XFA PNG Fuzzer

testing/libfuzzer/pdf_codec_png_fuzzer.cc

Index: testing/libfuzzer/pdf_codec_png_fuzzer.cc
diff --git a/testing/libfuzzer/pdf_codec_png_fuzzer.cc b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..5422a2f758d055263fbf753f94af759cd6e75078
--- /dev/null
+++ b/testing/libfuzzer/pdf_codec_png_fuzzer.cc
@@ -0,0 +1,60 @@
+// Copyright 2016 The PDFium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <memory>
+
+#include "core/fxcodec/codec/include/ccodec_progressivedecoder.h"
+#include "core/fxcodec/include/fx_codec.h"
+#include "core/fxcrt/include/fx_stream.h"
+
+namespace {
+
+class Reader : public IFX_FileRead {
+ public:
+  Reader(const uint8_t* data, size_t size) : m_data(data), m_size(size) {}
+  ~Reader() {}
+
+  void Release() override {}
+
+  FX_BOOL ReadBlock(void* buffer, FX_FILESIZE offset, size_t size) override {
+    if (offset + size > m_size)
+      size = m_size - offset;
+    memcpy(buffer, m_data + offset, size);
+    return TRUE;
+  }
+
+  FX_FILESIZE GetSize() override { return static_cast<FX_FILESIZE>(m_size); }
+
+ private:
+  const uint8_t* const m_data;
+  size_t m_size;
+};
+
+}  // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  std::unique_ptr<CCodec_ModuleMgr> mgr(new CCodec_ModuleMgr());
+  std::unique_ptr<CCodec_ProgressiveDecoder> decoder(
+      mgr->CreateProgressiveDecoder());
+  Reader source(data, size);
+
+  FXCODEC_STATUS status =
+      decoder->LoadImageInfo(&source, FXCODEC_IMAGE_PNG, nullptr);
+  if (status != FXCODEC_STATUS_FRAME_READY)
+    return 0;
+
+  std::unique_ptr<CFX_DIBitmap> bitmap(new CFX_DIBitmap);
+  bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), FXDIB_Argb);
+
+  int32_t frames;
+  if (decoder->GetFrames(frames) != FXCODEC_STATUS_DECODE_READY || frames == 0)
+    return 0;
+
+  status = decoder->StartDecode(bitmap.get(), 0, 0, bitmap->GetWidth(),
+                                bitmap->GetHeight());
+  while (status == FXCODEC_STATUS_DECODE_TOBECONTINUE)
+    status = decoder->ContinueDecode();
+
+  return 0;
+}