mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 19:08:59 +00:00
65bd8bc57d
As a rule, we should avoid conditional compilation is it always causes code paths that are sometimes not even seen lexically by the compiler. Also, we want the actual code being fuzzed to be as close as possible to the real code. Conditional compilation is suitable to handle underlying system differences. Instead, favor configuration using callbacks or other methods that can be triggered in the places where they need to be exercised.
67 lines
1.6 KiB
C++
67 lines
1.6 KiB
C++
#include <qpdf/Pl_DCT.hh>
|
|
#include <qpdf/Pl_Discard.hh>
|
|
#include <cstdlib>
|
|
#include <iostream>
|
|
#include <stdexcept>
|
|
|
|
class FuzzHelper
|
|
{
|
|
public:
|
|
FuzzHelper(unsigned char const* data, size_t size);
|
|
void run();
|
|
|
|
private:
|
|
void doChecks();
|
|
|
|
unsigned char const* data;
|
|
size_t size;
|
|
};
|
|
|
|
FuzzHelper::FuzzHelper(unsigned char const* data, size_t size) :
|
|
data(data),
|
|
size(size)
|
|
{
|
|
}
|
|
|
|
void
|
|
FuzzHelper::doChecks()
|
|
{
|
|
// Limit the memory used to decompress JPEG files during fuzzing. Excessive memory use during
|
|
// fuzzing is due to corrupt JPEG data which sometimes cannot be detected before
|
|
// jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally
|
|
// occur legitimately and therefore must be allowed during normal operations.
|
|
Pl_DCT::setMemoryLimit(1'000'000'000);
|
|
|
|
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
|
// exercising additional code paths in qpdf.
|
|
Pl_DCT::setThrowOnCorruptData(true);
|
|
|
|
Pl_Discard discard;
|
|
Pl_DCT p("decode", &discard);
|
|
p.write(const_cast<unsigned char*>(data), size);
|
|
p.finish();
|
|
}
|
|
|
|
void
|
|
FuzzHelper::run()
|
|
{
|
|
try {
|
|
doChecks();
|
|
} catch (std::runtime_error const& e) {
|
|
std::cerr << "runtime_error: " << e.what() << std::endl;
|
|
}
|
|
}
|
|
|
|
extern "C" int
|
|
LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
|
|
{
|
|
#ifndef _WIN32
|
|
// Used by jpeg library to work around false positives in memory
|
|
// sanitizer.
|
|
setenv("JSIMD_FORCENONE", "1", 1);
|
|
#endif
|
|
FuzzHelper f(data, size);
|
|
f.run();
|
|
return 0;
|
|
}
|