[Libreoffice-commits] core.git: vcl/workben

Fri, 05 May 2023 07:51:16 -0700 

 vcl/workben/fodt2pdffuzzer.cxx |   26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

New commits:
commit 2d428c1b7d6221eb634cecb2ca7719bf4997ead4
Author:     Caolán McNamara <caol...@redhat.com>
AuthorDate: Thu May 4 21:31:12 2023 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Fri May 5 16:50:51 2023 +0200

    experiment with LLVMFuzzerCustomMutator
    
    Change-Id: I3294c4e6cc5671927824cffaf03fd536a0a7dba6
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/151403
    Tested-by: Caolán McNamara <caol...@redhat.com>
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/vcl/workben/fodt2pdffuzzer.cxx b/vcl/workben/fodt2pdffuzzer.cxx
index 6c9b273a88ba..e4bb1ac3c0da 100644
--- a/vcl/workben/fodt2pdffuzzer.cxx
+++ b/vcl/workben/fodt2pdffuzzer.cxx
@@ -12,6 +12,7 @@
 #include <com/sun/star/awt/XToolkit.hpp>
 #include <com/sun/star/ucb/XContentProvider.hpp>
 #include <com/sun/star/ucb/XUniversalContentBroker.hpp>
+#include <libxml/parser.h>
 #include "commonfuzzer.hxx"
 
 extern "C" void* SwCreateDialogFactory() { return nullptr; }
@@ -49,6 +50,31 @@ extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
     return 0;
 }
 
+extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize);
+
+static void silent_error_func(void*, const char* /*format*/, ...) {}
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* Data, size_t Size, size_t 
MaxSize,
+                                          unsigned int /*Seed*/)
+{
+    size_t Ret = LLVMFuzzerMutate(Data, Size, MaxSize);
+
+    // an effort to only generate valid xml, in this fuzzer we only really care
+    // about the deeper levels of turning valid input into writer layout and
+    // pdf export
+
+    xmlParserCtxtPtr ctxt = xmlNewParserCtxt();
+    xmlSetGenericErrorFunc(nullptr, silent_error_func);
+    xmlDocPtr Doc = xmlCtxtReadMemory(ctxt, reinterpret_cast<const 
char*>(Data), Ret, nullptr,
+                                      nullptr, XML_PARSE_NONET);
+    if (Doc == nullptr)
+        Ret = 0;
+    else
+        xmlFreeDoc(Doc);
+    xmlFreeParserCtxt(ctxt);
+    return Ret;
+}
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
     SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ);

Reply via email to