Repository.mk | 1 bin/oss-fuzz-setup.sh | 13 ++++++++ distro-configs/LibreOfficeOssFuzz.conf | 3 -- vcl/Executable_pdf2fodgfuzzer.mk | 48 +++++++++++++++++++++++++++++++++ vcl/Module_vcl.mk | 1 vcl/commonfuzzer.mk | 2 + vcl/workben/pdf2fodgfuzzer.cxx | 33 ++++++++++++++++++++++ vcl/workben/pdf2fodgfuzzer.options | 3 ++ 8 files changed, 102 insertions(+), 2 deletions(-)
New commits: commit ab0cec11466ee8f2b82c3bdbdad55b401546c8d3 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Oct 9 20:15:14 2025 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Fri Oct 10 13:32:14 2025 +0200 add oss-fuzz pdf2fodg fuzzer Change-Id: I5cb7653339c6280ee7b8f208ce92a771cb1dcc17 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192134 Tested-by: Jenkins Reviewed-by: Caolán McNamara <[email protected]> diff --git a/Repository.mk b/Repository.mk index 3f5d69b0ddc4..2068a2b70b1e 100644 --- a/Repository.mk +++ b/Repository.mk @@ -142,6 +142,7 @@ $(eval $(call gb_Helper_register_executables_for_install,OOO,brand, \ $(call gb_Helper_optional,FUZZERS,602fuzzer) \ $(call gb_Helper_optional,FUZZERS,lwpfuzzer) \ $(call gb_Helper_optional,FUZZERS,olefuzzer) \ + $(call gb_Helper_optional,FUZZERS,pdf2fodgfuzzer) \ $(call gb_Helper_optional,FUZZERS,pptfuzzer) \ $(call gb_Helper_optional,FUZZERS,rtffuzzer) \ $(call gb_Helper_optional,FUZZERS,rtf2pdffuzzer) \ diff --git a/bin/oss-fuzz-setup.sh b/bin/oss-fuzz-setup.sh index de02087b6b82..caddb5ef9a8a 100755 --- a/bin/oss-fuzz-setup.sh +++ b/bin/oss-fuzz-setup.sh @@ -82,6 +82,7 @@ cd $SRC curl --no-progress-meter -S \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/gif.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/jpeg.dict \ + -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/pdf.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/png.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/tiff.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/xml.dict \ @@ -112,6 +113,8 @@ mkdir -p afl-testcases && cd afl-testcases/ && tar xf $SRC/afl_testcases.tgz && zip -q $SRC/bmpfuzzer_seed_corpus.zip afl-testcases/bmp*/full/images/* && \ zip -q $SRC/pngfuzzer_seed_corpus.zip afl-testcases/png*/full/images/* && \ zip -q $SRC/webpfuzzer_seed_corpus.zip afl-testcases/webp*/full/images/* + +# TTF/OTF/SFT # using github's svn view to use svn export as a hack to just export part of the git repo # svn support turned off now: https://github.blog/2023-01-20-sunsetting-subversion-support/ # and git sparse checkout is a total pain @@ -122,6 +125,15 @@ mkdir -p $SRC/sample-sft-fonts/adobe curl --no-progress-meter -S \ -C - -o $SRC/sample-sft-fonts/adobe/AdobeVFPrototype.otf https://github.com/adobe-fonts/adobe-variable-font-prototype/releases/download/1.005a/AdobeVFPrototype.otf zip -qr $SRC/sftfuzzer_seed_corpus.zip $SRC/sample-sft-fonts + +# PDF +git clone --depth 1 https://github.com/strongcourage/fuzzing-corpus.git && \ + zip -q -r $SRC/pdffuzzer_seed_corpus.zip fuzzing-corpus/pdf/* && \ + rm -rf fuzzing-corpus && \ +git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ + zip -q $SRC/pdffuzzer_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \ + rm -rf pdf.js + curl --no-progress-meter -S -C - https://storage.googleapis.com/skia-fuzzer/oss-fuzz/svg_seed_corpus.zip -o svgfuzzer_seed_corpus.zip curl --no-progress-meter -S \ -C - -O https://dev-www.libreoffice.org/corpus/wmffuzzer_seed_corpus.zip \ @@ -172,5 +184,6 @@ cp rtffuzzer_seed_corpus.zip rtf2pdffuzzer_seed_corpus.zip cp fodsfuzzer_seed_corpus.zip fods2xlsfuzzer_seed_corpus.zip cp htmlfuzzer_seed_corpus.zip