[xdfp] one more fuzzer (#3981)

* Added new fuzzer to xpdf. * Updated sanitizers. * Limit sanitizer to address as this is the only one that allows us to fuzz the pdf core parser. * Disable logging and go further into the API.
2020-06-13 16:13:26 +01:00 · 2020-06-13 16:13:26 +01:00 · bd4b131ced
parent bf38231a78
commit bd4b131ced
3 changed files with 72 additions and 2 deletions
--- a/projects/xpdf/build.sh
+++ b/projects/xpdf/build.sh
@ -30,5 +30,9 @@ cmake ../ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS"
 make -i || true

 # Build fuzzers
-cp ../../fuzz_zxdoc.cc .
-$CXX fuzz_zxdoc.cc -o $OUT/fuzz_zxdoc ./xpdf/libtestXpdfStatic.a ./fofi/libfofi.a ./goo/libgoo.a -I../ -I../goo -I../fofi -I. -I../xpdf $CXXFLAGS $LIB_FUZZING_ENGINE
+for fuzzer in zxdoc pdfload; do
+    cp ../../fuzz_$fuzzer.cc .
+    $CXX fuzz_$fuzzer.cc -o $OUT/fuzz_$fuzzer $CXXFLAGS $LIB_FUZZING_ENGINE \
+      ./xpdf/libtestXpdfStatic.a ./fofi/libfofi.a ./goo/libgoo.a \
+      -I../ -I../goo -I../fofi -I. -I../xpdf
+done
--- a/projects/xpdf/fuzz_pdfload.cc
+++ b/projects/xpdf/fuzz_pdfload.cc
@ -0,0 +1,64 @@
+/*  Copyright 2020 Google Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <exception>
+#include "PDFDoc.h"
+#include "GlobalParams.h"
+#include "Zoox.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    char filename[256];
+    sprintf(filename, "/tmp/libfuzzer.%d", getpid());
+    FILE *fp = fopen(filename, "wb");
+    if (!fp)
+        return 0;
+    fwrite(data, size, 1, fp);
+    fclose(fp);
+
+    // Main fuzzing logic
+    Object info, xfa;
+    Object *acroForm;
+    globalParams = new GlobalParams(NULL);
+    globalParams->setErrQuiet(1);
+    globalParams->setupBaseFonts(NULL);
+
+    PDFDoc *doc = NULL;
+    try {
+        doc = new PDFDoc(filename, NULL, NULL);
+        if (doc->isOk() == gTrue)
+        {
+            doc->getNumPages();
+            if ((acroForm = doc->getCatalog()->getAcroForm())->isDict()) {
+                acroForm->dictLookup("XFA", &xfa);
+                xfa.free();
+            }
+        }
+    } catch (...) {
+
+    }
+
+    // Cleanup
+    if (doc != NULL)
+        delete doc;
+    delete globalParams;
+
+    // cleanup temporary file
+    unlink(filename);
+    return 0;
+}
+
--- a/projects/xpdf/project.yaml
+++ b/projects/xpdf/project.yaml
@ -1,5 +1,7 @@
 homepage: "https://www.xpdfreader.com/"
 primary_contact: "xpdf@xpdfreader.com"
 language: c++
+sanitizers:
+  - address
 auto_ccs :
  - "david@adalogics.com"