From 3d03024ab235cf09517b8b1125093a9062151da2 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Thu, 13 Jun 2019 09:28:38 -0400 Subject: [PATCH] oss-fuzz initial integration --- .gitignore | 1 + ChangeLog | 7 + Makefile | 2 +- NOTICE.md | 2 + README-maintainer | 13 + autoconf.mk.in | 1 + autofiles.sums | 2 +- azure-pipelines.yml | 8 + azure-pipelines/build-fuzzer | 11 + configure | 17 + configure.ac | 11 + fuzz/Makefile | 1 + fuzz/README.md | 1 + fuzz/build.mk | 82 ++ fuzz/options | 2 + fuzz/oss-fuzz-build | 18 + fuzz/pdf.dict | 1466 +++++++++++++++++++++++++ fuzz/qpdf_read_memory_fuzzer.cc | 15 + fuzz/standalone_fuzz_target_runner.cc | 36 + 19 files changed, 1694 insertions(+), 2 deletions(-) create mode 100755 azure-pipelines/build-fuzzer create mode 100644 fuzz/Makefile create mode 100644 fuzz/README.md create mode 100644 fuzz/build.mk create mode 100644 fuzz/options create mode 100755 fuzz/oss-fuzz-build create mode 100644 fuzz/pdf.dict create mode 100644 fuzz/qpdf_read_memory_fuzzer.cc create mode 100644 fuzz/standalone_fuzz_target_runner.cc diff --git a/.gitignore b/.gitignore index f280951b..720eadcf 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ doc/qpdf.1 doc/zlib-flate.1 examples/build/ external-libs +fuzz/build/ libqpdf.map libqpdf.pc libqpdf/build/ diff --git a/ChangeLog b/ChangeLog index deece77c..0a98cf6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2019-06-13 Jay Berkenbilt + + * Perform initial integration of Google's oss-fuzz project by + copying the fuzzer someone from Google already did into the qpdf + repository and adding build support. This shift in control is in + preparation for an ideal integration with oss-fuzz. + 2019-06-09 Jay Berkenbilt * When /DecodeParms is an empty list, ignore it on read and delete diff --git a/Makefile b/Makefile index 414430ea..ef3adec7 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ # install to install in a separate location. This is useful for # packagers. -BUILD_ITEMS := manual libqpdf zlib-flate libtests qpdf examples +BUILD_ITEMS := manual libqpdf zlib-flate libtests qpdf fuzz examples OUTPUT_DIR = build ALL_TARGETS = diff --git a/NOTICE.md b/NOTICE.md index 56eb455c..b430a830 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -10,6 +10,8 @@ Versions of qpdf prior to version 7 were released under the terms of version 2.0 The qpdf distribution includes a copy of [qtest](http://qtest.qbilt.org), which is released under the terms of the [version 2.0 of the Artistic license](https://opensource.org/licenses/Artistic-2.0), which can be found at https://opensource.org/licenses/Artistic-2.0. +The standalone fuzz target runner (fuzz/standalone_fuzz_target_runner.cc) is copyright 2017 by Google and is also released under the Apache license, Version 2.0. + The Rijndael encryption implementation used as the basis for AES encryption and decryption support comes from Philip J. Erdelsky's public domain implementation. The files `libqpdf/rijndael.cc` and `libqpdf/qpdf/rijndael.h` remain in the public domain. They were obtained from * http://www.efgh.com/software/rijndael.htm * http://www.efgh.com/software/rijndael.txt diff --git a/README-maintainer b/README-maintainer index 3ae29e90..cb699074 100644 --- a/README-maintainer +++ b/README-maintainer @@ -17,6 +17,19 @@ Memory checks: LDFLAGS="-fsanitize=address -fsanitize=undefined" \ --enable-werror --disable-shared +GOOGLE OSS-FUZZ + +* https://github.com/google/oss-fuzz/tree/master/projects/qpdf +* To test locally, see https://github.com/google/oss-fuzz/tree/master/docs/, + especially new_project_guide.md + +Clone the oss-fuzz project. From the root directory of the repository: + + python infra/helper.py build_image --pull qpdf + python infra/helper.py build_fuzzers qpdf + python infra/helper.py check_build qpdf + python infra/helper.py build_fuzzers --sanitizer coverage qpdf + python infra/helper.py coverage qpdf CODING RULES diff --git a/autoconf.mk.in