testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc - Issue 2070103002: Add CFX_SAXReader fuzzer

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

Issue 2070103002: Add CFX_SAXReader fuzzer (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

diff --git a/testing/libfuzzer/pdf_css_fuzzer.cc b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

similarity index 58%

copy from testing/libfuzzer/pdf_css_fuzzer.cc

copy to testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

index da8b1f53f697619151a3f790a125f113e2e8033f..54cc410a369be29228f636ff64fc5a5f8ba70b3d 100644

--- a/testing/libfuzzer/pdf_css_fuzzer.cc

+++ b/testing/libfuzzer/pdf_cfx_saxreader_fuzzer.cc

@@ -4,15 +4,11 @@

#include <memory>

-#include "core/fxcrt/include/fx_string.h"

-#include "xfa/fde/css/fde_css.h"

-#include "xfa/fde/css/fde_csssyntax.h"

+#include "xfa/fde/xml/cfx_saxreader.h"

#include "xfa/fgas/crt/fgas_stream.h"

#include "xfa/fxfa/parser/xfa_utils.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

- CFDE_CSSSyntaxParser parser;

CFX_WideString input = CFX_WideString::FromUTF8(

CFX_ByteStringC(data, static_cast<FX_STRSIZE>(size)));

std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream(

@@ -20,12 +16,22 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

if (!stream)

return 0;

- parser.Init(stream.get(), 1024);

+ std::unique_ptr<IFX_FileRead, ReleaseDeleter<IFX_FileRead>> fileRead(

+ FX_CreateFileRead(stream.get(), false));

+ if (!fileRead)

+ return 0;

+ CFX_SAXReader reader;

+ if (reader.StartParse(fileRead.get(), 0, -1, CFX_SaxParseMode_NotSkipSpace) <

+ 0) {

+ return 0;

+ }

- FDE_CSSSYNTAXSTATUS status = parser.DoSyntaxParse();

- while (status != FDE_CSSSYNTAXSTATUS_Error &&

- status != FDE_CSSSYNTAXSTATUS_EOS)

- status = parser.DoSyntaxParse();

+ while (1) {

dsinclair 2016/06/15 17:54:32 Will clusterfuzz time this out if it goes bonkers?

Oliver Chang 2016/06/15 22:43:44 Yeah, the libFuzzer driver also handles timeouts.

+ int32_t ret = reader.ContinueParse(nullptr);

+ if (ret < 0 || ret > 99)

+ break;

+ }

return 0;

}

« no previous file with comments | « testing/libfuzzer/fuzzers.gyp ('k') | no next file » | no next file with comments »