Add XFA pdfium fuzzer

pdf/pdfium/fuzzers/pdfium_fuzzer_helper.cc

-// Copyright 2015 The Chromium Authors. All rights reserved.
+// Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This fuzzer is simplified & cleaned up pdfium/samples/pdfium_test.cc
 
+#include "pdf/pdfium/fuzzers/pdfium_fuzzer_helper.h"
+
 #include <assert.h>
 #include <limits.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
 #ifdef _MSC_VER
 #include <Windows.h>
 #else
 #include <unistd.h>
 #endif
 
-#include <list>
 #include <memory>
 #include <sstream>
 #include <string>
 #include <utility>
-#include <vector>
 
 #include "third_party/pdfium/public/cpp/fpdf_deleters.h"
 #include "third_party/pdfium/public/fpdf_dataavail.h"
-#include "third_party/pdfium/public/fpdf_ext.h"
-#include "third_party/pdfium/public/fpdf_formfill.h"
 #include "third_party/pdfium/public/fpdf_text.h"
-#include "third_party/pdfium/public/fpdfview.h"
 #include "third_party/pdfium/testing/test_support.h"
 
-#include "v8/include/v8.h"
+namespace {
 
-static int ExampleAppAlert(IPDF_JSPLATFORM*,
-                           FPDF_WIDESTRING,
-                           FPDF_WIDESTRING,
-                           int,
-                           int) {
+int ExampleAppAlert(IPDF_JSPLATFORM*,
+                    FPDF_WIDESTRING,
+                    FPDF_WIDESTRING,
+                    int,
+                    int) {
   return 0;
 }
 
-static void ExampleDocGotoPage(IPDF_JSPLATFORM*, int pageNumber) {}
+int ExampleAppResponse(IPDF_JSPLATFORM*,
+                       FPDF_WIDESTRING question,
+                       FPDF_WIDESTRING title,
+                       FPDF_WIDESTRING default_value,
+                       FPDF_WIDESTRING label,
+                       FPDF_BOOL is_password,
+                       void* response,
+                       int length) {
+  // UTF-16, always LE regardless of platform.
+  uint8_t* ptr = static_cast<uint8_t*>(response);
+  ptr[0] = 'N';
+  ptr[1] = 0;
+  ptr[2] = 'o';
+  ptr[3] = 0;
+  return 4;
+}
 
-static void ExampleUnsupportedHandler(UNSUPPORT_INFO*, int type) {}
+void ExampleDocGotoPage(IPDF_JSPLATFORM*, int pageNumber) {}
+
+void ExampleDocMail(IPDF_JSPLATFORM*,
+                    void* mailData,
+                    int length,
+                    FPDF_BOOL UI,
+                    FPDF_WIDESTRING To,
+                    FPDF_WIDESTRING Subject,
+                    FPDF_WIDESTRING CC,
+                    FPDF_WIDESTRING BCC,
+                    FPDF_WIDESTRING Msg) {}
+
+void ExampleUnsupportedHandler(UNSUPPORT_INFO*, int type) {}
 
 FPDF_BOOL Is_Data_Avail(FX_FILEAVAIL* pThis, size_t offset, size_t size) {
   return true;
 }
 
-static void Add_Segment(FX_DOWNLOADHINTS* pThis, size_t offset, size_t size) {}
+void Add_Segment(FX_DOWNLOADHINTS* pThis, size_t offset, size_t size) {}
 
