1 /*
2 # Copyright 2019 The Chromium OS Authors.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License");
5 # you may not use this file except in compliance with the License.
6 # You may obtain a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS,
12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 # See the License for the specific language governing permissions and
14 # limitations under the License.
15 #
16 ################################################################################
17 */
18
19 #include <base/gserrors.h>
20 #include <psi/iapi.h>
21
22 #include <limits.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdint.h>
26
27 static const unsigned char *g_data;
28 static size_t g_size;
29
30 #define min(x, y) ((x) < (y) ? (x) : (y))
31
gs_stdin(void * inst,char * buf,int len)32 static int gs_stdin(void *inst, char *buf, int len)
33 {
34 size_t to_copy = min(len, g_size);
35 to_copy = min(INT_MAX, to_copy);
36
37 memcpy(buf, g_data, to_copy);
38
39 g_data += to_copy;
40 g_size -= to_copy;
41
42 return to_copy;
43 }
44
gs_stdnull(void * inst,const char * buf,int len)45 static int gs_stdnull(void *inst, const char *buf, int len)
46 {
47 /* Just discard everything. */
48 return len;
49 }
50
gs_to_raster_fuzz(const unsigned char * buf,size_t size)51 static int gs_to_raster_fuzz(const unsigned char *buf, size_t size)
52 {
53 int ret;
54 void *gs = NULL;
55
56 /* Mostly stolen from cups-filters gstoraster. */
57 char *args[] = {
58 "gs",
59 "-K1048576",
60 "-r200x200",
61 "-sBandListStorage=memory",
62 "-dMaxBitmap=0",
63 "-dBufferSpace=450k",
64 "-dMediaPosition=1",
65 "-dcupsColorSpace=1", /* RGB */
66 "-dQUIET",
67 "-dSAFER",
68 "-dNOPAUSE",
69 "-dBATCH",
70 "-dNOINTERPOLATE",
71 "-dNOMEDIAATTRS",
72 "-sstdout=%%stderr",
73 "-sOutputFile=/dev/null",
74 "-sDEVICE=cups",
75 "-_",
76 };
77 int argc = sizeof(args) / sizeof(args[0]);
78
79 /* Stash buffers globally, for gs_stdin(). */
80 g_data = buf;
81 g_size = size;
82
83 ret = gsapi_new_instance(&gs, NULL);
84 if (ret < 0) {
85 fprintf(stderr, "gsapi_new_instance: error %d\n", ret);
86 return ret;
87 }
88
89 gsapi_set_stdio(gs, gs_stdin, gs_stdnull, gs_stdnull);
90 ret = gsapi_set_arg_encoding(gs, GS_ARG_ENCODING_UTF8);
91 if (ret < 0) {
92 fprintf(stderr, "gsapi_set_arg_encoding: error %d\n", ret);
93 gsapi_delete_instance(gs);
94 return ret;
95 }
96
97 ret = gsapi_init_with_args(gs, argc, args);
98 if (ret && ret != gs_error_Quit)
99 /* Just keep going, to cleanup. */
100 fprintf(stderr, "gsapi_init_with_args: error %d\n", ret);
101
102 ret = gsapi_exit(gs);
103 if (ret < 0 && ret != gs_error_Quit) {
104 fprintf(stderr, "gsapi_exit: error %d\n", ret);
105 return ret;
106 }
107
108 gsapi_delete_instance(gs);
109
110 return 0;
111 }
112
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)113 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
114 gs_to_raster_fuzz(data, size);
115 return 0;
116 }
117