From bf067b461368abf7303a1285183128790134b169 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Fri, 18 Mar 2016 16:45:33 -0700 Subject: Add an openjpeg libfuzzer. BUG=591789 R=tsepez@chromium.org Review URL: https://codereview.chromium.org/1814223003 . --- testing/DEPS | 1 + testing/libfuzzer/BUILD.gn | 14 ++++++++++ testing/libfuzzer/fuzzers.gyp | 15 +++++++++++ testing/libfuzzer/pdf_jpx_fuzzer.cc | 52 +++++++++++++++++++++++++++++++++++++ 4 files changed, 82 insertions(+) create mode 100644 testing/libfuzzer/pdf_jpx_fuzzer.cc (limited to 'testing') diff --git a/testing/DEPS b/testing/DEPS index 86d3090407..ce8bbe45f7 100644 --- a/testing/DEPS +++ b/testing/DEPS @@ -1,5 +1,6 @@ include_rules = [ '+core/include', + '+core/fxcodec', '+fpdfsdk/include', '+public', '+v8', diff --git a/testing/libfuzzer/BUILD.gn b/testing/libfuzzer/BUILD.gn index d5ccb7f40f..0fb43f2790 100644 --- a/testing/libfuzzer/BUILD.gn +++ b/testing/libfuzzer/BUILD.gn @@ -47,4 +47,18 @@ if (pdf_enable_xfa) { ":libfuzzer_config", ] } + source_set("pdf_jpx_fuzzer") { + testonly = true + sources = [ + "pdf_jpx_fuzzer.cc", + ] + deps = [ + "//third_party/pdfium:pdfium", + ] + configs -= [ "//build/config/compiler:chromium_code" ] + configs += [ + "//build/config/compiler:no_chromium_code", + ":libfuzzer_config", + ] + } } diff --git a/testing/libfuzzer/fuzzers.gyp b/testing/libfuzzer/fuzzers.gyp index bdd9086592..1f04baa77f 100644 --- a/testing/libfuzzer/fuzzers.gyp +++ b/testing/libfuzzer/fuzzers.gyp @@ -61,6 +61,21 @@ }, ], }], + ['OS=="linux"', { + 'targets': [ + { + 'target_name': 'pdf_jpx_fuzzer', + 'type': 'executable', + 'dependencies': [ + '../../pdfium.gyp:pdfium', + ], + 'sources': [ + 'pdf_jpx_fuzzer.cc', + 'unittest_main.cc', + ], + }, + ], + }], ], # Empty target so that nonxfa builds work. 'targets': [ diff --git a/testing/libfuzzer/pdf_jpx_fuzzer.cc b/testing/libfuzzer/pdf_jpx_fuzzer.cc new file mode 100644 index 0000000000..8e16f24abc --- /dev/null +++ b/testing/libfuzzer/pdf_jpx_fuzzer.cc @@ -0,0 +1,52 @@ +// Copyright 2016 The PDFium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include +#include +#include + +#include "core/fxcodec/codec/codec_int.h" +#include "core/include/fxge/fx_dib.h" + +CCodec_JpxModule g_module; + +struct DecoderDeleter { + void operator()(CJPX_Decoder* decoder) { g_module.DestroyDecoder(decoder); } +}; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::unique_ptr decoder( + g_module.CreateDecoder(data, size, nullptr)); + if (!decoder) + return 0; + + FX_DWORD width; + FX_DWORD height; + FX_DWORD components; + g_module.GetImageInfo(decoder.get(), &width, &height, &components); + + FXDIB_Format format; + if (components == 1) { + format = FXDIB_8bppRgb; + } else if (components <= 3) { + format = FXDIB_Rgb; + } else if (components == 4) { + format = FXDIB_Rgb32; + } else { + width = (width * components + 2) / 3; + format = FXDIB_Rgb; + } + + std::unique_ptr bitmap(new CFX_DIBitmap); + if (!bitmap->Create(width, height, format)) + return 0; + + std::vector output_offsets(components); + for (FX_DWORD i = 0; i < components; ++i) + output_offsets[i] = i; + + g_module.Decode(decoder.get(), bitmap->GetBuffer(), bitmap->GetPitch(), + output_offsets); + return 0; +} -- cgit v1.2.3