| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "testing/fuzzers/pdfium_fuzzer_helper.h" |
| |
| #include <assert.h> |
| #include <limits.h> |
| |
| #include <stddef.h> |
| #include <stdint.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| |
| #ifdef _WIN32 |
| #include <Windows.h> |
| #elif defined(__APPLE__) |
| #include <mach-o/dyld.h> |
| #else // Linux |
| #include <unistd.h> |
| #endif // _WIN32 |
| |
| #include <memory> |
| #include <sstream> |
| #include <string> |
| #include <utility> |
| |
| #include "public/cpp/fpdf_scopers.h" |
| #include "public/fpdf_dataavail.h" |
| #include "public/fpdf_ext.h" |
| #include "public/fpdf_text.h" |
| #include "testing/test_support.h" |
| #include "v8/include/v8-platform.h" |
| #include "v8/include/v8.h" |
| |
| namespace { |
| |
| int ExampleAppAlert(IPDF_JSPLATFORM*, |
| FPDF_WIDESTRING, |
| FPDF_WIDESTRING, |
| int, |
| int) { |
| return 0; |
| } |
| |
| int ExampleAppResponse(IPDF_JSPLATFORM*, |
| FPDF_WIDESTRING question, |
| FPDF_WIDESTRING title, |
| FPDF_WIDESTRING default_value, |
| FPDF_WIDESTRING label, |
| FPDF_BOOL is_password, |
| void* response, |
| int length) { |
| // UTF-16, always LE regardless of platform. |
| uint8_t* ptr = static_cast<uint8_t*>(response); |
| ptr[0] = 'N'; |
| ptr[1] = 0; |
| ptr[2] = 'o'; |
| ptr[3] = 0; |
| return 4; |
| } |
| |
| void ExampleDocGotoPage(IPDF_JSPLATFORM*, int pageNumber) {} |
| |
| void ExampleDocMail(IPDF_JSPLATFORM*, |
| void* mailData, |
| int length, |
| FPDF_BOOL UI, |
| FPDF_WIDESTRING To, |
| FPDF_WIDESTRING Subject, |
| FPDF_WIDESTRING CC, |
| FPDF_WIDESTRING BCC, |
| FPDF_WIDESTRING Msg) {} |
| |
| void ExampleUnsupportedHandler(UNSUPPORT_INFO*, int type) {} |
| |
| FPDF_BOOL Is_Data_Avail(FX_FILEAVAIL* pThis, size_t offset, size_t size) { |
| return true; |
| } |
| |
| void Add_Segment(FX_DOWNLOADHINTS* pThis, size_t offset, size_t size) {} |
| |
| #ifdef PDF_ENABLE_V8 |
| std::string ProgramPath() { |
| std::string result; |
| |
| #ifdef _WIN32 |
| char path[MAX_PATH]; |
| DWORD len = GetModuleFileNameA(NULL, path, MAX_PATH); |
| if (len != 0) |
| result = std::string(path, len); |
| #elif defined(__APPLE__) |
| char path[PATH_MAX]; |
| unsigned int len = PATH_MAX; |
| if (!_NSGetExecutablePath(path, &len)) { |
| std::unique_ptr<char, pdfium::FreeDeleter> resolved_path( |
| realpath(path, nullptr)); |
| if (resolved_path.get()) |
| result = std::string(resolved_path.get()); |
| } |
| #else // Linux |
| char path[PATH_MAX]; |
| ssize_t len = readlink("/proc/self/exe", path, PATH_MAX); |
| if (len > 0) |
| result = std::string(path, len); |
| #endif |
| return result; |
| } |
| #endif // PDF_ENABLE_V8 |
| |
| } // namespace |
| |
| PDFiumFuzzerHelper::PDFiumFuzzerHelper() = default; |
| |
| PDFiumFuzzerHelper::~PDFiumFuzzerHelper() = default; |
| |
| bool PDFiumFuzzerHelper::OnFormFillEnvLoaded(FPDF_DOCUMENT doc) { |
| return true; |
| } |
| |
| void PDFiumFuzzerHelper::RenderPdf(const char* pBuf, size_t len) { |
| IPDF_JSPLATFORM platform_callbacks; |
| memset(&platform_callbacks, '\0', sizeof(platform_callbacks)); |
| platform_callbacks.version = 3; |
| platform_callbacks.app_alert = ExampleAppAlert; |
| platform_callbacks.app_response = ExampleAppResponse; |
| platform_callbacks.Doc_gotoPage = ExampleDocGotoPage; |
| platform_callbacks.Doc_mail = ExampleDocMail; |
| |
| FPDF_FORMFILLINFO form_callbacks; |
| memset(&form_callbacks, '\0', sizeof(form_callbacks)); |
| form_callbacks.version = GetFormCallbackVersion(); |
| form_callbacks.m_pJsPlatform = &platform_callbacks; |
| |
| TestLoader loader(pBuf, len); |
| FPDF_FILEACCESS file_access; |
| memset(&file_access, '\0', sizeof(file_access)); |
| file_access.m_FileLen = static_cast<unsigned long>(len); |
| file_access.m_GetBlock = TestLoader::GetBlock; |
| file_access.m_Param = &loader; |
| |
| FX_FILEAVAIL file_avail; |
| memset(&file_avail, '\0', sizeof(file_avail)); |
| file_avail.version = 1; |
| file_avail.IsDataAvail = Is_Data_Avail; |
| |
| FX_DOWNLOADHINTS hints; |
