Add a fuzzer for CPDF_ToUnicodeMap class.
Add a fuzzer to exercise the public methods of CPDF_ToUnicodeMap class.
Bug: chromium:1025443
Change-Id: If831e8db0cfc5007226b154a0164c026e1a5a7fa
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83350
Commit-Queue: Hui Yingst <nigi@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
diff --git a/testing/fuzzers/BUILD.gn b/testing/fuzzers/BUILD.gn
index 0f88d23..e6a7bc3 100644
--- a/testing/fuzzers/BUILD.gn
+++ b/testing/fuzzers/BUILD.gn
@@ -68,7 +68,10 @@
}
if (is_clang) {
# Fuzzers that use FuzzedDataProvider can only be built with Clang.
- fuzzer_list += [ "pdf_nametree_fuzzer" ]
+ fuzzer_list += [
+ "pdf_cpdf_tounicodemap_fuzzer",
+ "pdf_nametree_fuzzer",
+ ]
}
# Note that this only compiles all the fuzzers, to prevent compile breakages.
@@ -435,6 +438,15 @@
}
if (is_clang) {
+ pdfium_fuzzer("pdf_cpdf_tounicodemap_fuzzer") {
+ sources = [ "pdf_cpdf_tounicodemap_fuzzer.cc" ]
+ deps = [
+ "../../core/fpdfapi/font",
+ "../../core/fpdfapi/parser",
+ "../../core/fxcrt",
+ ]
+ }
+
pdfium_fuzzer("pdf_nametree_fuzzer") {
sources = [ "pdf_nametree_fuzzer.cc" ]
deps = [
diff --git a/testing/fuzzers/pdf_cpdf_tounicodemap_fuzzer.cc b/testing/fuzzers/pdf_cpdf_tounicodemap_fuzzer.cc
new file mode 100644
index 0000000..60ff1fc
--- /dev/null
+++ b/testing/fuzzers/pdf_cpdf_tounicodemap_fuzzer.cc
@@ -0,0 +1,37 @@
+// Copyright 2021 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+#include <memory>
+#include <vector>
+
+#include "core/fpdfapi/font/cpdf_tounicodemap.h"
+#include "core/fpdfapi/parser/cpdf_stream.h"
+#include "core/fxcrt/retain_ptr.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static constexpr size_t kParameterSize = sizeof(uint32_t) + sizeof(wchar_t);
+ if (size <= kParameterSize)
+ return 0;
+
+ // Limit data size to prevent fuzzer timeout.
+ static constexpr size_t kMaxDataSize = 256 * 1024;
+ if (size > kParameterSize + kMaxDataSize)
+ return 0;
+
+ FuzzedDataProvider data_provider(data, size);
+ uint32_t charcode_to_lookup = data_provider.ConsumeIntegral<uint32_t>();
+ wchar_t char_for_reverse_lookup = data_provider.ConsumeIntegral<wchar_t>();
+
+ std::vector<uint8_t> remaining =
+ data_provider.ConsumeRemainingBytes<uint8_t>();
+ auto stream = pdfium::MakeRetain<CPDF_Stream>();
+ stream->SetData(remaining);
+
+ auto to_unicode_map = std::make_unique<CPDF_ToUnicodeMap>(stream.Get());
+ to_unicode_map->Lookup(charcode_to_lookup);
+ to_unicode_map->ReverseLookup(char_for_reverse_lookup);
+ return 0;
+}