From 1414080bf70abc759e614331dd0c84ff5efa929a Mon Sep 17 00:00:00 2001 From: Navidem Date: Wed, 6 Apr 2022 18:45:37 -0700 Subject: [PATCH] Separate JBIG2 fuzzer (#7523) * Separate JBIG2 fuzzer * fix copyright string --- projects/xpdf/build.sh | 2 +- projects/xpdf/fuzz_JBIG2.cc | 92 +++++++++++++++++++++++++++++++++++ projects/xpdf/fuzz_pdfload.cc | 10 ---- 3 files changed, 93 insertions(+), 11 deletions(-) create mode 100644 projects/xpdf/fuzz_JBIG2.cc diff --git a/projects/xpdf/build.sh b/projects/xpdf/build.sh index c36123740..621db85ef 100755 --- a/projects/xpdf/build.sh +++ b/projects/xpdf/build.sh @@ -46,7 +46,7 @@ cmake ../ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ make # Build fuzzers -for fuzzer in zxdoc pdfload; do +for fuzzer in zxdoc pdfload JBIG2; do cp ../../fuzz_$fuzzer.cc . $CXX fuzz_$fuzzer.cc -o $OUT/fuzz_$fuzzer $CXXFLAGS $LIB_FUZZING_ENGINE \ ./xpdf/libtestXpdfStatic.a ./fofi/libfofi.a ./goo/libgoo.a ./splash/libsplash.a ./xpdf/libtestXpdfWidgetStatic.a /work/prefix/lib/libfreetype.a \ diff --git a/projects/xpdf/fuzz_JBIG2.cc b/projects/xpdf/fuzz_JBIG2.cc new file mode 100644 index 000000000..37316b7da --- /dev/null +++ b/projects/xpdf/fuzz_JBIG2.cc @@ -0,0 +1,92 @@ +/* Copyright 2022 Google Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "gmem.h" +#include "gmempp.h" +#include "parseargs.h" +#include "GString.h" +#include "gfile.h" +#include "GlobalParams.h" +#include "Object.h" +#include "PDFDoc.h" +#include "SplashBitmap.h" +#include "Splash.h" +#include "SplashOutputDev.h" +#include "Stream.h" +#include "config.h" + +#include "JBIG2Stream.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + FuzzedDataProvider fdp(data, size); + double hdpi = fdp.ConsumeFloatingPoint(); + double vdpi = fdp.ConsumeFloatingPoint(); + int rotate = fdp.ConsumeIntegral(); + bool useMediaBox = fdp.ConsumeBool(); + bool crop = fdp.ConsumeBool(); + bool printing = fdp.ConsumeBool(); + std::vector payload = fdp.ConsumeRemainingBytes(); + + Object xpdf_obj; + xpdf_obj.initNull(); + BaseStream *stream = new MemStream(payload.data(), 0, payload.size(), &xpdf_obj); + + Object info, xfa; + Object *acroForm; + globalParams = new GlobalParams(NULL); + globalParams->setErrQuiet(1); + globalParams->setupBaseFonts(NULL); + char yes[] = "yes"; + globalParams->setEnableFreeType(yes); // Yes, it's a string and not a bool. + globalParams->setErrQuiet(1); + + PDFDoc *doc = NULL; + try + { + PDFDoc doc(stream); + if (doc.isOk() == gTrue) + { + XRef *xref = doc.getXRef(); + int objNums = xref->getNumObjects(); + Object currentObj; + for (int i = 0; i < objNums; ++i) + { + if (xref->fetch(i, 0, ¤tObj)->isStream()) + { + currentObj.getStream()->reset(); + } + } + currentObj.free(); + } + } + catch (...) + { + } + + delete globalParams; + + return 0; +} diff --git a/projects/xpdf/fuzz_pdfload.cc b/projects/xpdf/fuzz_pdfload.cc index 697b79e6f..fc4dad316 100644 --- a/projects/xpdf/fuzz_pdfload.cc +++ b/projects/xpdf/fuzz_pdfload.cc @@ -117,16 +117,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) (void)splashOut->getBitmap(); delete splashOut; - - XRef *xref = doc.getXRef(); - int objNums = xref->getNumObjects(); - Object currentObj; - for (int i = 0; i < objNums; ++i) { - if (xref->fetch(i, 0, ¤tObj)->isStream()){ - currentObj.getStream()->reset(); - } - } - currentObj.free(); } } catch (...) {