b/autoconf.mk.in index 0521fdb5..f198b4ec 100644 --- a/autoconf.mk.in +++ b/autoconf.mk.in @@ -37,6 +37,7 @@ XMLLINT=@XMLLINT@ BUILD_HTML=@BUILD_HTML@ BUILD_PDF=@BUILD_PDF@ VALIDATE_DOC=@VALIDATE_DOC@ +OSS_FUZZ=@OSS_FUZZ@ QPDF_SKIP_TEST_COMPARE_IMAGES=@QPDF_SKIP_TEST_COMPARE_IMAGES@ BUILDRULES=@BUILDRULES@ HAVE_LD_VERSION_SCRIPT=@HAVE_LD_VERSION_SCRIPT@ diff --git a/autofiles.sums b/autofiles.sums index d98963e1..d46cbaea 100644 --- a/autofiles.sums +++ b/autofiles.sums @@ -1,4 +1,4 @@ -ba2adf968b787efe32cd4396a5cfeceeb52d2c48686bdc21a3b03edae169632c configure.ac +f0057d67ba676a48d07264f6c9a947c59c36dee48dbd6c41903d5f03c586a9cf configure.ac 35bc5c645dc42d47f2daeea06f8f3e767c8a1aee6a35eb2b4854fd2ce66c3413 m4/ax_random_device.m4 37f8897d5f68d7d484e5457832a8f190ddb7507fa2a467cb7ee2be40a4364643 m4/libtool.m4 e77ebba8361b36f14b4d0927173a034b98c5d05049697a9ded84d85eb99a7990 m4/ltoptions.m4 diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 7e6bfbc5..69a65b80 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -100,3 +100,11 @@ jobs: buildPlatform: AppImage dependsOn: Linux condition: succeeded() +- job: Fuzzers + pool: + vmImage: ubuntu-16.04 + steps: + - script: azure-pipelines/build-fuzzer + displayName: 'Build Fuzzer' + dependsOn: Linux + condition: succeeded() diff --git a/azure-pipelines/build-fuzzer b/azure-pipelines/build-fuzzer new file mode 100755 index 00000000..00c1c8ac --- /dev/null +++ b/azure-pipelines/build-fuzzer @@ -0,0 +1,11 @@ +#!/bin/bash +set -ex +export WORK=$PWD/work +export OUT=$PWD/out +mkdir -p $WORK $OUT +sudo apt-get update +sudo apt-get -y install \ + autoconf build-essential zlib1g-dev libjpeg-dev +./fuzz/oss-fuzz-build +ls -l out/qpdf*fuzzer +ls -l out/ diff --git a/configure b/configure index eb40b967..1fa79226 100755 --- a/configure +++ b/configure @@ -630,6 +630,7 @@ ac_includes_default="\ ac_subst_vars='LTLIBOBJS LIBOBJS +OSS_FUZZ VALIDATE_DOC BUILD_PDF BUILD_HTML @@ -774,6 +775,7 @@ enable_doc_maintenance enable_html_doc enable_pdf_doc enable_validate_doc +enable_oss_fuzz ' ac_precious_vars='build_alias host_alias @@ -1449,6 +1451,8 @@ Optional Features: --enable-html-doc whether to build HTML documents --enable-pdf-doc whether to build PDF documents --enable-validate-doc whether to validate xml document source + --enable-doc-maintenance + if set, build static fuzzers for oss-fuzz Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -16924,6 +16928,19 @@ else fi + +# Check whether --enable-oss-fuzz was given. +if test "${enable_oss_fuzz+set}" = set; then : + enableval=$enable_oss_fuzz; if test "$enableval" = "yes"; then + OSS_FUZZ=1; + else + OSS_FUZZ=0; + fi +else + OSS_FUZZ=0 +fi + + if test "$VALIDATE_DOC" = "1"; then if test "$XMLLINT" = ""; then MISSING_XMLLINT=1 diff --git a/configure.ac b/configure.ac index 1a474011..4dd3e329 100644 --- a/configure.ac +++ b/configure.ac @@ -501,6 +501,17 @@ AC_ARG_ENABLE(validate-doc, fi], [VALIDATE_DOC=$doc_default]) +AC_SUBST(OSS_FUZZ) +AC_ARG_ENABLE(oss-fuzz, + AS_HELP_STRING([--enable-doc-maintenance], + [if set, build static fuzzers for oss-fuzz]), + [if test "$enableval" = "yes"; then + OSS_FUZZ=1; + else + OSS_FUZZ=0; + fi], + [OSS_FUZZ=0]) + if test "$VALIDATE_DOC" = "1"; then if test "$XMLLINT" = ""; then MISSING_XMLLINT=1 diff --git a/fuzz/Makefile b/fuzz/Makefile new file mode 100644 index 00000000..90899055 --- /dev/null +++ b/fuzz/Makefile @@ -0,0 +1 @@ +include ../make/proxy.mk diff --git a/fuzz/README.md b/fuzz/README.md new file mode 100644 index 00000000..ab00e993 --- /dev/null +++ b/fuzz/README.md @@ -0,0 +1 @@ +pdf.dict was copied from https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/pdf.dict diff --git a/fuzz/build.mk b/fuzz/build.mk new file mode 100644 index 00000000..5d7ab903 --- /dev/null +++ b/fuzz/build.mk @@ -0,0 +1,82 @@ +# This directory contains support for Google's oss-fuzz project. See +# https://github.com/google/oss-fuzz/tree/master/projects/qpdf + +FUZZERS = \ + qpdf_read_memory_fuzzer + +DEFAULT_FUZZ_RUNNER := standalone_fuzz_target_runner +OBJ_DEFAULT_FUZZ := fuzz/$(OUTPUT_DIR)/$(DEFAULT_FUZZ_RUNNER).