From 756d37943415ca15d491b79ba78012225a06db76 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Tue, 14 Jun 2016 07:34:20 -0700
Subject: Add fuzzer for FDE CSS syntax parser.

This CL adds a fuzzer for the CSS Syntax parser in XFA.

BUG=chromium:587126

Review-Url: https://codereview.chromium.org/2068513002
---
 testing/libfuzzer/pdf_css_fuzzer.cc | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 testing/libfuzzer/pdf_css_fuzzer.cc

(limited to 'testing/libfuzzer/pdf_css_fuzzer.cc')

diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_css_fuzzer.cc
new file mode 100644
index 0000000000..da8b1f53f6
--- /dev/null
+++ b/testing/libfuzzer/pdf_css_fuzzer.cc
@@ -0,0 +1,31 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "core/fxcrt/include/fx_string.h"
+#include "xfa/fde/css/fde_css.h"
+#include "xfa/fde/css/fde_csssyntax.h"
+#include "xfa/fgas/crt/fgas_stream.h"
+#include "xfa/fxfa/parser/xfa_utils.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  CFDE_CSSSyntaxParser parser;
+
+  CFX_WideString input = CFX_WideString::FromUTF8(
+      CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size)));
+  std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream(
+      XFA_CreateWideTextRead(input));
+  if (!stream)
+    return 0;
+
+  parser.Init(stream.get(), 1024);
+
+  FDE_CSSSYNTAXSTATUS status = parser.DoSyntaxParse();
+  while (status != FDE_CSSSYNTAXSTATUS_Error &&
+         status != FDE_CSSSYNTAXSTATUS_EOS)
+    status = parser.DoSyntaxParse();
+
+  return 0;
+}
-- 
cgit v1.2.3