From bd4b131ced3989bde9a5dd1e1f0ad378e13d894c Mon Sep 17 00:00:00 2001 From: DavidKorczynski Date: Sat, 13 Jun 2020 16:13:26 +0100 Subject: [PATCH] [xdfp] one more fuzzer (#3981) * Added new fuzzer to xpdf. * Updated sanitizers. * Limit sanitizer to address as this is the only one that allows us to fuzz the pdf core parser. * Disable logging and go further into the API. --- projects/xpdf/build.sh | 8 +++-- projects/xpdf/fuzz_pdfload.cc | 64 +++++++++++++++++++++++++++++++++++ projects/xpdf/project.yaml | 2 ++ 3 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 projects/xpdf/fuzz_pdfload.cc diff --git a/projects/xpdf/build.sh b/projects/xpdf/build.sh index 05a904154..15c88c090 100755 --- a/projects/xpdf/build.sh +++ b/projects/xpdf/build.sh @@ -30,5 +30,9 @@ cmake ../ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" make -i || true # Build fuzzers -cp ../../fuzz_zxdoc.cc . -$CXX fuzz_zxdoc.cc -o $OUT/fuzz_zxdoc ./xpdf/libtestXpdfStatic.a ./fofi/libfofi.a ./goo/libgoo.a -I../ -I../goo -I../fofi -I. -I../xpdf $CXXFLAGS $LIB_FUZZING_ENGINE +for fuzzer in zxdoc pdfload; do + cp ../../fuzz_$fuzzer.cc . + $CXX fuzz_$fuzzer.cc -o $OUT/fuzz_$fuzzer $CXXFLAGS $LIB_FUZZING_ENGINE \ + ./xpdf/libtestXpdfStatic.a ./fofi/libfofi.a ./goo/libgoo.a \ + -I../ -I../goo -I../fofi -I. -I../xpdf +done diff --git a/projects/xpdf/fuzz_pdfload.cc b/projects/xpdf/fuzz_pdfload.cc new file mode 100644 index 000000000..fba7a903e --- /dev/null +++ b/projects/xpdf/fuzz_pdfload.cc @@ -0,0 +1,64 @@ +/* Copyright 2020 Google Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +#include +#include +#include +#include +#include "PDFDoc.h" +#include "GlobalParams.h" +#include "Zoox.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + char filename[256]; + sprintf(filename, "/tmp/libfuzzer.%d", getpid()); + FILE *fp = fopen(filename, "wb"); + if (!fp) + return 0; + fwrite(data, size, 1, fp); + fclose(fp); + + // Main fuzzing logic + Object info, xfa; + Object *acroForm; + globalParams = new GlobalParams(NULL); + globalParams->setErrQuiet(1); + globalParams->setupBaseFonts(NULL); + + PDFDoc *doc = NULL; + try { + doc = new PDFDoc(filename, NULL, NULL); + if (doc->isOk() == gTrue) + { + doc->getNumPages(); + if ((acroForm = doc->getCatalog()->getAcroForm())->isDict()) { + acroForm->dictLookup("XFA", &xfa); + xfa.free(); + } + } + } catch (...) { + + } + + // Cleanup + if (doc != NULL) + delete doc; + delete globalParams; + + // cleanup temporary file + unlink(filename); + return 0; +} + diff --git a/projects/xpdf/project.yaml b/projects/xpdf/project.yaml index 64eb5e504..b0956ee43 100755 --- a/projects/xpdf/project.yaml +++ b/projects/xpdf/project.yaml @@ -1,5 +1,7 @@ homepage: "https://www.xpdfreader.com/" primary_contact: "xpdf@xpdfreader.com" language: c++ +sanitizers: + - address auto_ccs : - "david@adalogics.com"