schtmlfuzzer_seed_corpus.zip cp sftfuzzer_seed_corpus.zip eotfuzzer_seed_corpus.zip +cp pdffuzzer_seed_corpus.zip pdf2fodgfuzzer_seed_corpus.zip echo end downloading dependencies at `date -u` diff --git a/distro-configs/LibreOfficeOssFuzz.conf b/distro-configs/LibreOfficeOssFuzz.conf index 5cc87545c8be..ecf1b1ba9019 100644 --- a/distro-configs/LibreOfficeOssFuzz.conf +++ b/distro-configs/LibreOfficeOssFuzz.conf @@ -19,8 +19,7 @@ --disable-lpsolve --disable-mariadb-sdbc --disable-odk ---disable-pdfimport ---disable-pdfium +--disable-poppler --disable-postgresql-sdbc --disable-sdremote --disable-skia diff --git a/vcl/Executable_pdf2fodgfuzzer.mk b/vcl/Executable_pdf2fodgfuzzer.mk new file mode 100644 index 000000000000..9ea0d8d0dd8f --- /dev/null +++ b/vcl/Executable_pdf2fodgfuzzer.mk @@ -0,0 +1,48 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +include $(SRCDIR)/vcl/commonfuzzer.mk + +$(eval $(call gb_Executable_Executable,pdf2fodgfuzzer)) + +$(eval $(call gb_Executable_use_api,pdf2fodgfuzzer,\ + offapi \ + udkapi \ +)) + +$(eval $(call gb_Executable_use_externals,pdf2fodgfuzzer,\ + $(fuzzer_externals) \ +)) + +$(eval $(call gb_Executable_set_include,pdf2fodgfuzzer,\ + $$(INCLUDE) \ + -I$(SRCDIR)/vcl/inc \ +)) + +$(eval $(call gb_Executable_use_libraries,pdf2fodgfuzzer,\ + $(fuzzer_draw_libraries) \ + $(fuzzer_core_libraries) \ + pdffilter \ +)) + +$(eval $(call gb_Executable_use_static_libraries,pdf2fodgfuzzer,\ + $(fuzzer_statics) \ + fuzzer_draw \ +)) + +$(eval $(call gb_Executable_add_exception_objects,pdf2fodgfuzzer,\ + vcl/workben/pdf2fodgfuzzer \ +)) + +$(eval $(call gb_Executable_add_libs,pdf2fodgfuzzer,\ + $(LIB_FUZZING_ENGINE) \ +)) + +# vim: set noet sw=4 ts=4: diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk index 6d02927da307..34053662f68c 100644 --- a/vcl/Module_vcl.mk +++ b/vcl/Module_vcl.mk @@ -183,6 +183,7 @@ $(eval $(call gb_Module_add_targets,vcl,\ Executable_602fuzzer \ Executable_lwpfuzzer \ Executable_olefuzzer \ + Executable_pdf2fodgfuzzer \ Executable_pptfuzzer \ Executable_rtffuzzer \ Executable_rtf2pdffuzzer \ diff --git a/vcl/commonfuzzer.mk b/vcl/commonfuzzer.mk index 0892fbb5891a..be0b8ebef868 100644 --- a/vcl/commonfuzzer.mk +++ b/vcl/commonfuzzer.mk @@ -36,6 +36,7 @@ fuzzer_externals = \ libpng \ libtiff \ libwebp \ + pdfium \ md4c \ openssl \ expat \ @@ -137,6 +138,7 @@ fuzzer_core_libraries = \ mtfrenderer \ canvasfactory \ vclcanvas \ + pdfimport \ xof \ xmlfa \ xmlfd \ diff --git a/vcl/workben/pdf2fodgfuzzer.cxx b/vcl/workben/pdf2fodgfuzzer.cxx new file mode 100644 index 000000000000..be304cfeba90 --- /dev/null +++ b/vcl/workben/pdf2fodgfuzzer.cxx @@ -0,0 +1,33 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include <tools/stream.hxx> +#include <vcl/FilterConfigItem.hxx> +#include "commonfuzzer.hxx" + +extern "C" bool TestFODGExportPDF(SvStream& rStream); + +extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) +{ + TypicalFuzzerInitialize(argc, argv); + return 0; +} + +extern "C" void* SdCreateDialogFactory() { return nullptr; } + +extern "C" void* com_sun_star_comp_Draw_VisioImportFilter_get_implementation() { return nullptr; } + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ); + (void)TestFODGExportPDF(aStream); + return 0; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/vcl/workben/pdf2fodgfuzzer.options b/vcl/workben/pdf2fodgfuzzer.options new file mode 100644 index 000000000000..13baefc2d7be --- /dev/null +++ b/vcl/workben/pdf2fodgfuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 1024 +dict = pdf.dict
