From 1ae8bf7ee437e1d0289d4def1d6f9ec6bc0bc829 Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Tue, 28 Jun 2022 10:44:17 -0200 Subject: [PATCH] ghostscript: add target for new devices (#7912) * ghostscript: add target for new devices Adds ability to target various devices and a fuzzer that targets pdfwrite and pxlmono devices. The primary device of interest here is likely pdfwrite as it's more widely used as far as I know. * fix review 1 * fix review 2 * nit * nit --- projects/ghostscript/build.sh | 6 ++-- .../ghostscript/gs_device_pdfwrite_fuzzer.cc | 20 +++++++++++++ .../ghostscript/gs_device_pxlmono_fuzzer.cc | 20 +++++++++++++ .../{gstoraster_fuzzlib.h => gs_fuzzlib.h} | 28 +++++++++++++++++-- projects/ghostscript/gstoraster_fuzzer.cc | 2 +- .../gstoraster_fuzzer_all_colors.cc | 2 +- projects/ghostscript/gstoraster_pdf_fuzzer.cc | 2 +- projects/ghostscript/gstoraster_ps_fuzzer.cc | 2 +- 8 files changed, 74 insertions(+), 8 deletions(-) create mode 100644 projects/ghostscript/gs_device_pdfwrite_fuzzer.cc create mode 100644 projects/ghostscript/gs_device_pxlmono_fuzzer.cc rename projects/ghostscript/{gstoraster_fuzzlib.h => gs_fuzzlib.h} (86%) diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh index 8a900b57b..29261339b 100755 --- a/projects/ghostscript/build.sh +++ b/projects/ghostscript/build.sh @@ -46,11 +46,11 @@ CPPFLAGS="${CPPFLAGS:-} $CUPS_CFLAGS -DPACIFY_VALGRIND" ./autogen.sh \ CUPSCONFIG=$CUPSCONFIG \ --enable-freetype --enable-fontconfig \ --enable-cups --with-ijs --with-jbig2dec \ - --with-drivers=cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint + --with-drivers=pdfwrite,cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint make -j$(nproc) libgs -for fuzzer in gstoraster_pdf_fuzzer gstoraster_fuzzer gstoraster_fuzzer_all_colors gstoraster_ps_fuzzer; do +for fuzzer in gstoraster_pdf_fuzzer gstoraster_fuzzer gstoraster_fuzzer_all_colors gstoraster_ps_fuzzer gs_device_pdfwrite_fuzzer gs_device_pxlmono_fuzzer; do $CXX $CXXFLAGS $CUPS_LDFLAGS -std=c++11 -I. -I$SRC \ $SRC/${fuzzer}.cc \ -o "$OUT/${fuzzer}" \ @@ -83,6 +83,8 @@ done # Create corpus for gstoraster_fuzzer zip -j "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$WORK"/seeds/* +cp "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$OUT/gs_device_pdfwrite_fuzzer_seed_corpus.zip" +cp "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$OUT/gs_device_pxlmono_fuzzer_seed_corpus.zip" # Copy out options cp $SRC/*.options $OUT/ diff --git a/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc new file mode 100644 index 000000000..6e01c5420 --- /dev/null +++ b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc @@ -0,0 +1,20 @@ +/* Copyright 2022 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include "gs_fuzzlib.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + fuzz_gs_device(data, size, 1, "pdfwrite"); + return 0; +} diff --git a/projects/ghostscript/gs_device_pxlmono_fuzzer.cc b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc new file mode 100644 index 000000000..bdae304a8 --- /dev/null +++ b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc @@ -0,0 +1,20 @@ +/* Copyright 2022 Google LLC + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include "gs_fuzzlib.