testing/libfuzzer/xfa_codec_fuzzer.h - pdfium - Git at Google

 // Copyright 2016 The PDFium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
 #define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_

 #include <memory>

 #include "core/fxcodec/codec/ccodec_bmpmodule.h"
 #include "core/fxcodec/codec/ccodec_gifmodule.h"
 #include "core/fxcodec/codec/ccodec_pngmodule.h"
 #include "core/fxcodec/codec/ccodec_progressivedecoder.h"
 #include "core/fxcodec/codec/ccodec_tiffmodule.h"
 #include "core/fxcodec/fx_codec.h"
 #include "core/fxge/dib/cfx_dibitmap.h"
 #include "testing/fx_string_testhelpers.h"
 #include "third_party/base/ptr_util.h"

 // Arbitrarily picked to support up to 1000x1000 images. This is far below where
 // OOM issues are occuring.
 const int kXFACodecFuzzerPixelLimit = 1000000;

 class XFACodecFuzzer {
  public:
   static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
     auto mgr = pdfium::MakeUnique<CCodec_ModuleMgr>();
     mgr->SetBmpModule(pdfium::MakeUnique<CCodec_BmpModule>());
     mgr->SetGifModule(pdfium::MakeUnique<CCodec_GifModule>());
     mgr->SetPngModule(pdfium::MakeUnique<CCodec_PngModule>());
     mgr->SetTiffModule(pdfium::MakeUnique<CCodec_TiffModule>());

     std::unique_ptr<CCodec_ProgressiveDecoder> decoder =
         mgr->CreateProgressiveDecoder();
     auto source = pdfium::MakeRetain<CFX_BufferSeekableReadStream>(data, size);
     FXCODEC_STATUS status = decoder->LoadImageInfo(source, type, nullptr, true);
     if (status != FXCODEC_STATUS_FRAME_READY)
       return 0;

     // Skipping very large images, since they will take a long time and may lead
     // to OOM.
     if (decoder->GetHeight() != 0 &&
         decoder->GetWidth() > kXFACodecFuzzerPixelLimit / decoder->GetHeight())
       return 0;

     auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
     bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);

     int32_t frames;
     if (decoder->GetFrames(&frames) != FXCODEC_STATUS_DECODE_READY ||
         frames == 0)
       return 0;

     status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(),
                                   bitmap->GetHeight());
     while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
       status = decoder->ContinueDecode();

     return 0;
   }
 };

 #endif  // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
	// Copyright 2016 The PDFium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_
	#define TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_

	#include <memory>

	#include "core/fxcodec/codec/ccodec_bmpmodule.h"
	#include "core/fxcodec/codec/ccodec_gifmodule.h"
	#include "core/fxcodec/codec/ccodec_pngmodule.h"
	#include "core/fxcodec/codec/ccodec_progressivedecoder.h"
	#include "core/fxcodec/codec/ccodec_tiffmodule.h"
	#include "core/fxcodec/fx_codec.h"
	#include "core/fxge/dib/cfx_dibitmap.h"
	#include "testing/fx_string_testhelpers.h"
	#include "third_party/base/ptr_util.h"

	// Arbitrarily picked to support up to 1000x1000 images. This is far below where
	// OOM issues are occuring.
	const int kXFACodecFuzzerPixelLimit = 1000000;

	class XFACodecFuzzer {
	public:
	static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
	auto mgr = pdfium::MakeUnique<CCodec_ModuleMgr>();
	mgr->SetBmpModule(pdfium::MakeUnique<CCodec_BmpModule>());
	mgr->SetGifModule(pdfium::MakeUnique<CCodec_GifModule>());
	mgr->SetPngModule(pdfium::MakeUnique<CCodec_PngModule>());
	mgr->SetTiffModule(pdfium::MakeUnique<CCodec_TiffModule>());

	std::unique_ptr<CCodec_ProgressiveDecoder> decoder =
	mgr->CreateProgressiveDecoder();
	auto source = pdfium::MakeRetain<CFX_BufferSeekableReadStream>(data, size);
	FXCODEC_STATUS status = decoder->LoadImageInfo(source, type, nullptr, true);
	if (status != FXCODEC_STATUS_FRAME_READY)
	return 0;

	// Skipping very large images, since they will take a long time and may lead
	// to OOM.
	if (decoder->GetHeight() != 0 &&
	decoder->GetWidth() > kXFACodecFuzzerPixelLimit / decoder->GetHeight())
	return 0;

	auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
	bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);

	int32_t frames;
	if (decoder->GetFrames(&frames) != FXCODEC_STATUS_DECODE_READY \|\|
	frames == 0)
	return 0;

	status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(),
	bitmap->GetHeight());
	while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
	status = decoder->ContinueDecode();

	return 0;
	}
	};

	#endif // TESTING_LIBFUZZER_XFA_CODEC_FUZZER_H_