fuzzer.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
-  std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
-      mgr->CreateProgressiveDecoder());
-  Reader source(data, size);
-
-  FXCODEC_STATUS status =
-      decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr);
-  if (status != FXCODEC_STATUS_FRAME_READY)
-    return 0;
-
-  std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
-  bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
-
-  int32_t frames;
-  if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0)
-    return 0;
-
-  status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
-                                bitmap->GetHeight());
-  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
-    status = decoder->ContinueDecode();
-
-  return 0;
+  return XFACodecFuzzer::Fuzz(data, size, FXCODEC_IMAGE_PNG);
 }
-- 
cgit v1.2.3