ghostscript: add target for new devices (#7912)

* ghostscript: add target for new devices

Adds ability to target various devices and a fuzzer that targets
pdfwrite and pxlmono devices. The primary device of interest here is
likely pdfwrite as it's more widely used as far as I know.

* fix review 1

* fix review 2

* nit

* nit

8 files changed, 74 insertions, 8 deletions

diff --git a/projects/ghostscript/build.sh b/projects/ghostscript/build.sh
index 8a900b57..29261339 100755
--- a/projects/ghostscript/build.sh
+++ b/projects/ghostscript/build.sh
@@ -46,11 +46,11 @@ CPPFLAGS="${CPPFLAGS:-} $CUPS_CFLAGS -DPACIFY_VALGRIND" ./autogen.sh \
   CUPSCONFIG=$CUPSCONFIG \
   --enable-freetype --enable-fontconfig \
   --enable-cups --with-ijs --with-jbig2dec \
-  --with-drivers=cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint
+  --with-drivers=pdfwrite,cups,ljet4,laserjet,pxlmono,pxlcolor,pcl3,uniprint
 make -j$(nproc) libgs
 
 
-for fuzzer in gstoraster_pdf_fuzzer gstoraster_fuzzer gstoraster_fuzzer_all_colors gstoraster_ps_fuzzer; do
+for fuzzer in gstoraster_pdf_fuzzer gstoraster_fuzzer gstoraster_fuzzer_all_colors gstoraster_ps_fuzzer gs_device_pdfwrite_fuzzer gs_device_pxlmono_fuzzer; do
   $CXX $CXXFLAGS $CUPS_LDFLAGS -std=c++11 -I. -I$SRC \
     $SRC/${fuzzer}.cc \
     -o "$OUT/${fuzzer}" \
@@ -83,6 +83,8 @@ done
 
 # Create corpus for gstoraster_fuzzer
 zip -j "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$WORK"/seeds/*
+cp "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$OUT/gs_device_pdfwrite_fuzzer_seed_corpus.zip"
+cp "$OUT/gstoraster_fuzzer_seed_corpus.zip" "$OUT/gs_device_pxlmono_fuzzer_seed_corpus.zip"
 
 # Copy out options
 cp $SRC/*.options $OUT/
diff --git a/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc
new file mode 100644
index 00000000..6e01c542
--- /dev/null
+++ b/projects/ghostscript/gs_device_pdfwrite_fuzzer.cc
@@ -0,0 +1,20 @@
+/* Copyright 2022 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+#include "gs_fuzzlib.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	fuzz_gs_device(data, size, 1, "pdfwrite");
+	return 0;
+}
diff --git a/projects/ghostscript/gs_device_pxlmono_fuzzer.cc b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc
new file mode 100644
index 00000000..bdae304a
--- /dev/null
+++ b/projects/ghostscript/gs_device_pxlmono_fuzzer.cc
@@ -0,0 +1,20 @@
+/* Copyright 2022 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+#include "gs_fuzzlib.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+	fuzz_gs_device(data, size, 1, "pxlmono");
+	return 0;
+}
diff --git a/projects/ghostscript/gstoraster_fuzzlib.h b/projects/ghostscript/gs_fuzzlib.h
index c2c09609..1a77a8ea 100644
--- a/projects/ghostscript/gstoraster_fuzzlib.h
+++ b/projects/ghostscript/gs_fuzzlib.h
@@ -27,6 +27,13 @@
 static const unsigned char *g_data;
 static size_t g_size;
 
+int fuzz_gs_device(
+	const unsigned char *buf,
+	size_t size,
+	int color_scheme,
+	const char *device_target
+);
+
 #define min(x, y) ((x) < (y) ? (x) : (y))
 
 static int gs_stdin(void *inst, char *buf, int len)
@@ -48,17 +55,34 @@ static int gs_stdnull(void *inst, const char *buf, int len)
 	return len;
 }
 
