Repository.mk | 1 bin/oss-fuzz-setup.sh | 13 ++++++++ distro-configs/LibreOfficeOssFuzz.conf | 3 -- external/afdko/mergeFonts_crash.patch | 13 ++++++++ vcl/Executable_pdf2fodgfuzzer.mk | 48 +++++++++++++++++++++++++++++++++ vcl/Module_vcl.mk | 1 vcl/commonfuzzer.mk | 3 ++ vcl/workben/pdf2fodgfuzzer.cxx | 33 ++++++++++++++++++++++ vcl/workben/pdf2fodgfuzzer.options | 3 ++ 9 files changed, 116 insertions(+), 2 deletions(-)
New commits: commit 44cee3c6c37b1ca8f19e7ffbd7193be1bcd0fc58 Author: Caolán McNamara <[email protected]> AuthorDate: Thu Oct 9 20:15:14 2025 +0100 Commit: Miklos Vajna <[email protected]> CommitDate: Mon Oct 13 08:59:35 2025 +0200 add oss-fuzz pdf2fodg fuzzer Change-Id: I5cb7653339c6280ee7b8f208ce92a771cb1dcc17 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/192129 Tested-by: Jenkins CollaboraOffice <[email protected]> Reviewed-by: Miklos Vajna <[email protected]> diff --git a/Repository.mk b/Repository.mk index 8ee3c0d3c26f..805e362a96ad 100644 --- a/Repository.mk +++ b/Repository.mk @@ -141,6 +141,7 @@ $(eval $(call gb_Helper_register_executables_for_install,OOO,brand, \ $(call gb_Helper_optional,FUZZERS,602fuzzer) \ $(call gb_Helper_optional,FUZZERS,lwpfuzzer) \ $(call gb_Helper_optional,FUZZERS,olefuzzer) \ + $(call gb_Helper_optional,FUZZERS,pdf2fodgfuzzer) \ $(call gb_Helper_optional,FUZZERS,pptfuzzer) \ $(call gb_Helper_optional,FUZZERS,rtffuzzer) \ $(call gb_Helper_optional,FUZZERS,rtf2pdffuzzer) \ diff --git a/bin/oss-fuzz-setup.sh b/bin/oss-fuzz-setup.sh index f53daa5ab988..ee131c4357e5 100755 --- a/bin/oss-fuzz-setup.sh +++ b/bin/oss-fuzz-setup.sh @@ -81,6 +81,7 @@ cd $SRC curl --no-progress-meter -S \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/gif.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/jpeg.dict \ + -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/pdf.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/png.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/tiff.dict \ -C - -O https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/xml.dict \ @@ -111,6 +112,8 @@ mkdir -p afl-testcases && cd afl-testcases/ && tar xf $SRC/afl_testcases.tgz && zip -q $SRC/bmpfuzzer_seed_corpus.zip afl-testcases/bmp*/full/images/* && \ zip -q $SRC/pngfuzzer_seed_corpus.zip afl-testcases/png*/full/images/* && \ zip -q $SRC/webpfuzzer_seed_corpus.zip afl-testcases/webp*/full/images/* + +# TTF/OTF/SFT # using github's svn view to use svn export as a hack to just export part of the git repo # svn support turned off now: https://github.blog/2023-01-20-sunsetting-subversion-support/ # and git sparse checkout is a total pain @@ -121,6 +124,15 @@ mkdir -p $SRC/sample-sft-fonts/adobe curl --no-progress-meter -S \ -C - -o $SRC/sample-sft-fonts/adobe/AdobeVFPrototype.otf https://github.com/adobe-fonts/adobe-variable-font-prototype/releases/download/1.005a/AdobeVFPrototype.otf zip -qr $SRC/sftfuzzer_seed_corpus.zip $SRC/sample-sft-fonts + +# PDF +git clone --depth 1 https://github.com/strongcourage/fuzzing-corpus.git && \ + zip -q -r $SRC/pdffuzzer_seed_corpus.zip fuzzing-corpus/pdf/* && \ + rm -rf fuzzing-corpus && \ +git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \ + zip -q $SRC/pdffuzzer_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \ + rm -rf pdf.js + curl --no-progress-meter -S -C - https://storage.googleapis.com/skia-fuzzer/oss-fuzz/svg_seed_corpus.zip -o svgfuzzer_seed_corpus.zip curl --no-progress-meter -S \ -C - -O https://dev-www.libreoffice.org/corpus/wmffuzzer_seed_corpus.zip \ @@ -170,5 +182,6 @@ cp fodtfuzzer_seed_corpus.zip fodt2pdffuzzer_seed_corpus.zip cp rtffuzzer_seed_corpus.zip rtf2pdffuzzer_seed_corpus.zip cp fodsfuzzer_seed_corpus.zip fods2xlsfuzzer_seed_corpus.zip cp htmlfuzzer_seed_corpus.zip schtmlfuzzer_seed_corpus.zip +cp pdffuzzer_seed_corpus.zip pdf2fodgfuzzer_seed_corpus.zip echo end downloading dependencies at `date -u` diff --git a/distro-configs/LibreOfficeOssFuzz.conf