blob: de9e80f7a6af932896f71f580bec02fe5a5664ff [file] [log] [blame] [edit]
// Copyright 2016 The PDFium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef TESTING_FUZZERS_XFA_CODEC_FUZZER_H_
#define TESTING_FUZZERS_XFA_CODEC_FUZZER_H_
#include <memory>
#include <utility>
#include "core/fxcodec/fx_codec.h"
#include "core/fxcodec/progressive_decoder.h"
#include "core/fxcrt/cfx_read_only_span_stream.h"
#include "core/fxcrt/fx_safe_types.h"
#include "core/fxcrt/retain_ptr.h"
#include "core/fxcrt/span.h"
#include "core/fxge/dib/cfx_dibitmap.h"
// Support up to 64 MB. This prevents trivial OOM when MSAN is on and
// time outs.
const int kXFACodecFuzzerPixelLimit = 64000000;
class XFACodecFuzzer {
public:
static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) {
auto decoder = std::make_unique<ProgressiveDecoder>();
auto source = pdfium::MakeRetain<CFX_ReadOnlySpanStream>(
pdfium::make_span(data, size));
CFX_DIBAttribute attr;
FXCODEC_STATUS status =
decoder->LoadImageInfo(std::move(source), type, &attr, true);
if (status != FXCODEC_STATUS::kFrameReady)
return 0;
// Skipping very large images, since they will take a long time and may lead
// to OOM.
FX_SAFE_UINT32 bitmap_size = decoder->GetHeight();
bitmap_size *= decoder->GetWidth();
bitmap_size *= 4; // From CFX_DIBitmap impl.
if (!bitmap_size.IsValid() ||
bitmap_size.ValueOrDie() > kXFACodecFuzzerPixelLimit) {
return 0;
}
auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>();
if (!bitmap->Create(decoder->GetWidth(), decoder->GetHeight(),
FXDIB_Format::kArgb)) {
return 0;
}
size_t frames;
std::tie(status, frames) = decoder->GetFrames();
if (status != FXCODEC_STATUS::kDecodeReady || frames == 0)
return 0;
status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(),
bitmap->GetHeight());
while (status == FXCODEC_STATUS::kDecodeToBeContinued)
status = decoder->ContinueDecode();
return 0;
}
};
#endif // TESTING_FUZZERS_XFA_CODEC_FUZZER_H_