-int gs_to_raster_fuzz(const unsigned char *buf, size_t size, int color_scheme)
+int gs_to_raster_fuzz(
+	const unsigned char *buf,
+	size_t size,
+	int color_scheme
+)
+{
+	return fuzz_gs_device(buf, size, color_scheme, "cups");
+}
+
+int fuzz_gs_device(
+	const unsigned char *buf,
+	size_t size,
+	int color_scheme,
+	const char *device_target
+)
 {
 	int ret;
 	void *gs = NULL;
 	char color_space[50];
+	char gs_device[50];
 	/*
 	 * We are expecting color_scheme to be in the [0:62] interval.
 	 * This corresponds to the color schemes defined here:
 	 * https://github.com/ArtifexSoftware/ghostpdl/blob/8c97d5adce0040ac38a1fb4d7954499c65f582ff/cups/libs/cups/raster.h#L102
 	 */
 	sprintf(color_space, "-dcupsColorSpace=%d", color_scheme);
+
+	sprintf(gs_device, "-sDEVICE=%s", device_target);
 	/* Mostly stolen from cups-filters gstoraster. */
 	char *args[] = {
 		"gs",
@@ -77,7 +101,7 @@ int gs_to_raster_fuzz(const unsigned char *buf, size_t size, int color_scheme)
 		"-dNOMEDIAATTRS",
 		"-sstdout=%%stderr",
 		"-sOutputFile=/dev/null",
-		"-sDEVICE=cups",
+		gs_device,
 		"-_",
 	};
 	int argc = sizeof(args) / sizeof(args[0]);
diff --git a/projects/ghostscript/gstoraster_fuzzer.cc b/projects/ghostscript/gstoraster_fuzzer.cc
index 3e6a83dd..61916f5c 100644
--- a/projects/ghostscript/gstoraster_fuzzer.cc
+++ b/projects/ghostscript/gstoraster_fuzzer.cc
@@ -16,7 +16,7 @@
 ################################################################################
 */
 
-#include "gstoraster_fuzzlib.h"
+#include "gs_fuzzlib.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	/* Tests RGB color scheme */
diff --git a/projects/ghostscript/gstoraster_fuzzer_all_colors.cc b/projects/ghostscript/gstoraster_fuzzer_all_colors.cc
index b36f86b2..74cbdb04 100644
--- a/projects/ghostscript/gstoraster_fuzzer_all_colors.cc
+++ b/projects/ghostscript/gstoraster_fuzzer_all_colors.cc
@@ -10,7 +10,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-#include "gstoraster_fuzzlib.h"
+#include "gs_fuzzlib.h"
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 	if (size == 0) {
diff --git a/projects/ghostscript/gstoraster_pdf_fuzzer.cc b/projects/ghostscript/gstoraster_pdf_fuzzer.cc
index b468a763..5fc258b5 100644
--- a/projects/ghostscript/gstoraster_pdf_fuzzer.cc
+++ b/projects/ghostscript/gstoraster_pdf_fuzzer.cc
@@ -10,7 +10,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-#include "gstoraster_fuzzlib.h"
+#include "gs_fuzzlib.h"
 
 // Returns 1 if this has a valid PDF header and 0 otherwise
 static int quick_check_pdf(const uint8_t *data, size_t size) {
diff --git a/projects/ghostscript/gstoraster_ps_fuzzer.cc b/projects/ghostscript/gstoraster_ps_fuzzer.cc
index 221b72d8..1c89104c 100644
--- a/projects/ghostscript/gstoraster_ps_fuzzer.cc
+++ b/projects/ghostscript/gstoraster_ps_fuzzer.cc
@@ -9,7 +9,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-#include "gstoraster_fuzzlib.h"
+#include "gs_fuzzlib.h"
 
 /* Returns 1 if the data has a PDF header and 0 otherwise */
 static int is_pdf(const uint8_t *data, size_t size) {