Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / pdfium / aa7022833db1a6e21b81fcca30b45ba652298f32 / . / testing / libfuzzer / pdf_xml_fuzzer.cc
blob: 80a112d32bf659346a1bf497d2f94230f8b43099 [file] [log] [blame]
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]1// Copyright 2016 The PDFium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <cstddef>
6#include <cstdint>
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]7#include <memory>
8
Dan Sinclair3b71d262017-04-19 08:58:54 -0400[diff] [blame]9#include "core/fxcrt/cfx_seekablestreamproxy.h"
npm43c8a6a2016-09-30 08:37:51 -0700[diff] [blame]10#include "core/fxcrt/fx_basic.h"
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame]11#include "core/fxcrt/fx_safe_types.h"
npm43c8a6a2016-09-30 08:37:51 -0700[diff] [blame]12#include "core/fxcrt/fx_system.h"
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]13#include "core/fxcrt/xml/cfx_xmldoc.h"
14#include "core/fxcrt/xml/cfx_xmlnode.h"
15#include "core/fxcrt/xml/cfx_xmlparser.h"
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame]16#include "third_party/base/ptr_util.h"
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]17
18namespace {
19
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]20CFX_XMLNode* XFA_FDEExtension_GetDocumentNode(
21 CFX_XMLDoc* pXMLDoc,
tsepez304bb912016-11-03 06:10:26 -0700[diff] [blame]22 bool bVerifyWellFormness = false) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]23 if (!pXMLDoc) {
24 return nullptr;
25 }
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]26 CFX_XMLNode* pXMLFakeRoot = pXMLDoc->GetRoot();
27 for (CFX_XMLNode* pXMLNode =
28 pXMLFakeRoot->GetNodeItem(CFX_XMLNode::FirstChild);
29 pXMLNode; pXMLNode = pXMLNode->GetNodeItem(CFX_XMLNode::NextSibling)) {
30 if (pXMLNode->GetType() == FX_XMLNODE_Element) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]31 if (bVerifyWellFormness) {
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]32 for (CFX_XMLNode* pNextNode =
33 pXMLNode->GetNodeItem(CFX_XMLNode::NextSibling);
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]34 pNextNode;
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]35 pNextNode = pNextNode->GetNodeItem(CFX_XMLNode::NextSibling)) {
36 if (pNextNode->GetType() == FX_XMLNODE_Element) {
tsepez919e48d2016-11-01 14:40:44 -0700[diff] [blame]37 return nullptr;
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]38 }
39 }
40 }
41 return pXMLNode;
42 }
43 }
44 return nullptr;
45}
46
47} // namespace
48
49extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
thestig62114cf2016-11-08 12:59:30 -0800[diff] [blame]50 FX_SAFE_STRSIZE safe_size = size;
51 if (!safe_size.IsValid())
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]52 return 0;
53
Dan Sinclair3b71d262017-04-19 08:58:54 -0400[diff] [blame]54 CFX_RetainPtr<CFX_SeekableStreamProxy> stream =
55 pdfium::MakeRetain<CFX_SeekableStreamProxy>(const_cast<uint8_t*>(data),
56 size);
Dan Sinclair0d86ecb2017-04-19 09:19:57 -0400[diff] [blame]57 auto doc = pdfium::MakeUnique<CFX_XMLDoc>();
58 if (!doc->LoadXML(pdfium::MakeUnique<CFX_XMLParser>(doc->GetRoot(), stream)))
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]59 return 0;
60
Dan Sinclairdf673c22017-05-04 12:09:52 -0400[diff] [blame]61 if (doc->DoLoad() < 100)
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]62 return 0;
63
64 (void)XFA_FDEExtension_GetDocumentNode(doc.get());
65 return 0;
66}