-static bool RenderPage(const FPDF_DOCUMENT& doc,
-                       const FPDF_FORMHANDLE& form,
-                       const int page_index) {
-  std::unique_ptr<void, FPDFPageDeleter> page(FPDF_LoadPage(doc, page_index));
-  if (!page)
-    return false;
-
-  std::unique_ptr<void, FPDFTextPageDeleter> text_page(
-      FPDFText_LoadPage(page.get()));
-  FORM_OnAfterLoadPage(page.get(), form);
-  FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_OPEN);
-
-  const double scale = 1.0;
-  int width = static_cast<int>(FPDF_GetPageWidth(page.get()) * scale);
-  int height = static_cast<int>(FPDF_GetPageHeight(page.get()) * scale);
-  std::unique_ptr<void, FPDFBitmapDeleter> bitmap(
-      FPDFBitmap_Create(width, height, 0));
-  if (bitmap) {
-    FPDFBitmap_FillRect(bitmap.get(), 0, 0, width, height, 0xFFFFFFFF);
-    FPDF_RenderPageBitmap(bitmap.get(), page.get(), 0, 0, width, height, 0, 0);
-    FPDF_FFLDraw(form, bitmap.get(), page.get(), 0, 0, width, height, 0, 0);
-  }
-  FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_CLOSE);
-  FORM_OnBeforeClosePage(page.get(), form);
-  return !!bitmap;
+std::string ProgramPath() {
+#ifdef _MSC_VER
+  wchar_t wpath[MAX_PATH];
+  char path[MAX_PATH];
+  DWORD res = GetModuleFileName(NULL, wpath, MAX_PATH);
+  assert(res != 0);
+  wcstombs(path, wpath, MAX_PATH);
+  return std::string(path, res);
+#else
+  char* path = new char[PATH_MAX + 1];
+  assert(path);
+  ssize_t sz = readlink("/proc/self/exe", path, PATH_MAX);
+  assert(sz > 0);
+  std::string result(path, sz);
+  delete[] path;
+  return result;
+#endif
 }
 
-static void RenderPdf(const char* pBuf, size_t len) {
+}  // namespace
+
+PDFiumFuzzerHelper::PDFiumFuzzerHelper() {}
+
+PDFiumFuzzerHelper::~PDFiumFuzzerHelper() {}
+
+bool PDFiumFuzzerHelper::OnFormFillEnvLoaded(FPDF_DOCUMENT doc) {
+  return true;
+}
+
+void PDFiumFuzzerHelper::RenderPdf(const char* pBuf, size_t len) {
   IPDF_JSPLATFORM platform_callbacks;
   memset(&platform_callbacks, '\0', sizeof(platform_callbacks));
   platform_callbacks.version = 3;
   platform_callbacks.app_alert = ExampleAppAlert;
+  platform_callbacks.app_response = ExampleAppResponse;
   platform_callbacks.Doc_gotoPage = ExampleDocGotoPage;
+  platform_callbacks.Doc_mail = ExampleDocMail;
 
   FPDF_FORMFILLINFO form_callbacks;
   memset(&form_callbacks, '\0', sizeof(form_callbacks));
-  form_callbacks.version = 1;
+  form_callbacks.version = GetFormCallbackVersion();
   form_callbacks.m_pJsPlatform = &platform_callbacks;
 
   TestLoader loader(pBuf, len);
   FPDF_FILEACCESS file_access;
   memset(&file_access, '\0', sizeof(file_access));
   file_access.m_FileLen = static_cast<unsigned long>(len);
   file_access.m_GetBlock = TestLoader::GetBlock;
   file_access.m_Param = &loader;
 
   FX_FILEAVAIL file_avail;
@@ skipping 31 matching lines @@
     doc.reset(FPDF_LoadCustomDocument(&file_access, nullptr));
   }
 
   if (!doc)
     return;
 
   (void)FPDF_GetDocPermissions(doc.get());
 
   std::unique_ptr<void, FPDFFormHandleDeleter> form(
       FPDFDOC_InitFormFillEnvironment(doc.get(), &form_callbacks));
+  if (!OnFormFillEnvLoaded(doc.get()))
+    return;
+
   FPDF_SetFormFieldHighlightColor(form.get(), 0, 0xFFE4DD);
   FPDF_SetFormFieldHighlightAlpha(form.get(), 100);
   FORM_DoDocumentJSAction(form.get());
   FORM_DoDocumentOpenAction(form.get());
 
