/src/qpdf/fuzz/qpdf_crypt_insecure_fuzzer.cc

Source
#include <qpdf/Buffer.hh>
#include <qpdf/BufferInputSource.hh>
#include <qpdf/Pl_Discard.hh>
#include <qpdf/Pl_Flate.hh>
#include <qpdf/QPDF.hh>
#include <qpdf/QPDFWriter.hh>
#include <qpdf/QUtil.hh>
#include <qpdf/global.hh>

class FuzzHelper
{
  public:
    FuzzHelper(unsigned char const* data, size_t size) :
        // We do not modify data, so it is safe to remove the const for Buffer
        input_buffer(const_cast<unsigned char*>(data), size)
    {
    }

    void
    run()
    {
        qpdf::global::options::fuzz_mode(true);
        // The goal here is that you should be able to throw anything at libqpdf and it will respond
        // without any memory errors and never do anything worse than throwing a QPDFExc or
        // std::runtime_error. Throwing any other kind of exception, segfaulting, or having a memory
        // error (when built with appropriate sanitizers) will all cause abnormal exit.
        try {
            std::cerr << "\ninfo: starting testWrite\n";
            // Write in various ways to exercise QPDFWriter

            auto is = std::make_shared<BufferInputSource>("fuzz input", &input_buffer);
            QPDF qpdf;
            qpdf.processInputSource(is);
            QPDFWriter w(qpdf);
            w.setOutputPipeline(&discard);
            w.setDecodeLevel(qpdf_dl_all);
            w.setStaticID(true);
            w.setObjectStreamMode(qpdf_o_disable);
            w.setR3EncryptionParametersInsecure(
                "u", "o", true, true, true, true, true, true, qpdf_r3p_full);
            w.write();
        } catch (std::runtime_error const& e) {
            std::cerr << "runtime_error: " << e.what() << '\n';
        }
    }

  private:
    Buffer input_buffer;
    Pl_Discard discard;
};

extern "C" int
LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
{
#ifndef _WIN32
    // Used by jpeg library to work around false positives in memory sanitizer.
    setenv("JSIMD_FORCENONE", "1", 1);
#endif
    FuzzHelper f(data, size);
    f.run();
    return 0;
}

Line	Count	Source
1		#include <qpdf/Buffer.hh>
2		#include <qpdf/BufferInputSource.hh>
3		#include <qpdf/Pl_Discard.hh>
4		#include <qpdf/Pl_Flate.hh>
5		#include <qpdf/QPDF.hh>
6		#include <qpdf/QPDFWriter.hh>
7		#include <qpdf/QUtil.hh>
8		#include <qpdf/global.hh>
9
10		class FuzzHelper
11		{
12		public:
13		FuzzHelper(unsigned char const* data, size_t size) :
14		// We do not modify data, so it is safe to remove the const for Buffer
15	271k	input_buffer(const_cast<unsigned char*>(data), size)
16	271k	{
17	271k	}
18
19		void
20		run()
21	179k	{
22	179k	qpdf::global::options::fuzz_mode(true);
23		// The goal here is that you should be able to throw anything at libqpdf and it will respond
24		// without any memory errors and never do anything worse than throwing a QPDFExc or
25		// std::runtime_error. Throwing any other kind of exception, segfaulting, or having a memory
26		// error (when built with appropriate sanitizers) will all cause abnormal exit.
27	179k	try {
28	179k	std::cerr << "\ninfo: starting testWrite\n";
29		// Write in various ways to exercise QPDFWriter
30
31	179k	auto is = std::make_shared<BufferInputSource>("fuzz input", &input_buffer);
32	179k	QPDF qpdf;
33	179k	qpdf.processInputSource(is);
34	179k	QPDFWriter w(qpdf);
35	179k	w.setOutputPipeline(&discard);
36	179k	w.setDecodeLevel(qpdf_dl_all);
37	179k	w.setStaticID(true);
38	179k	w.setObjectStreamMode(qpdf_o_disable);
39	179k	w.setR3EncryptionParametersInsecure(
40	179k	"u", "o", true, true, true, true, true, true, qpdf_r3p_full);
41	179k	w.write();
42	179k	} catch (std::runtime_error const& e) {
43	117k	std::cerr << "runtime_error: " << e.what() << '\n';
44	117k	}
45	179k	}
46
47		private:
48		Buffer input_buffer;
49		Pl_Discard discard;
50		};
51
52		extern "C" int
53		LLVMFuzzerTestOneInput(unsigned char const* data, size_t size)
54	271k	{
55	271k	#ifndef _WIN32
56		// Used by jpeg library to work around false positives in memory sanitizer.
57	271k	setenv("JSIMD_FORCENONE", "1", 1);
58	271k	#endif
59	271k	FuzzHelper f(data, size);
60	271k	f.run();
61	271k	return 0;
62	271k	}

Coverage Report

Created: 2026-06-15 06:21