$(OBJ) + +BINS_fuzz = $(foreach B,$(FUZZERS),fuzz/$(OUTPUT_DIR)/$(call binname,$(B))) +TARGETS_fuzz = $(OBJ_DEFAULT_FUZZ) $(BINS_fuzz) + +INCLUDES_fuzz = include + +# LIB_FUZZING_ENGINE is overridden by oss-fuzz +LIB_FUZZING_ENGINE ?= $(OBJ_DEFAULT_FUZZ) + +# Depend on OBJ_DEFAULT_FUZZ to ensure that it is always compiled. +# Don't depend on LIB_FUZZING_ENGINE, which we can't build. When used +# by oss-fuzz, it will be there. +$(BINS_fuzz): $(TARGETS_libqpdf) $(OBJ_DEFAULT_FUZZ) + +# ----- + +$(foreach B,$(FUZZERS),$(eval \ + OBJS_$(B) = $(call src_to_obj,fuzz/$(B).cc))) + +ifeq ($(GENDEPS),1) +-include $(foreach B,$(FUZZERS),$(call obj_to_dep,$(OBJS_$(B)))) +endif + +$(foreach B,$(DEFAULT_FUZZ_RUNNER),$(eval \ + fuzz/$(OUTPUT_DIR)/%.$(OBJ): fuzz/$(B).cc ; \ + $(call compile,fuzz/$(B).cc,$(INCLUDES_fuzz)))) + +$(foreach B,$(FUZZERS),$(eval \ + $(OBJS_$(B)): fuzz/$(OUTPUT_DIR)/%.$(OBJ): fuzz/$(B).cc ; \ + $(call compile,fuzz/$(B).cc,$(INCLUDES_fuzz)))) + +ifeq ($(suffix $(LIB_FUZZING_ENGINE)),.$(OBJ)) + FUZZ_as_obj := $(LIB_FUZZING_ENGINE) + FUZZ_as_lib := +else + FUZZ_as_obj := + FUZZ_as_lib := $(LIB_FUZZING_ENGINE) +endif + +$(foreach B,$(FUZZERS),$(eval \ + fuzz/$(OUTPUT_DIR)/$(call binname,$(B)): $(OBJS_$(B)) ; \ + $(call makebin,$(OBJS_$(B)) $(FUZZ_as_obj),$$@,$(LDFLAGS_libqpdf) $(LDFLAGS),$(FUZZ_as_lib) $(LIBS_libqpdf) $(LIBS)))) + +ifeq ($(OSS_FUZZ),1) + +# Build fuzzers linked with static libraries and installed into a +# location provided by oss-fuzz. This is specifically to support the +# oss-fuzz project. These rules won't on systems that don't allow main +# to be in a library or don't name their libraries libsomething.a. + +STATIC_BINS_fuzz := $(foreach B,$(FUZZERS),fuzz/$(OUTPUT_DIR)/static/$(call binname,$(B))) +$(STATIC_BINS_fuzz): $(TARGETS_libqpdf) $(OBJ_DEFAULT_FUZZ) + +# OUT is provided in the oss-fuzz environment +OUT ?= $(CURDIR)/fuzz/$(OUTPUT_DIR)/fuzz-install + +# These are not fully static, but they statically link with qpdf and +# our external dependencies other than system libraries. +$(foreach B,$(FUZZERS),$(eval \ + fuzz/$(OUTPUT_DIR)/static/$(call binname,$(B)): $(OBJS_$(B)) ; \ + $(call makebin,$(OBJS_$(B)),$$@,$(LDFLAGS_libqpdf) $(LDFLAGS),$(LIB_FUZZING_ENGINE) $(patsubst -l%,-l:lib%.a,$(LIBS_libqpdf) $(LIBS))))) + +# The install_fuzz target is used by build.sh in oss-fuzz's qpdf project. +install_fuzz: $(STATIC_BINS_fuzz) + mkdir -p $(OUT) + cp fuzz/pdf.dict $(STATIC_BINS_fuzz) $(OUT)/ + for B in $(FUZZERS); do \ + cp fuzz/options $(OUT)/$${B}.options; \ + if test -d fuzz/$${B}_seed_corpus; then \ + (cd fuzz/$${B}_seed_corpus; zip -q -r $(OUT)/$${B}_seed_corpus.zip .); \ + fi; \ + done + +endif # OSS_FUZZ diff --git a/fuzz/options b/fuzz/options new file mode 100644 index 00000000..a15a7745 --- /dev/null +++ b/fuzz/options @@ -0,0 +1,2 @@ +[libfuzzer] +dict = pdf.dict diff --git a/fuzz/oss-fuzz-build b/fuzz/oss-fuzz-build new file mode 100755 index 00000000..8a0b7d42 --- /dev/null +++ b/fuzz/oss-fuzz-build @@ -0,0 +1,18 @@ +#!/bin/bash -e + +# This is used invoked from +# https://github.com/google/oss-fuzz/blob/master/projects/qpdf/build.sh + +# It should be run from the top level directory of a clean checkout of +# qpdf. It is also exercised in ../azure-pipelines/build-fuzzer + +./configure \ + --enable-oss-fuzz \ + --enable-static \ + --disable-shared \ + --prefix="$WORK" \ + LDFLAGS="-L$WORK/lib" \ + CPPFLAGS="-I$WORK/include" \ + LIBS="-pthread" +make -j$(nproc) install +make install_fuzz diff --git a/fuzz/pdf.dict b/fuzz/pdf.dict new file mode 100644 index 00000000..a6c48d59 --- /dev/null +++ b/fuzz/pdf.dict @@ -0,0 +1,1466 @@ +# +# AFL dictionary for PDF +# ---------------------- +# +# This is a pretty big PDF dictionary constructed by Ben by manually reviewing +# the spec and combining that with the data pulled out of a corpus of sample +# PDFs. +# +# Contributed by Ben Nagy +# + +"#" +"%" +"%%" +"%%EOF" +"%FDF-1.7" +"%PDF-1.7" +"(" +"(/xdp:xdp)" +"(\\001)" +"(config)" +"(datasets)" +"(template)" +"(xdp:xdp)" +")" +"-1" +"-1.0" +".." +"/" +"/#23clipboard" +"/.notdef" +"/1" +"/1.0" +"/1.3" +"/3D" +"/3DA" +"/3DAnimationStyle" +"/3DB" +"/3DD" +"/3DI" +"/3DLightingScheme" +"/3DRenderMode" +"/3DV" +"/3DView" +"/90pv-RKSJ-H" +"/A" +"/A0" +"/A85" +"/AA" +"/AAIC" +"/AAPL" +"/ABCDEF+ACaslonPro-Regular" +"/ABCDEF+AJensonPro-LtIt" +"/ABCDEF+AdobeCorpID-MinionRg" +"/ABCDEF+Arial,Bold" +"/ABCDEF+BankGothicMdBT" +"/ABCDEF+Bauhaus-Heavy" +"/ABCDEF+BluesClues" +"/ABCDEF+BodegaSans" +"/ABCDEF+BodoniMTCondensed" +"/ABCDEF+BookAntiqua" +"/ABCDEF+CMBX10" +"/ABCDEF+CaflischScriptPro-Regular" +"/ABCDEF+CityBlueprint" +"/ABCDEF+CourierNewPSMT" +"/ABCDEF+FixedsysExcelsior2.00" +"/ABCDEF+MSTT31854bd45bo188067S00" +"/ABCDEF+MinionPro-BoldCnIt" +"/ABCDEF+MyriadMM-It_400_300_" +"/ABCDEF+Wingdings" +"/ABCDEF+ZapfDingbats" +"/AC" +"/ADBE" +"/ADB_DEVICE_DEFAULT_STYLE" +"/ADB_DefaultStyle" +"/ADB_NO_TRAP_STYLE" +"/AE" +"/AESV2" +"/AGaramond" +"/AH" +"/AI8DstIndex" +"/AI8SrcIndex" +"/AIMetaData" +"/AIPDFPrivateData1" +"/AIS" +"/AL" +"/AN" +"/AP" +"/AS" +"/ASCII85Decode" +"/ASCIIHexDecode" +"/ASomewhatLongerName" +"/AU" +"/Aacute" +"/Acc.#20Prod.#202501#20#2F2#20#20" +"/Accounts#20payable" +"/AccurateScreens" +"/Acircumflex" +"/AcroForm" +"/Action" +"/Actual" +"/Add" +"/Adieresis" +"/Adobe" +"/Adobe#20PDF#20Library" +"/Adobe.PPKLite" +"/AdobeCorpID-Acrobat" +"/AdobeCorpID-MinionRg" +"/AdobePhotoshop" +"/Agrave" +"/All" +"/AllKO" +"/AllOn" +"/Alt" +"/Alternate" +"/AlternatePresentations" +"/Alternates" +"/Amex" +"/And" +"/Angle" +"/Annot" +"/Annots" +"/AntiAlias" +"/AnyOn" +"/Apag_PDFX_Checkup" +"/App" +"/Architecture-Normal" +"/Arial" +"/Aring" +"/Art" +"/ArtBox" +"/Article" +"/Artifact" +"/Artwork" +"/Ascent" +"/Aspect" +"/Assistant" +"/Atilde" +"/AuthEvent" +"/Author" +"/Avenir-Heavy" +"/Avenir-MediumOblique" +"/AvgWidth" +"/BBox" +"/BC" +"/BCL" +"/BDC" +"/BDL" +"/BE" +"/BFSOL" +"/BG" +"/BG2" +"/BM" +"/BMC" +"/BS" +"/BW" +"/Bank" +"/BaseEncoding" +"/BaseFont" +"/BaseState" +"/BaseVersion" +"/Birch" +"/BitsPerComponent" +"/BitsPerCoordinate" +"/BitsPerFlag" +"/BitsPerSample" +"/Bl" +"/BlCDel" +"/BlMiNu" +"/Black" +"/BlackIs1" +"/BlackOP" +"/BlackPoint" +"/BleedBox" +"/Blend" +"/Block" +"/Blue" +"/BluesClues" +"/Bookshelf" +"/Border" +"/Bounds" +"/BoxColorInfo" +"/Btn" +"/BulmerMT-BoldDisplay" +"/ByteRange" +"/C" +"/C0" +"/C0_0" +"/C1" +"/C2W" +"/C3" +"/CALS_AIS" +"/CALS_BM" +"/CALS_HT" +"/CALS_SMASK" +"/CALS_ca" +"/CAM" +"/CB" +"/CC" +"/CCH" +"/CCITTFaxDecode" +"/CD" +"/CDL" +"/CEN" +"/CF" +"/CFM" +"/CI" +"/CIDFontType0" +"/CIDFontType0C" +"/CIDFontType2" +"/CIDInit" +"/CIDSet" +"/CIDSystemInfo" +"/CIDToGIDMap" +"/CMV_LabBar" +"/CMV_LabControl" +"/CMYK" +"/CMYK#20#2880,#208,#2034,#200#29" +"/CMap" +"/CMapName" +"/CMapType" +"/CMapVersion" +"/CO" +"/CP" +"/CS" +"/CS0" +"/CT" +"/CV" +"/CalGray" +"/CalRGB" +"/CapHeight" +"/Caption" +"/Caslon540BT-Roman" +"/CaslonBT-Bold" +"/CaslonBT-BoldItalic" +"/Catalog" +"/Category" +"/Ccedilla" +"/CenturySchoolbookBT-Roman" +"/Ch" +"/Chair" +"/Chap" +"/Chaparral-Display" +"/CharProcs" +"/CharSet" +"/CheckSum" +"/Circle" +"/ClarendonBT-Black" +"/ClassMap" +"/Clearface-Black" +"/Clip" +"/ClippedText" +"/Cn" +"/Collection" +"/CollectionItem" +"/CollectionSchema" +"/CollectionSubitem" +"/Color" +"/ColorBurn" +"/ColorDodge" +"/ColorMatch" +"/ColorSpace" +"/ColorTransform" +"/ColorType" +"/Colorants" +"/Colors" +"/Columns" +"/ComicSansMS,Bold" +"/Comment" +"/Comments" +"/Company" +"/Compatibility" +"/Compatible" +"/Components" +"/CompressArt" +"/Condensed" +"/Configs" +"/Consultant" +"/ContainerVersion" +"/Contents" +"/Coords" +"/Copy" +"/Copy#20center" +"/Cor" +"/Corner#20surface" +"/CosineDot" +"/Count" +"/Cour" +"/Courier