Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / pdfium / ae95f763dfb5e4fab3a9ff026b2f844c202625d7 / . / testing / libfuzzer / pdf_xml_fuzzer.cc
blob: 998e2ec6503205f78b8c90aeeee1711675008bcb [file] [log] [blame]
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]1// Copyright 2016 The PDFium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <cstddef>
6#include <cstdint>
7#include <limits>
8#include <memory>
9
Dan Sinclaira8a28e02016-03-23 15:41:39 -0400[diff] [blame]10#include "core/fxcrt/include/fx_basic.h"
11#include "core/fxcrt/include/fx_system.h"
Dan Sinclair1770c022016-03-14 14:14:16 -0400[diff] [blame]12#include "xfa/fxfa/parser/xfa_parser.h"
13#include "xfa/fxfa/parser/xfa_parser_imp.h"
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]14
15namespace {
16
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame^]17CFDE_XMLNode* XFA_FDEExtension_GetDocumentNode(
18 CFDE_XMLDoc* pXMLDoc,
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]19 FX_BOOL bVerifyWellFormness = FALSE) {
20 if (!pXMLDoc) {
21 return nullptr;
22 }
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame^]23 CFDE_XMLNode* pXMLFakeRoot = pXMLDoc->GetRoot();
24 for (CFDE_XMLNode* pXMLNode =
25 pXMLFakeRoot->GetNodeItem(CFDE_XMLNode::FirstChild);
26 pXMLNode; pXMLNode = pXMLNode->GetNodeItem(CFDE_XMLNode::NextSibling)) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]27 if (pXMLNode->GetType() == FDE_XMLNODE_Element) {
28 if (bVerifyWellFormness) {
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame^]29 for (CFDE_XMLNode* pNextNode =
30 pXMLNode->GetNodeItem(CFDE_XMLNode::NextSibling);
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]31 pNextNode;
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame^]32 pNextNode = pNextNode->GetNodeItem(CFDE_XMLNode::NextSibling)) {
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]33 if (pNextNode->GetType() == FDE_XMLNODE_Element) {
34 return FALSE;
35 }
36 }
37 }
38 return pXMLNode;
39 }
40 }
41 return nullptr;
42}
43
44} // namespace
45
46extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
47 if (size > std::numeric_limits<FX_STRSIZE>::max())
48 return 0;
49
50 CFX_WideString input = CFX_WideString::FromUTF8(
51 reinterpret_cast<const char*>(data), static_cast<FX_STRSIZE>(size));
52 std::unique_ptr<IFX_Stream, ReleaseDeleter<IFX_Stream>> stream(
53 XFA_CreateWideTextRead(input));
54 if (!stream)
55 return 0;
56
dsinclairae95f762016-03-29 16:58:29 -0700[diff] [blame^]57 std::unique_ptr<CFDE_XMLDoc> doc(new CFDE_XMLDoc);
58 std::unique_ptr<CFDE_XMLParser, ReleaseDeleter<CFDE_XMLParser>> parser(
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]59 new CXFA_XMLParser(doc->GetRoot(), stream.get()));
Oliver Change67d2182016-02-16 11:42:07 -0800[diff] [blame]60
61 if (!doc->LoadXML(parser.release()))
62 return 0;
63
64 int32_t load_result = doc->DoLoad(nullptr);
65 if (load_result < 100)
66 return 0;
67
68 (void)XFA_FDEExtension_GetDocumentNode(doc.get());
69 return 0;
70}