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + fuzz_gs_device(data, size, 1, "pxlmono"); + return 0; +} diff --git a/projects/ghostscript/gstoraster_fuzzlib.h b/projects/ghostscript/gs_fuzzlib.h similarity index 86% rename from projects/ghostscript/gstoraster_fuzzlib.h rename to projects/ghostscript/gs_fuzzlib.h index c2c096095..1a77a8ea7 100644 --- a/projects/ghostscript/gstoraster_fuzzlib.h +++ b/projects/ghostscript/gs_fuzzlib.h @@ -27,6 +27,13 @@ static const unsigned char *g_data; static size_t g_size; +int fuzz_gs_device( + const unsigned char *buf, + size_t size, + int color_scheme, + const char *device_target +); + #define min(x, y) ((x) < (y) ? (x) : (y)) static int gs_stdin(void *inst, char *buf, int len) @@ -48,17 +55,34 @@ static int gs_stdnull(void *inst, const char *buf, int len) return len; } -int gs_to_raster_fuzz(const unsigned char *buf, size_t size, int color_scheme) +int gs_to_raster_fuzz( + const unsigned char *buf, + size_t size, + int color_scheme +) +{ + return fuzz_gs_device(buf, size, color_scheme, "cups"); +} + +int fuzz_gs_device( + const unsigned char *buf, + size_t size, + int color_scheme, + const char *device_target +) { int ret; void *gs = NULL; char color_space[50]; + char gs_device[50]; /* * We are expecting color_scheme to be in the [0:62] interval. * This corresponds to the color schemes defined here: * https://github.com/ArtifexSoftware/ghostpdl/blob/8c97d5adce0040ac38a1fb4d7954499c65f582ff/cups/libs/cups/raster.h#L102 */ sprintf(color_space, "-dcupsColorSpace=%d", color_scheme); + + sprintf(gs_device, "-sDEVICE=%s", device_target); /* Mostly stolen from cups-filters gstoraster. */ char *args[] = { "gs", @@ -77,7 +101,7 @@ int gs_to_raster_fuzz(const unsigned char *buf, size_t size, int color_scheme) "-dNOMEDIAATTRS", "-sstdout=%%stderr", "-sOutputFile=/dev/null", - "-sDEVICE=cups", + gs_device, "-_", }; int argc = sizeof(args) / sizeof(args[0]); diff --git a/projects/ghostscript/gstoraster_fuzzer.cc b/projects/ghostscript/gstoraster_fuzzer.cc index 3e6a83dd3..61916f5c4 100644 --- a/projects/ghostscript/gstoraster_fuzzer.cc +++ b/projects/ghostscript/gstoraster_fuzzer.cc @@ -16,7 +16,7 @@ ################################################################################ */ -#include "gstoraster_fuzzlib.h" +#include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Tests RGB color scheme */ diff --git a/projects/ghostscript/gstoraster_fuzzer_all_colors.cc b/projects/ghostscript/gstoraster_fuzzer_all_colors.cc index b36f86b23..74cbdb042 100644 --- a/projects/ghostscript/gstoraster_fuzzer_all_colors.cc +++ b/projects/ghostscript/gstoraster_fuzzer_all_colors.cc @@ -10,7 +10,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -#include "gstoraster_fuzzlib.h" +#include "gs_fuzzlib.h" extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (size == 0) { diff --git a/projects/ghostscript/gstoraster_pdf_fuzzer.cc b/projects/ghostscript/gstoraster_pdf_fuzzer.cc index b468a7635..5fc258b5c 100644 --- a/projects/ghostscript/gstoraster_pdf_fuzzer.cc +++ b/projects/ghostscript/gstoraster_pdf_fuzzer.cc @@ -10,7 +10,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -#include "gstoraster_fuzzlib.h" +#include "gs_fuzzlib.h" // Returns 1 if this has a valid PDF header and 0 otherwise static int quick_check_pdf(const uint8_t *data, size_t size) { diff --git a/projects/ghostscript/gstoraster_ps_fuzzer.cc b/projects/ghostscript/gstoraster_ps_fuzzer.cc index 221b72d8f..1c89104c1 100644 --- a/projects/ghostscript/gstoraster_ps_fuzzer.cc +++ b/projects/ghostscript/gstoraster_ps_fuzzer.cc @@ -9,7 +9,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -#include "gstoraster_fuzzlib.h" +#include "gs_fuzzlib.h" /* Returns 1 if the data has a PDF header and 0 otherwise */ static int is_pdf(const uint8_t *data, size_t size) {