1 #include <stdint.h>
2 #include <poppler.h>
3 #include <cairo.h>
4 #include <cairo-pdf.h>
5
6 #include "fuzzer_temp_file.h"
7
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)8 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
9 {
10 GError *err = NULL;
11 PopplerDocument *doc;
12 PopplerPage *page;
13 PopplerAnnot *annot;
14 PopplerRectangle bb;
15 gdouble width, height;
16 gboolean hg;
17 int npages;
18
19 cairo_t *cr;
20 cairo_surface_t *surface;
21 cairo_status_t status;
22
23 doc = poppler_document_new_from_data((char *)data, size, NULL, &err);
24 if (doc == NULL) {
25 g_error_free(err);
26 return 0;
27 }
28 npages = poppler_document_get_n_pages(doc);
29 if (npages < 1) {
30 g_object_unref(doc);
31 return 0;
32 }
33
34 char *tmpfile = fuzzer_get_tmpfile(data, size);
35 surface = cairo_pdf_surface_create(tmpfile, 1.0, 1.0);
36 status = cairo_surface_status(surface);
37 if (status != CAIRO_STATUS_SUCCESS) {
38 g_object_unref(doc);
39 fuzzer_release_tmpfile(tmpfile);
40 return 0;
41 }
42
43 for (int n = 0; n < npages; n++) {
44 page = poppler_document_get_page(doc, n);
45 if (!page) {
46 continue;
47 }
48
49 poppler_page_get_size(page, &width, &height);
50 cairo_pdf_surface_set_size(surface, width, height);
51 hg = poppler_page_get_bounding_box(page, &bb);
52 if (hg) {
53 annot = poppler_annot_text_new(doc, &bb);
54 if (annot != NULL) {
55 g_object_unref(page);
56 continue;
57 }
58 poppler_page_add_annot(page, annot);
59 }
60
61 cr = cairo_create(surface);
62 status = cairo_status(cr);
63 if (status != CAIRO_STATUS_SUCCESS) {
64 cairo_destroy(cr);
65 g_object_unref(page);
66 continue;
67 }
68 poppler_page_render_for_printing(page, cr);
69 cairo_surface_show_page(surface);
70 cairo_destroy(cr);
71 g_object_unref(page);
72 }
73 cairo_surface_destroy(surface);
74 fuzzer_release_tmpfile(tmpfile);
75 g_object_unref(doc);
76 return 0;
77 }
78