// Copyright 2016 The PDFium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ #define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_ #include #include "core/fxcodec/codec/ccodec_bmpmodule.h" #include "core/fxcodec/codec/ccodec_gifmodule.h" #include "core/fxcodec/codec/ccodec_pngmodule.h" #include "core/fxcodec/codec/ccodec_progressivedecoder.h" #include "core/fxcodec/codec/ccodec_tiffmodule.h" #include "core/fxcodec/fx_codec.h" #include "core/fxge/dib/cfx_dibitmap.h" #include "testing/fx_string_testhelpers.h" #include "third_party/base/ptr_util.h" // Arbitrarily picked to support up to 1000x1000 images. This is far below where // OOM issues are occuring. const int kXFACodecFuzzerPixelLimit = 1000000; class XFACodecFuzzer { public: static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { auto mgr = pdfium::MakeUnique(); mgr->SetBmpModule(pdfium::MakeUnique()); mgr->SetGifModule(pdfium::MakeUnique()); mgr->SetPngModule(pdfium::MakeUnique()); mgr->SetTiffModule(pdfium::MakeUnique()); std::unique_ptr decoder = mgr->CreateProgressiveDecoder(); auto source = pdfium::MakeRetain(data, size); FXCODEC_STATUS status = decoder->LoadImageInfo(source, type, nullptr, true); if (status != FXCODEC_STATUS_FRAME_READY) return 0; // Skipping very large images, since they will take a long time and may lead // to OOM. if (decoder->GetWidth() > kXFACodecFuzzerPixelLimit / decoder->GetHeight()) return 0; auto bitmap = pdfium::MakeRetain(); bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb); int32_t frames; if (decoder->GetFrames(&frames) != FXCODEC_STATUS_DECODE_READY || frames == 0) return 0; status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(), bitmap->GetHeight()); while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE) status = decoder->ContinueDecode(); return 0; } }; #endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_