| memset(&hints, '\0', sizeof(hints)); |
| hints.version = 1; |
| hints.AddSegment = Add_Segment; |
| |
| ScopedFPDFAvail pdf_avail(FPDFAvail_Create(&file_avail, &file_access)); |
| |
| int nRet = PDF_DATA_NOTAVAIL; |
| bool bIsLinearized = false; |
| ScopedFPDFDocument doc; |
| if (FPDFAvail_IsLinearized(pdf_avail.get()) == PDF_LINEARIZED) { |
| doc.reset(FPDFAvail_GetDocument(pdf_avail.get(), nullptr)); |
| if (doc) { |
| while (nRet == PDF_DATA_NOTAVAIL) |
| nRet = FPDFAvail_IsDocAvail(pdf_avail.get(), &hints); |
| |
| if (nRet == PDF_DATA_ERROR) |
| return; |
| |
| nRet = FPDFAvail_IsFormAvail(pdf_avail.get(), &hints); |
| if (nRet == PDF_FORM_ERROR || nRet == PDF_FORM_NOTAVAIL) |
| return; |
| |
| bIsLinearized = true; |
| } |
| } else { |
| doc.reset(FPDF_LoadCustomDocument(&file_access, nullptr)); |
| } |
| |
| if (!doc) |
| return; |
| |
| (void)FPDF_GetDocPermissions(doc.get()); |
| |
| ScopedFPDFFormHandle form( |
| FPDFDOC_InitFormFillEnvironment(doc.get(), &form_callbacks)); |
| if (!OnFormFillEnvLoaded(doc.get())) |
| return; |
| |
| FPDF_SetFormFieldHighlightColor(form.get(), FPDF_FORMFIELD_UNKNOWN, 0xFFE4DD); |
| FPDF_SetFormFieldHighlightAlpha(form.get(), 100); |
| FORM_DoDocumentJSAction(form.get()); |
| FORM_DoDocumentOpenAction(form.get()); |
| |
| int page_count = FPDF_GetPageCount(doc.get()); |
| for (int i = 0; i < page_count; ++i) { |
| if (bIsLinearized) { |
| nRet = PDF_DATA_NOTAVAIL; |
| while (nRet == PDF_DATA_NOTAVAIL) |
| nRet = FPDFAvail_IsPageAvail(pdf_avail.get(), i, &hints); |
| |
| if (nRet == PDF_DATA_ERROR) |
| return; |
| } |
| RenderPage(doc.get(), form.get(), i); |
| } |
| FORM_DoDocumentAAction(form.get(), FPDFDOC_AACTION_WC); |
| } |
| |
| bool PDFiumFuzzerHelper::RenderPage(FPDF_DOCUMENT doc, |
| FPDF_FORMHANDLE form, |
| const int page_index) { |
| ScopedFPDFPage page(FPDF_LoadPage(doc, page_index)); |
| if (!page) |
| return false; |
| |
| ScopedFPDFTextPage text_page(FPDFText_LoadPage(page.get())); |
| FORM_OnAfterLoadPage(page.get(), form); |
| FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_OPEN); |
| |
| const double scale = 1.0; |
| int width = static_cast<int>(FPDF_GetPageWidth(page.get()) * scale); |
| int height = static_cast<int>(FPDF_GetPageHeight(page.get()) * scale); |
| ScopedFPDFBitmap bitmap(FPDFBitmap_Create(width, height, 0)); |
| if (bitmap) { |
| FPDFBitmap_FillRect(bitmap.get(), 0, 0, width, height, 0xFFFFFFFF); |
| FPDF_RenderPageBitmap(bitmap.get(), page.get(), 0, 0, width, height, 0, 0); |
| FPDF_FFLDraw(form, bitmap.get(), page.get(), 0, 0, width, height, 0, 0); |
| } |
| FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_CLOSE); |
| FORM_OnBeforeClosePage(page.get(), form); |
| return !!bitmap; |
| } |
| |
| // Initialize the library once for all runs of the fuzzer. |
| struct TestCase { |
| TestCase() { |
| #ifdef PDF_ENABLE_V8 |
| #ifdef V8_USE_EXTERNAL_STARTUP_DATA |
| platform = InitializeV8ForPDFiumWithStartupData( |
| ProgramPath(), "", &natives_blob, &snapshot_blob); |
| #else |
| platform = InitializeV8ForPDFium(ProgramPath()); |
| #endif // V8_USE_EXTERNAL_STARTUP_DATA |
| #endif // PDF_ENABLE_V8 |
| |
| memset(&config, '\0', sizeof(config)); |
| config.version = 2; |
| config.m_pUserFontPaths = nullptr; |
| config.m_pIsolate = nullptr; |
| config.m_v8EmbedderSlot = 0; |
| FPDF_InitLibraryWithConfig(&config); |
| |
| memset(&unsupport_info, '\0', sizeof(unsupport_info)); |
| unsupport_info.version = 1; |
| unsupport_info.FSDK_UnSupport_Handler = ExampleUnsupportedHandler; |
| FSDK_SetUnSpObjProcessHandler(&unsupport_info); |
| } |
| |
| std::unique_ptr<v8::Platform> platform; |
| v8::StartupData natives_blob; |
| v8::StartupData snapshot_blob; |
| FPDF_LIBRARY_CONFIG config; |
| UNSUPPORT_INFO unsupport_info; |
| }; |
| |
| // pdf_fuzzer_init.cc and pdfium_fuzzer_helper.cc are mutually exclusive and |
| // should not be built together. They deliberately have the same global |
| // variable. |
| static TestCase* g_test_case = new TestCase(); |
