Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / pdfium / 62114cf3d85ee9149b270e02935c98395567f45e / . / testing / libfuzzer / pdf_xml_fuzzer.cc
blob: 91b4d6026cf9ce7653e986ca5c4a56b1aabaf1eb [file] [log] [blame]
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]1// Copyright 2016 The PDFium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <cstddef>
6#include <cstdint>
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]7#include <memory>
8
npm43c8a6a2016-09-30 08:37:51 -0700[diff] [blame]9#include "core/fxcrt/fx_basic.h"
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame^]10#include "core/fxcrt/fx_safe_types.h"
npm43c8a6a2016-09-30 08:37:51 -0700[diff] [blame]11#include "core/fxcrt/fx_system.h"
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame^]12#include "third_party/base/ptr_util.h"
dsinclair34f86b02016-07-11 08:42:33 -0700[diff] [blame]13#include "xfa/fde/xml/fde_xml_imp.h"
14#include "xfa/fxfa/parser/cxfa_xml_parser.h"
dsinclair9eb0db12016-07-21 12:01:39 -0700[diff] [blame]15#include "xfa/fxfa/parser/cxfa_widetextread.h"
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]16
17namespace {
18
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame]19CFDE_XMLNode* XFA_FDEExtension_GetDocumentNode(
20 CFDE_XMLDoc* pXMLDoc,
tsepez304bb912016-11-03 06:10:26 -0700[diff] [blame]21 bool bVerifyWellFormness = false) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]22 if (!pXMLDoc) {
23 return nullptr;
24 }
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame]25 CFDE_XMLNode* pXMLFakeRoot = pXMLDoc->GetRoot();
26 for (CFDE_XMLNode* pXMLNode =
27 pXMLFakeRoot->GetNodeItem(CFDE_XMLNode::FirstChild);
28 pXMLNode; pXMLNode = pXMLNode->GetNodeItem(CFDE_XMLNode::NextSibling)) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]29 if (pXMLNode->GetType() == FDE_XMLNODE_Element) {
30 if (bVerifyWellFormness) {
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame]31 for (CFDE_XMLNode* pNextNode =
32 pXMLNode->GetNodeItem(CFDE_XMLNode::NextSibling);
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]33 pNextNode;
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame]34 pNextNode = pNextNode->GetNodeItem(CFDE_XMLNode::NextSibling)) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]35 if (pNextNode->GetType() == FDE_XMLNODE_Element) {
tsepez919e48d2016-11-01 14:40:44 -0700[diff] [blame]36 return nullptr;
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]37 }
38 }
39 }
40 return pXMLNode;
41 }
42 }
43 return nullptr;
44}
45
46} // namespace
47
48extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame^]49 FX_SAFE_STRSIZE safe_size = size;
50 if (!safe_size.IsValid())
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]51 return 0;
52
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame^]53 CFX_WideString input =
54 CFX_WideString::FromUTF8(CFX_ByteStringC(data, safe_size.ValueOrDie()));
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]55 std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream(
dsinclair9eb0db12016-07-21 12:01:39 -0700[diff] [blame]56 new CXFA_WideTextRead(input));
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]57 if (!stream)
58 return 0;
59
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame^]60 std::unique_ptr<CFDE_XMLDoc> doc = pdfium::MakeUnique<CFDE_XMLDoc>();
Tom Sepezd3743ea2016-05-16 15:56:53 -0700[diff] [blame]61 std::unique_ptr<CFDE_XMLParser, ReleaseDeleter<CFDE_XMLParser>> parser(
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]62 new CXFA_XMLParser(doc->GetRoot(), stream.get()));
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]63
64 if (!doc->LoadXML(parser.release()))
65 return 0;
66
67 int32_t load_result = doc->DoLoad(nullptr);
68 if (load_result < 100)
69 return 0;
70
71 (void)XFA_FDEExtension_GetDocumentNode(doc.get());
72 return 0;
73}