| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The PDFium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <cstdint> |
| 6 |
| 7 #include "core/fpdfapi/fpdf_parser/cpdf_hint_tables.h" |
| 8 #include "core/fpdfapi/fpdf_parser/include/cpdf_dictionary.h" |
| 9 |
| 10 struct DummyLinearizedDictionary { |
| 11 int end_of_first_page_offset; |
| 12 int number_of_pages; |
| 13 int first_page_object_number; |
| 14 int first_page_number; |
| 15 int primary_hint_stream_offset; |
| 16 int primary_hint_stream_length; |
| 17 int shared_hint_table_offset; |
| 18 }; |
| 19 |
| 20 int32_t GetData(const int32_t** data32, const uint8_t** data, size_t* size) { |
| 21 const int32_t* ret = *data32; |
| 22 ++(*data32); |
| 23 *data += 4; |
| 24 *size -= 4; |
| 25 return *ret; |
| 26 } |
| 27 |
| 28 class HintTableForFuzzing : public CPDF_HintTables { |
| 29 public: |
| 30 HintTableForFuzzing(DummyLinearizedDictionary* dict, |
| 31 CPDF_Dictionary* linearized_dict) |
| 32 : CPDF_HintTables(nullptr, linearized_dict), dict_(dict) {} |
| 33 ~HintTableForFuzzing() {} |
| 34 |
| 35 void Fuzz(const uint8_t* data, size_t size) { |
| 36 if (dict_->shared_hint_table_offset <= 0) |
| 37 return; |
| 38 |
| 39 if (size < static_cast<size_t>(dict_->shared_hint_table_offset)) |
| 40 return; |
| 41 |
| 42 CFX_BitStream bs; |
| 43 bs.Init(data, size); |
| 44 if (!ReadPageHintTable(&bs)) |
| 45 return; |
| 46 ReadSharedObjHintTable(&bs, dict_->shared_hint_table_offset); |
| 47 } |
| 48 |
| 49 private: |
| 50 int GetEndOfFirstPageOffset() const override { |
| 51 return dict_->end_of_first_page_offset; |
| 52 } |
| 53 int GetNumberOfPages() const override { return dict_->number_of_pages; } |
| 54 int GetFirstPageObjectNumber() const override { |
| 55 return dict_->first_page_object_number; |
| 56 } |
| 57 int GetFirstPageNumber() const override { return dict_->first_page_number; } |
| 58 int ReadPrimaryHintStreamOffset() const override { |
| 59 return dict_->primary_hint_stream_offset; |
| 60 } |
| 61 int ReadPrimaryHintStreamLength() const override { |
| 62 return dict_->primary_hint_stream_length; |
| 63 } |
| 64 |
| 65 DummyLinearizedDictionary* const dict_; |
| 66 }; |
| 67 |
| 68 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 69 // Need 28 bytes for |dummy_dict|. |
| 70 // The header section of page offset hint table is 36 bytes. |
| 71 // The header section of shared object hint table is 24 bytes. |
| 72 if (size < 28 + 36 + 24) |
| 73 return 0; |
| 74 |
| 75 const int32_t* data32 = reinterpret_cast<const int32_t*>(data); |
| 76 DummyLinearizedDictionary dummy_dict; |
| 77 dummy_dict.end_of_first_page_offset = GetData(&data32, &data, &size); |
| 78 dummy_dict.number_of_pages = GetData(&data32, &data, &size); |
| 79 dummy_dict.first_page_object_number = GetData(&data32, &data, &size); |
| 80 dummy_dict.first_page_number = GetData(&data32, &data, &size); |
| 81 dummy_dict.primary_hint_stream_offset = GetData(&data32, &data, &size); |
| 82 dummy_dict.primary_hint_stream_length = GetData(&data32, &data, &size); |
| 83 dummy_dict.shared_hint_table_offset = GetData(&data32, &data, &size); |
| 84 |
| 85 CPDF_Dictionary* dummy_linearized_dict = new CPDF_Dictionary; |
| 86 |
| 87 { |
| 88 HintTableForFuzzing hint_table(&dummy_dict, dummy_linearized_dict); |
| 89 hint_table.Fuzz(data, size); |
| 90 } |
| 91 |
| 92 dummy_linearized_dict->Release(); |
| 93 return 0; |
| 94 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2255083004:
Add a fuzzer for CPDF_HintTables. (Closed)
Base URL: https://pdfium.googlesource.com/pdfium@master