1*3ac0a46fSAndroid Build Coastguard Worker // Copyright 2016 The PDFium Authors 2*3ac0a46fSAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*3ac0a46fSAndroid Build Coastguard Worker // found in the LICENSE file. 4*3ac0a46fSAndroid Build Coastguard Worker 5*3ac0a46fSAndroid Build Coastguard Worker #ifndef TESTING_FUZZERS_XFA_CODEC_FUZZER_H_ 6*3ac0a46fSAndroid Build Coastguard Worker #define TESTING_FUZZERS_XFA_CODEC_FUZZER_H_ 7*3ac0a46fSAndroid Build Coastguard Worker 8*3ac0a46fSAndroid Build Coastguard Worker #include <memory> 9*3ac0a46fSAndroid Build Coastguard Worker #include <utility> 10*3ac0a46fSAndroid Build Coastguard Worker 11*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxcodec/fx_codec.h" 12*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxcodec/progressive_decoder.h" 13*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxcrt/cfx_read_only_span_stream.h" 14*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxcrt/fx_safe_types.h" 15*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxcrt/retain_ptr.h" 16*3ac0a46fSAndroid Build Coastguard Worker #include "core/fxge/dib/cfx_dibitmap.h" 17*3ac0a46fSAndroid Build Coastguard Worker #include "third_party/base/containers/span.h" 18*3ac0a46fSAndroid Build Coastguard Worker 19*3ac0a46fSAndroid Build Coastguard Worker // Support up to 64 MB. This prevents trivial OOM when MSAN is on and 20*3ac0a46fSAndroid Build Coastguard Worker // time outs. 21*3ac0a46fSAndroid Build Coastguard Worker const int kXFACodecFuzzerPixelLimit = 64000000; 22*3ac0a46fSAndroid Build Coastguard Worker 23*3ac0a46fSAndroid Build Coastguard Worker class XFACodecFuzzer { 24*3ac0a46fSAndroid Build Coastguard Worker public: Fuzz(const uint8_t * data,size_t size,FXCODEC_IMAGE_TYPE type)25*3ac0a46fSAndroid Build Coastguard Worker static int Fuzz(const uint8_t* data, size_t size, FXCODEC_IMAGE_TYPE type) { 26*3ac0a46fSAndroid Build Coastguard Worker auto decoder = std::make_unique<ProgressiveDecoder>(); 27*3ac0a46fSAndroid Build Coastguard Worker auto source = pdfium::MakeRetain<CFX_ReadOnlySpanStream>( 28*3ac0a46fSAndroid Build Coastguard Worker pdfium::make_span(data, size)); 29*3ac0a46fSAndroid Build Coastguard Worker CFX_DIBAttribute attr; 30*3ac0a46fSAndroid Build Coastguard Worker FXCODEC_STATUS status = 31*3ac0a46fSAndroid Build Coastguard Worker decoder->LoadImageInfo(std::move(source), type, &attr, true); 32*3ac0a46fSAndroid Build Coastguard Worker if (status != FXCODEC_STATUS::kFrameReady) 33*3ac0a46fSAndroid Build Coastguard Worker return 0; 34*3ac0a46fSAndroid Build Coastguard Worker 35*3ac0a46fSAndroid Build Coastguard Worker // Skipping very large images, since they will take a long time and may lead 36*3ac0a46fSAndroid Build Coastguard Worker // to OOM. 37*3ac0a46fSAndroid Build Coastguard Worker FX_SAFE_UINT32 bitmap_size = decoder->GetHeight(); 38*3ac0a46fSAndroid Build Coastguard Worker bitmap_size *= decoder->GetWidth(); 39*3ac0a46fSAndroid Build Coastguard Worker bitmap_size *= 4; // From CFX_DIBitmap impl. 40*3ac0a46fSAndroid Build Coastguard Worker if (!bitmap_size.IsValid() || 41*3ac0a46fSAndroid Build Coastguard Worker bitmap_size.ValueOrDie() > kXFACodecFuzzerPixelLimit) { 42*3ac0a46fSAndroid Build Coastguard Worker return 0; 43*3ac0a46fSAndroid Build Coastguard Worker } 44*3ac0a46fSAndroid Build Coastguard Worker 45*3ac0a46fSAndroid Build Coastguard Worker auto bitmap = pdfium::MakeRetain<CFX_DIBitmap>(); 46*3ac0a46fSAndroid Build Coastguard Worker bitmap->Create(decoder->GetWidth(), decoder->GetHeight(), 47*3ac0a46fSAndroid Build Coastguard Worker FXDIB_Format::kArgb); 48*3ac0a46fSAndroid Build Coastguard Worker 49*3ac0a46fSAndroid Build Coastguard Worker size_t frames; 50*3ac0a46fSAndroid Build Coastguard Worker std::tie(status, frames) = decoder->GetFrames(); 51*3ac0a46fSAndroid Build Coastguard Worker if (status != FXCODEC_STATUS::kDecodeReady || frames == 0) 52*3ac0a46fSAndroid Build Coastguard Worker return 0; 53*3ac0a46fSAndroid Build Coastguard Worker 54*3ac0a46fSAndroid Build Coastguard Worker status = decoder->StartDecode(bitmap, 0, 0, bitmap->GetWidth(), 55*3ac0a46fSAndroid Build Coastguard Worker bitmap->GetHeight()); 56*3ac0a46fSAndroid Build Coastguard Worker while (status == FXCODEC_STATUS::kDecodeToBeContinued) 57*3ac0a46fSAndroid Build Coastguard Worker status = decoder->ContinueDecode(); 58*3ac0a46fSAndroid Build Coastguard Worker 59*3ac0a46fSAndroid Build Coastguard Worker return 0; 60*3ac0a46fSAndroid Build Coastguard Worker } 61*3ac0a46fSAndroid Build Coastguard Worker }; 62*3ac0a46fSAndroid Build Coastguard Worker 63*3ac0a46fSAndroid Build Coastguard Worker #endif // TESTING_FUZZERS_XFA_CODEC_FUZZER_H_ 64