b/distro-configs/LibreOfficeOssFuzz.conf index 4524a8760f82..a0364d18cee5 100644 --- a/distro-configs/LibreOfficeOssFuzz.conf +++ b/distro-configs/LibreOfficeOssFuzz.conf @@ -20,8 +20,7 @@ --disable-lpsolve --disable-mariadb-sdbc --disable-odk ---disable-pdfimport ---disable-pdfium +--disable-poppler --disable-postgresql-sdbc --disable-sdremote --disable-skia diff --git a/external/afdko/mergeFonts_crash.patch b/external/afdko/mergeFonts_crash.patch index b14ea4e1ee91..87c0c1cd9e9c 100644 --- a/external/afdko/mergeFonts_crash.patch +++ b/external/afdko/mergeFonts_crash.patch @@ -29,3 +29,16 @@ if (start > 0) memmove(str, &str[start], (end - start) + 2); if (strlen(str) == 0) { +@@ -2775,6 +2775,7 @@ + free(h); + } + ++#if 0 + /* Main program. */ + int CTL_CDECL main(int argc, char *argv[]) { + txCtx h; +@@ -2826,3 +2827,4 @@ + + return 0; + } ++#endif diff --git a/vcl/Executable_pdf2fodgfuzzer.mk b/vcl/Executable_pdf2fodgfuzzer.mk new file mode 100644 index 000000000000..9ea0d8d0dd8f --- /dev/null +++ b/vcl/Executable_pdf2fodgfuzzer.mk @@ -0,0 +1,48 @@ +# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*- +# +# +# This file is part of the LibreOffice project. +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# + +include $(SRCDIR)/vcl/commonfuzzer.mk + +$(eval $(call gb_Executable_Executable,pdf2fodgfuzzer)) + +$(eval $(call gb_Executable_use_api,pdf2fodgfuzzer,\ + offapi \ + udkapi \ +)) + +$(eval $(call gb_Executable_use_externals,pdf2fodgfuzzer,\ + $(fuzzer_externals) \ +)) + +$(eval $(call gb_Executable_set_include,pdf2fodgfuzzer,\ + $$(INCLUDE) \ + -I$(SRCDIR)/vcl/inc \ +)) + +$(eval $(call gb_Executable_use_libraries,pdf2fodgfuzzer,\ + $(fuzzer_draw_libraries) \ + $(fuzzer_core_libraries) \ + pdffilter \ +)) + +$(eval $(call gb_Executable_use_static_libraries,pdf2fodgfuzzer,\ + $(fuzzer_statics) \ + fuzzer_draw \ +)) + +$(eval $(call gb_Executable_add_exception_objects,pdf2fodgfuzzer,\ + vcl/workben/pdf2fodgfuzzer \ +)) + +$(eval $(call gb_Executable_add_libs,pdf2fodgfuzzer,\ + $(LIB_FUZZING_ENGINE) \ +)) + +# vim: set noet sw=4 ts=4: diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk index 292861585d44..21225339f266 100644 --- a/vcl/Module_vcl.mk +++ b/vcl/Module_vcl.mk @@ -182,6 +182,7 @@ $(eval $(call gb_Module_add_targets,vcl,\ Executable_602fuzzer \ Executable_lwpfuzzer \ Executable_olefuzzer \ + Executable_pdf2fodgfuzzer \ Executable_pptfuzzer \ Executable_rtffuzzer \ Executable_rtf2pdffuzzer \ diff --git a/vcl/commonfuzzer.mk b/vcl/commonfuzzer.mk index 5302b572e450..3f13d5775ff7 100644 --- a/vcl/commonfuzzer.mk +++ b/vcl/commonfuzzer.mk @@ -36,6 +36,8 @@ fuzzer_externals = \ libpng \ libtiff \ libwebp \ + pdfium \ + md4c \ openssl \ expat \ mythes \ @@ -136,6 +138,7 @@ fuzzer_core_libraries = \ mtfrenderer \ canvasfactory \ vclcanvas \ + pdfimport \ xof \ xmlfa \ xmlfd \ diff --git a/vcl/workben/pdf2fodgfuzzer.cxx b/vcl/workben/pdf2fodgfuzzer.cxx new file mode 100644 index 000000000000..be304cfeba90 --- /dev/null +++ b/vcl/workben/pdf2fodgfuzzer.cxx @@ -0,0 +1,33 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include <tools/stream.hxx> +#include <vcl/FilterConfigItem.hxx> +#include "commonfuzzer.hxx" + +extern "C" bool TestFODGExportPDF(SvStream& rStream); + +extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) +{ + TypicalFuzzerInitialize(argc, argv); + return 0; +} + +extern "C" void* SdCreateDialogFactory() { return nullptr; } + +extern "C" void* com_sun_star_comp_Draw_VisioImportFilter_get_implementation() { return nullptr; } + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ); + (void)TestFODGExportPDF(aStream); + return 0; +} + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/vcl/workben/pdf2fodgfuzzer.options b/vcl/workben/pdf2fodgfuzzer.options new file mode 100644 index 000000000000..13baefc2d7be --- /dev/null +++ b/vcl/workben/pdf2fodgfuzzer.options @@ -0,0 +1,3 @@ +[libfuzzer] +max_len = 1024 +dict = pdf.dict
