1// Copyright 2016 The PDFium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include <cstdint> 6 7#include "core/fpdfapi/parser/cpdf_array.h" 8#include "core/fpdfapi/parser/cpdf_boolean.h" 9#include "core/fpdfapi/parser/cpdf_dictionary.h" 10#include "core/fpdfapi/parser/cpdf_hint_tables.h" 11#include "core/fpdfapi/parser/cpdf_linearized_header.h" 12#include "core/fpdfapi/parser/cpdf_number.h" 13#include "third_party/base/ptr_util.h" 14 15int32_t GetData(const int32_t** data32, const uint8_t** data, size_t* size) { 16 const int32_t* ret = *data32; 17 ++(*data32); 18 *data += 4; 19 *size -= 4; 20 return *ret; 21} 22 23class HintTableForFuzzing : public CPDF_HintTables { 24 public: 25 HintTableForFuzzing(CPDF_LinearizedHeader* pLinearized, 26 int shared_hint_table_offset) 27 : CPDF_HintTables(nullptr, pLinearized), 28 shared_hint_table_offset_(shared_hint_table_offset) {} 29 ~HintTableForFuzzing() {} 30 31 void Fuzz(const uint8_t* data, size_t size) { 32 if (shared_hint_table_offset_ <= 0) 33 return; 34 35 if (size < static_cast<size_t>(shared_hint_table_offset_)) 36 return; 37 38 CFX_BitStream bs; 39 bs.Init(data, size); 40 if (!ReadPageHintTable(&bs)) 41 return; 42 ReadSharedObjHintTable(&bs, shared_hint_table_offset_); 43 } 44 45 private: 46 int shared_hint_table_offset_; 47}; 48 49class FakeLinearized : public CPDF_LinearizedHeader { 50 public: 51 explicit FakeLinearized(CPDF_Dictionary* linearized_dict) 52 : CPDF_LinearizedHeader(linearized_dict) {} 53}; 54 55extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 56 // Need 28 bytes for |linearized_dict|. 57 // The header section of page offset hint table is 36 bytes. 58 // The header section of shared object hint table is 24 bytes. 59 if (size < 28 + 36 + 24) 60 return 0; 61 62 const int32_t* data32 = reinterpret_cast<const int32_t*>(data); 63 64 auto linearized_dict = pdfium::MakeUnique<CPDF_Dictionary>(); 65 // Set initial value. 66 linearized_dict->SetNewFor<CPDF_Boolean>("Linearized", true); 67 // Set first page end offset 68 linearized_dict->SetNewFor<CPDF_Number>("E", GetData(&data32, &data, &size)); 69 // Set page count 70 linearized_dict->SetNewFor<CPDF_Number>("N", GetData(&data32, &data, &size)); 71 // Set first page obj num 72 linearized_dict->SetNewFor<CPDF_Number>("O", GetData(&data32, &data, &size)); 73 // Set first page no 74 linearized_dict->SetNewFor<CPDF_Number>("P", GetData(&data32, &data, &size)); 75 76 auto hint_info = pdfium::MakeUnique<CPDF_Array>(); 77 // Add primary hint stream offset 78 hint_info->AddNew<CPDF_Number>(GetData(&data32, &data, &size)); 79 // Add primary hint stream size 80 hint_info->AddNew<CPDF_Number>(GetData(&data32, &data, &size)); 81 // Set hint stream info. 82 linearized_dict->SetFor("H", std::move(hint_info)); 83 84 const int shared_hint_table_offset = GetData(&data32, &data, &size); 85 86 { 87 FakeLinearized linearized(linearized_dict.get()); 88 HintTableForFuzzing hint_table(&linearized, shared_hint_table_offset); 89 hint_table.Fuzz(data, size); 90 } 91 return 0; 92} 93