   int page_count = FPDF_GetPageCount(doc.get());
   for (int i = 0; i < page_count; ++i) {
     if (bIsLinearized) {
       nRet = PDF_DATA_NOTAVAIL;
       while (nRet == PDF_DATA_NOTAVAIL)
         nRet = FPDFAvail_IsPageAvail(pdf_avail.get(), i, &hints);
 
       if (nRet == PDF_DATA_ERROR)
         return;
     }
     RenderPage(doc.get(), form.get(), i);
   }
   FORM_DoDocumentAAction(form.get(), FPDFDOC_AACTION_WC);
 }
 
-std::string ProgramPath() {
-#ifdef _MSC_VER
-  wchar_t wpath[MAX_PATH];
-  char path[MAX_PATH];
-  DWORD res = GetModuleFileName(NULL, wpath, MAX_PATH);
-  assert(res != 0);
-  wcstombs(path, wpath, MAX_PATH);
-  return std::string(path, res);
-#else
-  char* path = new char[PATH_MAX + 1];
-  assert(path);
-  ssize_t sz = readlink("/proc/self/exe", path, PATH_MAX);
-  assert(sz > 0);
-  std::string result(path, sz);
-  delete[] path;
-  return result;
-#endif
+bool PDFiumFuzzerHelper::RenderPage(const FPDF_DOCUMENT& doc,
+                                    const FPDF_FORMHANDLE& form,
+                                    const int page_index) {
+  std::unique_ptr<void, FPDFPageDeleter> page(FPDF_LoadPage(doc, page_index));
+  if (!page)
+    return false;
+
+  std::unique_ptr<void, FPDFTextPageDeleter> text_page(
+      FPDFText_LoadPage(page.get()));
+  FORM_OnAfterLoadPage(page.get(), form);
+  FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_OPEN);
+
+  const double scale = 1.0;
+  int width = static_cast<int>(FPDF_GetPageWidth(page.get()) * scale);
+  int height = static_cast<int>(FPDF_GetPageHeight(page.get()) * scale);
+  std::unique_ptr<void, FPDFBitmapDeleter> bitmap(
+      FPDFBitmap_Create(width, height, 0));
+  if (bitmap) {
+    FPDFBitmap_FillRect(bitmap.get(), 0, 0, width, height, 0xFFFFFFFF);
+    FPDF_RenderPageBitmap(bitmap.get(), page.get(), 0, 0, width, height, 0, 0);
+    FPDF_FFLDraw(form, bitmap.get(), page.get(), 0, 0, width, height, 0, 0);
+  }
+  FORM_DoPageAAction(page.get(), form, FPDFPAGE_AACTION_CLOSE);
+  FORM_OnBeforeClosePage(page.get(), form);
+  return !!bitmap;
 }
 
+// Initialize the library once for all runs of the fuzzer.
 struct TestCase {
   TestCase() {
     InitializeV8ForPDFium(ProgramPath(), "", &natives_blob, &snapshot_blob,
                           &platform);
 
     memset(&config, '\0', sizeof(config));
     config.version = 2;
     config.m_pUserFontPaths = nullptr;
     config.m_pIsolate = nullptr;
     config.m_v8EmbedderSlot = 0;
     FPDF_InitLibraryWithConfig(&config);
 
     memset(&unsupport_info, '\0', sizeof(unsupport_info));
     unsupport_info.version = 1;
     unsupport_info.FSDK_UnSupport_Handler = ExampleUnsupportedHandler;
     FSDK_SetUnSpObjProcessHandler(&unsupport_info);
   }
 
   v8::Platform* platform;
   v8::StartupData natives_blob;
   v8::StartupData snapshot_blob;
   FPDF_LIBRARY_CONFIG config;
   UNSUPPORT_INFO unsupport_info;
 };
-
 static TestCase* testCase = new TestCase();
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  RenderPdf(reinterpret_cast<const char*>(data), size);
-  return 0;
-}