" +"/Create" +"/CreationDate" +"/Creator" +"/CreatorInfo" +"/CreatorVersion" +"/CropBox" +"/CropFixed" +"/CropRect" +"/Crypt" +"/CryptFilter" +"/CryptFilterDecodeParms" +"/Cs12" +"/Cs3" +"/Cyan" +"/D" +"/DA" +"/DCTDecode" +"/DIC#202525p*" +"/DIS" +"/DL" +"/DOS" +"/DP" +"/DR" +"/DS" +"/DSz" +"/DV" +"/DW" +"/DamagedRowsBeforeError" +"/Darken" +"/Data" +"/Date" +"/Decode" +"/DecodeParms" +"/DefEmbeddedFile" +"/Default" +"/DefaultCryptFilter" +"/DefaultForPrinting" +"/DefaultRGB" +"/Delete" +"/Delta" +"/DescendantFonts" +"/Descent" +"/Description" +"/Design" +"/Dest" +"/DestOutputProfile" +"/DestOutputProfileRef" +"/Dests" +"/DeviceCMYK" +"/DeviceGray" +"/DeviceN" +"/DeviceRGB" +"/Difference" +"/Differences" +"/DigestLocation" +"/DigestMethod" +"/DigestValue" +"/Dimmed" +"/Direction" +"/DisplayDocTitle" +"/Dissolve" +"/Div" +"/Dm" +"/DocMDP" +"/DocOpen" +"/Document" +"/Documents" +"/Domain" +"/Door" +"/DotGain" +"/Draw" +"/Dt" +"/Dur" +"/Dynamic#20connector" +"/E" +"/EF" +"/EFF" +"/EMC" +"/Eacute" +"/EarlyChange" +"/Ecircumflex" +"/Edieresis" +"/Editable" +"/Egrave" +"/EmbedFonts" +"/EmbedICCProfile" +"/Embedded" +"/EmbeddedFile" +"/EmbeddedFiles" +"/Encode" +"/EncodedByteAlign" +"/Encoding" +"/Encrypt" +"/EncryptMetadata" +"/EndIndent" +"/EndOfBlock" +"/EndOfLine" +"/Euro" +"/Euro.037" +"/Event" +"/ExData" +"/Exchange-Pro" +"/Exclude" +"/Exclusion" +"/Executive" +"/Export" +"/ExportCrispy" +"/ExportState" +"/ExtGState" +"/Extend" +"/Extends" +"/ExtensionLevel" +"/Extensions" +"/F1" +"/F1.0" +"/F12" +"/F13" +"/F3" +"/F5" +"/F6" +"/F7" +"/F8" +"/FB" +"/FD" +"/FDecodeParms" +"/FFilter" +"/FICL" +"/FM" +"/FOV" +"/FRM" +"/FS" +"/FT" +"/Facilities" +"/Fade" +"/False" +"/Feature" +"/FedEx#20Orange" +"/FedEx#20Purple" +"/Field" +"/Fields" +"/Figure" +"/File" +"/Files" +"/Filespec" +"/FillIn" +"/Filter" +"/First" +"/FirstChar" +"/FirstPage" +"/Fit" +"/FitB" +"/FitBH" +"/FitBV" +"/FitH" +"/FitR" +"/FitV" +"/FitWindow" +"/FixedPrint" +"/Flags" +"/FlateDecode" +"/Fm0" +"/Fm4" +"/Fo" +"/Focoltone#201047" +"/Font" +"/FontBBox" +"/FontDescriptor" +"/FontFamily" +"/FontFile" +"/FontFile2" +"/FontMatrix" +"/FontName" +"/FontStretch" +"/FontWeight" +"/Form" +"/FormEx" +"/FormType" +"/FreeText" +"/FreeTextCallout" +"/Frequency" +"/FullSave" +"/FullScreen" +"/Function" +"/FunctionType" +"/Functions" +"/Futura-Bold" +"/Futura-CondensedExtraBold" +"/G" +"/G02" +"/GLGR" +"/GS0" +"/GS1" +"/GS2" +"/GTS" +"/GTS_PDFA1" +"/GTS_PDFX" +"/GTS_PDFXConformance" +"/GTS_PDFXVersion" +"/GWG#20Green" +"/Gamma" +"/Garamond" +"/Georgia,Bold" +"/GoTo" +"/GoTo3DView" +"/GoToE" +"/GoToR" +"/Gold" +"/Goudy" +"/Gray" +"/Green" +"/GreymantleMVB" +"/GrotesqueMT" +"/Group" +"/H" +"/HDAG_Tools" +"/HKana" +"/HT" +"/HT2" +"/Halftone" +"/HalftoneName" +"/HalftoneType" +"/HardLight" +"/HeBo" +"/Head1" +"/Headlamp" +"/Height" +"/HeiseiMin" +"/Helv" +"/Helvetica" +"/Helvetica-Bold" +"/Helvetica-BoldOblique" +"/Helvetica-Condensed" +"/HelveticaNeue-Black" +"/Hide" +"/HonMincho-M" +"/Horizontal" +"/Hue" +"/I" +"/I0" +"/IC" +"/ICCBased" +"/ICCVersion" +"/ID" +"/IDS" +"/IDTree" +"/IEC" +"/IF" +"/IN" +"/ISO32000Registry" +"/ISO_PDFE1" +"/ISO_PDFEVersion" +"/IT" +"/ITO" +"/ITP" +"/IV" +"/IX" +"/Icircumflex" +"/Icon" +"/Identity" +"/Identity-H" +"/IgnEP" +"/Illustrator" +"/Illustrator8.0" +"/Im0" +"/Im1" +"/Im2" +"/Im3" +"/Im4" +"/Image" +"/Image1" +"/ImageB" +"/ImageC" +"/ImageI" +"/ImageMask" +"/ImageResources" +"/ImageType" +"/Import" +"/ImportData" +"/ImpressBT-Regular" +"/Index" +"/Indexed" +"/Info" +"/Information#20services" +"/Ink" +"/InkList" +"/InsertPages" +"/Insignia" +"/IntegerItem" +"/Intent" +"/Interpolate" +"/ItalicAngle" +"/ItcKabel-Ultra" +"/Item1" +"/Item2" +"/JBIG2Decode" +"/JBIG2Globals" +"/JPXDecode" +"/JS" +"/JT" +"/JTC" +"/JTF" +"/JTFile" +"/JTM" +"/JavaScript" +"/JobTicketContents" +"/Justify" +"/Keywords" +"/Kids" +"/L" +"/L1" +"/L1a" +"/L1b" +"/L2R" +"/L50188" +"/LBody" +"/LI" +"/LL" +"/LLE" +"/LLO" +"/LS" +"/LSP" +"/LZW" +"/LZWDecode" +"/Lab" +"/Lang" +"/Last" +"/LastChar" +"/LastItem" +"/LastModified" +"/Lateral#20file" +"/Launch" +"/Layout" +"/Lbl" +"/Leading" +"/Legal" +"/Length" +"/Length1" +"/Length2" +"/Length3" +"/LetterspaceFlags" +"/Lighten" +"/Limits" +"/Line" +"/LineDimension" +"/LineHeight" +"/Linear" +"/Linearized" +"/Link" +"/Locked" +"/LogoGreen" +"/LrTb" +"/Lslash" +"/Luminosity" +"/M" +"/MB" +"/MC" +"/MC0" +"/MCD" +"/MCID" +"/MCR" +"/MD5" +"/MH" +"/MIT" +"/MK" +"/MMType1" +"/MP" +"/MR" +"/MS" +"/MUX#20#2F#20DEMUX" +"/Mac" +"/MacRomanEncoding" +"/Magenta" +"/Manager" +"/MarkInfo" +"/Marked" +"/MarkedPDF" +"/Marker#20board" +"/Markup3D" +"/Mask" +"/Mastercard" +"/Matrix" +"/Max" +"/MaxLen" +"/MaxWidth" +"/Me" +"/Measure" +"/MediaBox" +"/MetaData" +"/Min" +"/MinionMM" +"/MissingWidth" +"/MixedContainer" +"/MixingHints" +"/ModDate" +"/Mode" +"/Modify" +"/Movie" +"/Msg" +"/MurrayHillBT-Bold" +"/MxGeom" +"/MxLaNu" +"/MxPts" +"/MyriadPro-Black" +"/NA" +"/NChannel" +"/ND" +"/NL" +"/NM" +"/NR" +"/Name" +"/Name1" +"/Named" +"/Names" +"/NeedsRendering" +"/NewCenturySchlbk-Italic" +"/NewWindow" +"/Next" +"/NextPage" +"/No" +"/NonEFontNoWarn" +"/NonStruct" +"/None" +"/Normal" +"/Not" +"/NotDefSpecial" +"/NumBlock" +"/Nums" +"/OB" +"/OBJR" +"/OC" +"/OC2" +"/OC3" +"/OC4" +"/OCG" +"/OCGs" +"/OCL" +"/OCMD" +"/OCProperties" +"/OE" +"/OFF" +"/OLN" +"/ON" +"/OOL" +"/OPBG" +"/OPBS" +"/OPI" +"/OPM" +"/OS" +"/OT" +"/Oacute" +"/Obj" +"/ObjStm" +"/Ocircumflex" +"/Odieresis" +"/Ograve" +"/Omega" +"/OneColumn" +"/Online" +"/Open" +"/OpenAction" +"/Operation" +"/Opt" +"/OptionSet" +"/Options" +"/Or" +"/Orange" +"/Order" +"/Ordering" +"/OriginalLayerName" +"/Oslash" +"/Otilde" +"/Outlines" +"/OutputCondition" +"/OutputConditionIdentifier" +"/OutputIntent" +"/OutputIntents" +"/Overlay" +"/P0" +"/P1" +"/P2" +"/P2,#2300ff007900000000,PANTONE#20151#20C" +"/PANTONE" +"/PANTONE#20158-5#20CVS" +"/PANTONE#20221#20CVU" +"/PANTONE#203405#20C" +"/PANTONE#20399#20CVC" +"/PANTONE#20Blue#20072#20C" +"/PANTONE#20Orange#20021#20C" +"/PANTONE#20Orange#20021#20CVC" +"/PANTONE#20Yellow#20C" +"/PC" +"/PDFDocEncoding" +"/PIX" +"/PO" +"/PS" +"/PUBLISHER" +"/PZ" +"/Pa0" +"/Page" +"/PageElement" +"/PageLabels" +"/PageLayout" +"/PageMode" +"/PageRange" +"/Pages" +"/PaintType" +"/Palatino,Bold" +"/Pale#20Brown.c" +"/Panose" +"/Paper#20tray" +"/Para" +"/Params" +"/Parent" +"/ParentTree" +"/ParentTreeNextKey" +"/Part" +"/Pattern" +"/PatternType" +"/PcZ" +"/Perceptual" +"/Perms" +"/Pg" +"/Pgf" +"/PieceInfo" +"/PitStop" +"/Placement" +"/Play" +"/Polygon" +"/PolygonCloud" +"/Popup" +"/Position" +"/PowerUpPDF" +"/PrOut" +"/PrRGBGra" +"/PrRGBIma" +"/Predictor" +"/PresSteps" +"/PreserveRB" +"/Prev" +"/PrevPage" +"/Preview" +"/Print" +"/PrintRecord" +"/PrintScaling" +"/PrintState" +"/PrintStyle" +"/Printed" +"/PrintingOrder" +"/Private" +"/ProcSet" +"/Process" +"/ProcessBlue" +"/ProcessGreen" +"/ProcessRed" +"/Producer" +"/ProfileCS" +"/ProfileName" +"/Prop_Build" +"/Properties" +"/Proportional" +"/PubSec" +"/Q" +"/QuadPoints" +"/R1" +"/RBGroups" +"/RC" +"/RD" +"/REC" +"/REx" +"/RF" +"/RGB" +"/RI" +"/RICMYKGra" +"/RICMYKIma" +"/RICalGra" +"/RICalIma" +"/RIDefault" +"/RIDevNGra" +"/RIDevNIma" +"/RIRGBGra" +"/RIRGBIma" +"/RL" +"/RM" +"/RV" +"/Range" +"/Rect" +"/Red" +"/Redact" +"/Ref" +"/Reference" +"/Registry" +"/RegistryName" +"/RelativeColorimetric" +"/Rendition" +"/Renditions" +"/Requirements" +"/ResetForm" +"/Resolution" +"/Resources" +"/ReversedChars" +"/RoleMap" +"/Root" +"/Rotate" +"/Round" +"/RoundTrip" +"/RoundtripVersion" +"/Router" +"/Rows" +"/RunLengthDecode" +"/Ryumin" +"/SA" +"/SBDraft" +"/SC" +"/SE" +"/SFSSL" +"/SFTWS" +"/SI" +"/SL" +"/SLA" +"/SM" +"/SMask" +"/SMaskInData" +"/SP" +"/SPS" +"/STL" +"/SU" +"/SW" +"/Saturation" +"/SaveAs" +"/SaveContents" +"/SaveResource" +"/SavedBy" +"/Scaron" +"/Schema" +"/Screen" +"/Sect" +"/SemiCondensed" +"/SemiExpanded" +"/Separation" +"/SeparationInfo" +"/SetOCGState" +"/SettingsFileName" +"/Sh0" +"/Sh1" +"/Shading" +"/ShadingType" +"/Shape" +"/Sig" +"/SigFlags" +"/SigRef" +"/Signature" +"/Signed" +"/SinglePage" +"/Size" +"/SlideShow" +"/SoftLight" +"/Solid" +"/Solidities" +"/SomeName" +"/Sort" +"/Sound" +"/Space" +"/SpaceAfter" +"/SpaceBefore" +"/Span" +"/SpawnTemplate" +"/SpdrArt" +"/SpiderInfo" +"/Split" +"/Spot" +"/Spot1" +"/Spot2" +"/SpotFunction" +"/SpotMap" +"/St" +"/Stamp" +"/StandardImageFileData" +"/Star" +"/Start" +"/StartIndent" +"/StartResource" +"/State" +"/StdCF" +"/StemH" +"/StemV" +"/Stm" +"/StmF" +"/Stop" +"/Story" +"/StrF" +"/StrikeOut" +"/StringItem" +"/StructElem" +"/StructParent" +"/StructParents" +"/StructTreeRoot" +"/Style" +"/SubFilter" +"/SubType" +"/Subdictionary" +"/Subform" +"/Subj" +"/Subject" +"/SubmitForm" +"/SubmitStandalone" +"/SubsetFontsBelow" +"/SubsetFontsRatio" +"/Supplement" +"/Swiss721BT-Black" +"/Switch" +"/T" +"/T1" +"/T1_0" +"/TB" +"/TC" +"/TCS" +"/TF" +"/TID" +"/TK" +"/TM" +"/TO" +"/TOC" +"/TOCI" +"/TOYO#200004pc" +"/TP" +"/TR" +"/TR2" +"/TRUMATCH#206-e" +"/TS" +"/TSV" +"/TT" +"/TT0" +"/TTRefMan" +"/TU" +"/TV" +"/TW" +"/TWS" +"/TWY" +"/Tabs" +"/TagSuspect" +"/TargetCS" +"/Technical" +"/Template" +"/TemplateInstantiated" +"/Templates" +"/Text" +"/TextAlign" +"/TextBox" +"/TextIndent" +"/The" +"/This" +"/Thorn" +"/Thread" +"/Threads" +"/Thumb" +"/Thumbnail" +"/Thumbs" +"/Ti" +"/TiBI" +"/TilingType" +"/Times-BoldItalic" +"/Times-Roman" +"/Title" +"/ToUnicode" +"/Toggle" +"/Trans" +"/TransferFunction" +"/TransformMethod" +"/TransformParams" +"/Transparency" +"/TrapInfo" +"/TrapMagicNumber" +"/TrapRegions" +"/TrapSet" +"/Trapped" +"/Trapping" +"/TrappingDetails" +"/TrappingParameters" +"/TrimBox" +"/True" +"/TrueType" +"/TrustedMode" +"/TwoColumnLeft" +"/Tx" +"/Type" +"/Type0" +"/U3D" +"/UA" +"/UCR" +"/UCR2" +"/UIDOffset" +"/UR" +"/UR3" +"/URI" +"/URL" +"/URLs" +"/Uacute" +"/Ucircumflex" +"/Udieresis" +"/Ugrave" +"/Univers-BoldExt" +"/Unix" +"/Unknown" +"/Usage" +"/UseAttachments" +"/UseNone" +"/UseOC" +"/UseOutlines" +"/UseThumbs" +"/UsedCMYK" +"/UserProperties" +"/UserUnit" +"/V2" +"/VA" +"/VE" +"/VP" +"/Verdana,Bold" +"/Version" +"/Vertical" +"/VeryLastItem" +"/View" +"/ViewerPreferences" +"/Visa" +"/Visible" +"/Volume" +"/W2" +"/WAI" +"/WAN" +"/WMode" +"/WP" +"/WarnockPro-BoldIt" +"/Watermark" +"/WebCapture" +"/Which" +"/WhiteBG" +"/WhitePoint" +"/Widget" +"/Width" +"/Widths" +"/Win" +"/WinAnsiEncoding" +"/Window" +"/Windows" +"/Work#20surface" +"/Workbook" +"/Worksheet" +"/WritingMode" +"/X" +"/X1" +"/XFA" +"/XHeight" +"/XML" +"/XN" +"/XObject" +"/XRef" +"/XRefStm" +"/XStep" +"/XUID" +"/XYZ" +"/Y" +"/YStep" +"/Yacute" +"/Ydieresis" +"/Yellow" +"/Z" +"/Z7KNXbN" +"/ZaDb" +"/ZapfDingbats" +"/Zcaron" +"/Zoom" +"/_No_paragraph_style_" +"/a1" +"/acute" +"/adbe.pkcs7.detached" +"/ampersand" +"/apple" +"/approxequal" +"/asciicircum" +"/asciitilde" +"/asterisk" +"/at" +"/audio#2Fmpeg" +"/b" +"/backslash" +"/bar" +"/blank" +"/braceleft" +"/braceright" +"/bracketleft" +"/bracketright" +"/breve" +"/brokenbar" +"/bullet" +"/c108" +"/cCompKind" +"/cCompQuality" +"/cCompression" +"/cRes" +"/cResolution" +"/ca" +"/caron" +"/cedilla" +"/cent" +"/circumflex" +"/colon" +"/comma" +"/copyright" +"/currency" +"/dagger" +"/daggerdbl" +"/degree" +"/deviceNumber" +"/dieresis" +"/divide" +"/dollar" +"/dotaccent" +"/dotlessi" +"/dotlessj" +"/eight" +"/ellipsis" +"/emdash" +"/endash" +"/equal" +"/eth" +"/exclam" +"/exclamdown" +"/f" +"/ff" +"/ffi" +"/ffl" +"/fi" +"/five" +"/fl" +"/florin" +"/four" +"/fraction" +"/gCompKind" +"/gCompQuality" +"/gCompression" +"/gRes" +"/gResolution" +"/germandbls" +"/go1" +"/grave" +"/greater" +"/greaterequal" +"/guillemotleft" +"/guillemotright" +"/guilsinglleft" +"/guilsinglright" +"/hungarumlaut" +"/hyphen" +"/iacute" +"/idieresis" +"/igrave" +"/infinity" +"/integral" +"/j" +"/k" +"/less" +"/lessequal" +"/logicalnot" +"/lozenge" +"/lt#20blue" +"/mCompKind" +"/mCompression" +"/mRes" +"/mResolution" +"/macron" +"/minus" +"/mu" +"/multiply" +"/n" +"/n0" +"/nine" +"/notequal" +"/ntilde" +"/numbersign" +"/o" +"/ogonek" +"/one" +"/onehalf" +"/onequarter" +"/onesuperior" +"/op" +"/ordfeminine" +"/ordmasculine" +"/p" +"/pageH" +"/pageV" +"/paragraph" +"/parenleft" +"/parenright" +"/partialdiff" +"/pdf" +"/pdfx" +"/percent" +"/period" +"/periodcentered" +"/perthousand" +"/pi" +"/plus" +"/plusminus" +"/pms#208400" +"/printX" +"/product" +"/question" +"/questiondown" +"/quotedbl" +"/quotedblbase" +"/quotedblleft" +"/quotedblright" +"/quoteleft" +"/quoteright" +"/quotesinglbase" +"/quotesingle" +"/r" +"/radical" +"/registered" +"/ring" +"/s" +"/s1" +"/sd1" +"/sd2" +"/section" +"/semicolon" +"/seven" +"/six" +"/slash" +"/sterling" +"/summation" +"/thinspace" +"/three" +"/threequarters" +"/threesuperior" +"/tilde" +"/trademark" +"/two" +"/twosuperior" +"/u" +"/underscore" +"/v" +"/w" +"/y1" +"/yen" +"/yes" +"/zero" +"0 R" +"1" +"1.0" +"<" +"<<" +">" +">>" +"Adobe.PPKLite" +"Adobe.PubSec" +"B*" +"BDC" +"BI" +"BMC" +"BT" +"BX" +"CS" +"DP" +"Do" +"EI" +"EMC" +"ET" +"EX" +"Entrust.PPKEF" +"ID" +"MP" +"R" +"T*" +"TJ" +"TL" +"Tc" +"Td" +"Tf" +"Tj" +"Tm" +"Tr" +"Ts" +"Tw" +"W*" +"[" +"[0.0 0.0 0.0 0.0 0.0 0.0]" +"[1 1 1]" +"[1.0 -1.0 1.0 -1.0]" +"[1.0 -1.0]" +"\\" +"]" +"abs" +"adbe.pkcs7.s3" +"adbe.pkcs7.s4" +"adbe.pkcs7.s5" +"add" +"and" +"atan" +"begin" +"beginarrangedfont" +"beginbfchar" +"begincidrange" +"begincmap" +"begincodespacerange" +"beginnotdefchar" +"beginnotdefrange" +"beginusematrix" +"bitshift" +"ceiling" +"cm" +"copy" +"cos" +"cvi" +"cvr" +"d0" +"d1" +"div" +"dup" +"end" +"endarrangedfont" +"endbfchar" +"endcidrange" +"endcmap" +"endcodespacerange" +"endnotdefchar" +"endnotdefrange" +"endobj" +"endstream" +"endusematrix" +"eq" +"exch" +"exp" +"f*" +"false" +"findresource" +"floor" +"ge" +"gs" +"gt" +"idiv" +"if" +"ifelse" +"index" +"le" +"ln" +"log" +"lt" +"mod" +"mul" +"ne" +"neg" +"not" +"null" +"obj" +"or" +"page" +"pop" +"re" +"rg" +"ri" +"roll" +"round" +"sin" +"sqrt" +"startxref" +"stream" +"sub" +"trailer" +"true" +"truncate" +"usecmap" +"usefont" +"xor" +"xref" +"{" +"}" diff --git a/fuzz/qpdf_read_memory_fuzzer.cc b/fuzz/qpdf_read_memory_fuzzer.cc new file mode 100644 index 00000000..d4db62b0 --- /dev/null +++ b/fuzz/qpdf_read_memory_fuzzer.cc @@ -0,0 +1,15 @@ +#include "qpdf/qpdf-c.h" + +#include +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) { + const size_t kMaxSize = 64 * 1024; // 64 KiB + size = std::min(size, kMaxSize); + _qpdf_data* qpdf = qpdf_init(); + const char* buffer = reinterpret_cast(data); + qpdf_read_memory(qpdf, /*description=*/"", buffer, size, /*password=*/""); + qpdf_cleanup(&qpdf); + return 0; +} diff --git a/fuzz/standalone_fuzz_target_runner.cc b/fuzz/standalone_fuzz_target_runner.cc new file mode 100644 index 00000000..7038f188 --- /dev/null +++ b/fuzz/standalone_fuzz_target_runner.cc @@ -0,0 +1,36 @@ +// Copyright 2017 Google Inc. All Rights Reserved. +// Licensed under the Apache License, Version 2.0 (the "License"); + +// Except for formatting, comments, and portability, this was copied +// from projects/example/my-api-repo/standalone_fuzz_target_runner.cpp +// in https://github.com/oss-fuzz + +#include +#include +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(unsigned char const* data, size_t size); + +int main(int argc, char **argv) +{ + for (int i = 1; i < argc; i++) + { + std::ifstream in(argv[i]); + in.seekg(0, in.end); + size_t length = in.tellg(); + in.seekg (0, in.beg); + std::cout << "Reading " << length << " bytes from " << argv[i] + << std::endl; + // Allocate exactly length bytes so that we reliably catch + // buffer overflows. + std::vector bytes(length); + in.read(bytes.data(), bytes.size()); + assert(in); + LLVMFuzzerTestOneInput( + reinterpret_cast(bytes.data()), + bytes.size()); + std::cout << "Execution successful" << std::endl; + } + return 0; +}