Add fuzzer for FDE CSS syntax parser.

xfa/fxfa/parser/xfa_basic_imp.cpp

Index: xfa/fxfa/parser/xfa_basic_imp.cpp
diff --git a/xfa/fxfa/parser/xfa_basic_imp.cpp b/xfa/fxfa/parser/xfa_basic_imp.cpp
index 86a96bbd63db6e807ce8ee8c4a32090daa288402..d83d75648c32b76cdc0b493e5d73b6bfabbc2c69 100644
--- a/xfa/fxfa/parser/xfa_basic_imp.cpp
+++ b/xfa/fxfa/parser/xfa_basic_imp.cpp
@@ -557,9 +557,11 @@ int32_t CXFA_WideTextRead::ReadString(FX_WCHAR* pStr,
                                       int32_t iMaxLength,
                                       FX_BOOL& bEOS,
                                       int32_t const* pByteSize) {
-  if (iMaxLength > m_wsBuffer.GetLength() - m_iPosition) {
+  if (iMaxLength > m_wsBuffer.GetLength() - m_iPosition)
     iMaxLength = m_wsBuffer.GetLength() - m_iPosition;
-  }
+  if (iMaxLength == 0)

[dsinclair, 2016/06/13 20:05:47]

This is needed because the corpus was seeding with an input of "" and the fuzzer
would immediately crash due to an assert in FXSYS_wcsncpy that the size isn't 0.

[Oliver Chang, 2016/06/13 20:11:19]

It's probably best to do

if (size == 0)
  return 0;

in LLVMFuzzerTestOneInput instead of changing this here.

[dsinclair, 2016/06/13 20:19:22]

I think the check is valid here. We can't proceed if the size is zero, so we can
bail out early. It's just the first issue found by the fuzzer, heh.

+    return 0;
+
   FXSYS_wcsncpy(pStr, m_wsBuffer.c_str() + m_iPosition, iMaxLength);
   m_iPosition += iMaxLength;
   bEOS = IsEOF();