diff options
author | Jonathan Rudenberg <jonathan@titanous.com> | 2018-01-18 10:45:09 -0500 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2018-01-18 07:45:09 -0800 |
commit | afa38abb0ce1f95aad36f8ccd02eac622352f25a (patch) | |
tree | 5980b1c3e8e478c6e277168a2e20af65ddbda9a6 /projects/mupdf | |
parent | b73b36edb394bf404ed20d434897ca27a5eb0a5f (diff) | |
download | oss-fuzz-afa38abb0ce1f95aad36f8ccd02eac622352f25a.tar.gz |
[mupdf] Add mupdf fuzzer (#1067)
* Add fuzzer for mupdf
* Address review comments
* Add check to ensure corpus/dict exist
* Silence stderr spam
* Update fuzzer based on review comments
* Enable MemorySanitizer
* Set primary contact
Diffstat (limited to 'projects/mupdf')
-rw-r--r-- | projects/mupdf/Dockerfile | 27 | ||||
-rwxr-xr-x | projects/mupdf/build.sh | 40 | ||||
-rw-r--r-- | projects/mupdf/pdf_fuzzer.cc | 43 | ||||
-rw-r--r-- | projects/mupdf/pdf_fuzzer.options | 2 | ||||
-rw-r--r-- | projects/mupdf/project.yaml | 8 |
5 files changed, 120 insertions, 0 deletions
diff --git a/projects/mupdf/Dockerfile b/projects/mupdf/Dockerfile new file mode 100644 index 000000000..0b0b760fb --- /dev/null +++ b/projects/mupdf/Dockerfile @@ -0,0 +1,27 @@ +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER jonathan@titanous.com +RUN apt-get update && apt-get install -y make libtool pkg-config +RUN git clone --recursive --depth 1 git://git.ghostscript.com/mupdf.git mupdf +RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ + zip -q $SRC/pdf_fuzzer_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \ + rm -rf pdf.js +ADD https://raw.githubusercontent.com/rc0r/afl-fuzz/master/dictionaries/pdf.dict $SRC/pdf_fuzzer.dict +WORKDIR mupdf +COPY *.cc source/fuzz/ +COPY build.sh *.options $SRC/ diff --git a/projects/mupdf/build.sh b/projects/mupdf/build.sh new file mode 100755 index 000000000..83c1105fb --- /dev/null +++ b/projects/mupdf/build.sh @@ -0,0 +1,40 @@ +#!/bin/bash -eu +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +LDFLAGS="$CXXFLAGS" make -j$(nproc) HAVE_GLUT=no build=debug OUT=$WORK +fuzz_target=pdf_fuzzer + +$CXX $CXXFLAGS -std=c++11 -Iinclude \ + source/fuzz/pdf_fuzzer.cc -o $OUT/$fuzz_target \ + -lFuzzingEngine $WORK/libmupdf.a $WORK/libmupdfthird.a + +mv $SRC/{*.zip,*.dict,*.options} $OUT + +if [ ! -f "${OUT}/${fuzz_target}_seed_corpus.zip" ]; then + echo "missing seed corpus" + exit 1 +fi + +if [ ! -f "${OUT}/${fuzz_target}.dict" ]; then + echo "missing dictionary" + exit 1 +fi + +if [ ! -f "${OUT}/${fuzz_target}.options" ]; then + echo "missing options" + exit 1 +fi diff --git a/projects/mupdf/pdf_fuzzer.cc b/projects/mupdf/pdf_fuzzer.cc new file mode 100644 index 000000000..3b1e1f667 --- /dev/null +++ b/projects/mupdf/pdf_fuzzer.cc @@ -0,0 +1,43 @@ +/* +# Copyright 2018 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +*/ + +#include <cstdint> + +#include <mupdf/fitz.h> + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + fz_context *ctx = fz_new_context(nullptr, nullptr, FZ_STORE_DEFAULT); + + fz_stream *stream = fz_open_memory(ctx, data, size); + fz_matrix ctm; + fz_pixmap *pix; + fz_try(ctx) { + fz_document *doc = fz_open_document_with_stream(ctx, "pdf", stream); + for (int i = 0; i < fz_count_pages(ctx, doc); i++) { + pix = fz_new_pixmap_from_page_number(ctx, doc, i, &ctm, fz_device_rgb(ctx), 0); + fz_drop_pixmap(ctx, pix); + } + fz_drop_document(ctx, doc); + } + fz_catch(ctx) {} + + fz_drop_stream(ctx, stream); + fz_drop_context(ctx); + + return 0; +} diff --git a/projects/mupdf/pdf_fuzzer.options b/projects/mupdf/pdf_fuzzer.options new file mode 100644 index 000000000..329a6e27b --- /dev/null +++ b/projects/mupdf/pdf_fuzzer.options @@ -0,0 +1,2 @@ +[libfuzzer] +close_fd_mask = 3 diff --git a/projects/mupdf/project.yaml b/projects/mupdf/project.yaml new file mode 100644 index 000000000..9009fc291 --- /dev/null +++ b/projects/mupdf/project.yaml @@ -0,0 +1,8 @@ +homepage: "https://www.mupdf.com" +primary_contact: tor.andersson@artifex.com +sanitizers: + - address + - undefined + - memory +auto_ccs: + - jonathan@titanous.com |