1 // Copyright 2016 The PDFium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <cstdint>
6 #include <memory>
7
8 #include "core/fxcodec/fax/faxmodule.h"
9 #include "core/fxcodec/scanlinedecoder.h"
10 #include "core/fxcrt/compiler_specific.h"
11 #include "core/fxcrt/span.h"
12 #include "testing/fuzzers/pdfium_fuzzer_util.h"
13
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)14 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
15 static constexpr size_t kParameterSize = 21;
16 if (size < kParameterSize)
17 return 0;
18
19 // Limit data size to prevent fuzzer timeout.
20 static constexpr size_t kMaxDataSize = 256 * 1024;
21 if (size > kParameterSize + kMaxDataSize)
22 return 0;
23
24 // SAFETY: trusted arguments from fuzzer.
25 auto span = UNSAFE_BUFFERS(pdfium::make_span(data, size));
26
27 int width = GetInteger(data);
28 int height = GetInteger(data + 4);
29 int K = GetInteger(data + 8);
30 int Columns = GetInteger(data + 12);
31 int Rows = GetInteger(data + 16);
32 bool EndOfLine = !(data[20] & 0x01);
33 bool ByteAlign = !(data[20] & 0x02);
34 // This controls if fxcodec::FaxDecoder::InvertBuffer() gets called.
35 // The method is not interesting, and calling it doubles the runtime.
36 const bool kBlackIs1 = false;
37
38 std::unique_ptr<ScanlineDecoder> decoder =
39 FaxModule::CreateDecoder(span.subspan(kParameterSize), width, height, K,
40 EndOfLine, ByteAlign, kBlackIs1, Columns, Rows);
41
42 if (decoder) {
43 int line = 0;
44 while (!decoder->GetScanline(line).empty())
45 line++;
46 }
47
48 return 0;
49 }
50