Revert "New fuzzers for Poppler (#4635)" (#4726)

This reverts commit bc358f33ad3243e06c3c9934b54561d31a2aee6b.
author: Abhishek Arya <inferno@chromium.org> 2020-11-27 07:56:21 -0800
committer: GitHub <noreply@github.com> 2020-11-27 07:56:21 -0800
commit: 675d138642c865ea022aef41ba7a9bdf429859dd (patch)
tree: 7e27f6a902793b2fbb6aad18772eea3a6e34959c /projects
parent: 42d01f9c43ebdc8d2048adc52bc9077454df8f0d (diff)
4 files changed, 79 insertions, 163 deletions
diff --git a/projects/poppler/Dockerfile b/projects/poppler/Dockerfile
index afb48902..0780e4ae 100644
--- a/projects/poppler/Dockerfile
+++ b/projects/poppler/Dockerfile
@@ -13,30 +13,17 @@
 # limitations under the License.
 #
 ################################################################################
-FROM gcr.io/oss-fuzz-base/base-builder
-RUN apt-get update && apt-get install -y wget autoconf automake libtool \
-    pkg-config cmake gtk-doc-tools libffi-dev zlib1g-dev libfontconfig1-dev
-RUN pip3 install meson==0.55.3 ninja
 
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool pkg-config cmake
+RUN git clone --depth 1 https://anongit.freedesktop.org/git/poppler/poppler.git
 RUN git clone --depth 1 git://git.sv.nongnu.org/freetype/freetype2.git
 RUN git clone --depth 1 https://github.com/mm2/Little-CMS.git
 RUN git clone --depth 1 https://github.com/uclouvain/openjpeg
-RUN git clone --depth 1 https://github.com/glennrp/libpng.git
-RUN git clone --depth 1 https://gitlab.freedesktop.org/cairo/cairo.git
-RUN git clone --branch 5.15 --depth 1 --shallow-submodules \
-        --recurse-submodules=qtbase \
-        --recurse-submodules=qtsvg \
-        git://code.qt.io/qt/qt5.git qt
-ADD http://ftp.gnome.org/pub/gnome/sources/pango/1.48/pango-1.48.0.tar.xz $SRC
-RUN tar xvJf $SRC/pango-1.48.0.tar.xz
-ADD https://ftp.gnome.org/pub/gnome/sources/glib/2.64/glib-2.64.2.tar.xz $SRC
-RUN tar xvJf $SRC/glib-2.64.2.tar.xz
-RUN git clone --depth 1 --single-branch --branch fuzzing https://gitlab.freedesktop.org/ceyhunalp/poppler.git
-
 RUN git clone --depth 1 https://github.com/mozilla/pdf.js pdf.js && \
-        zip -q $SRC/poppler_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \
-        rm -rf pdf.js
-ADD https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/pdf.dict $SRC/poppler.dict
-
+    zip -q $SRC/pdf_fuzzer_seed_corpus.zip pdf.js/test/pdfs/*.pdf && \
+    rm -rf pdf.js
+ADD https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/pdf.dict $SRC/pdf_fuzzer.dict
 WORKDIR $SRC/poppler
+COPY *.cc $SRC/fuzz/
 COPY build.sh $SRC/
diff --git a/projects/poppler/build.sh b/projects/poppler/build.sh
index 6d06090e..a2ac4a5f 100755
--- a/projects/poppler/build.sh
+++ b/projects/poppler/build.sh
@@ -14,189 +14,62 @@
 # limitations under the License.
 #
 ################################################################################
-PREFIX=$WORK/prefix
-mkdir -p $PREFIX
-
-export PKG_CONFIG="`which pkg-config` --static"
-export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig
-export PATH=$PREFIX/bin:$PATH
-
-BUILD=$WORK/build
-
-rm -rf $WORK/*
-rm -rf $BUILD
-mkdir -p $BUILD
-
-pushd $SRC/glib-2.64.2
-meson \
-    --prefix=$PREFIX \
-    --libdir=lib \
-    --default-library=static \
-    -Db_lundef=false \
-    -Doss_fuzz=enabled \
-    -Dlibmount=disabled \
-    -Dinternal_pcre=true \
-    _builddir
-ninja -C _builddir
-ninja -C _builddir install
-popd
 
 pushd $SRC/freetype2
 ./autogen.sh
-./configure --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
+./configure --prefix="$WORK" --disable-shared PKG_CONFIG_PATH="$WORK/lib/pkgconfig"
 make -j$(nproc)
 make install
 
 pushd $SRC/Little-CMS
-./configure --prefix="$PREFIX" --disable-shared PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
+./configure --prefix="$WORK" --disable-shared PKG_CONFIG_PATH="$WORK/lib/pkgconfig"
 make -j$(nproc)
 make install
 
 mkdir -p $SRC/openjpeg/build
 pushd $SRC/openjpeg/build
-cmake .. -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=$PREFIX
+cmake .. -DBUILD_SHARED_LIBS=OFF -DCMAKE_INSTALL_PREFIX=$WORK
 make -j$(nproc) install
 
-pushd $SRC/libpng
-autoreconf -fi
-./configure --prefix="$PREFIX" --disable-shared --disable-dependency-tracking
-make -j$(nproc)
-make install
-
-pushd $SRC/cairo
-meson \
-    --prefix=$PREFIX \
-    --libdir=lib \
-    --default-library=static \
-    _builddir
-ninja -C _builddir
-ninja -C _builddir install
-popd
-
-pushd $SRC/pango-1.48.0
-meson \
-    -Ddefault_library=static \
-    --prefix=$PREFIX \
-    --libdir=lib \
-    _builddir
-sed -i -e 's/ -Werror=implicit-fallthrough//g' _builddir/build.ninja
-ninja -C _builddir
-ninja -C _builddir install
-popd
-
-pushd $SRC/qt
-# Add the flags to Qt build, borrowed from qt
-sed -i -e "s/QMAKE_CXXFLAGS    += -stdlib=libc++/QMAKE_CXXFLAGS    += -stdlib=libc++  $CXXFLAGS\nQMAKE_CFLAGS += $CFLAGS/g" qtbase/mkspecs/linux-clang-libc++/qmake.conf
-sed -i -e "s/QMAKE_LFLAGS      += -stdlib=libc++/QMAKE_LFLAGS      += -stdlib=libc++ -lpthread $CXXFLAGS/g" qtbase/mkspecs/linux-clang-libc++/qmake.conf
-# remove -fno-rtti which conflicts with -fsanitize=vptr when building with sanitizer undefined
-sed -i -e "s/QMAKE_CXXFLAGS_RTTI_OFF    = -fno-rtti/QMAKE_CXXFLAGS_RTTI_OFF    = /g" qtbase/mkspecs/common/gcc-base.conf
-MAKEFLAGS=-j$(nproc) $SRC/qt/configure -qt-libmd4c -platform linux-clang-libc++ -static -opensource -confirm-license -no-opengl -no-glib -nomake tests -nomake examples -prefix $PREFIX -D QT_NO_DEPRECATED_WARNINGS
-make -j$(nproc) > /dev/null
-make install
-popd
-
-# Poppler complains when PKG_CONFIG is set to `which pkg-config --static` so
-# temporarily removing it
-export PKG_CONFIG="`which pkg-config`"
-
 mkdir -p $SRC/poppler/build
 pushd $SRC/poppler/build
 cmake .. \
   -DCMAKE_BUILD_TYPE=debug \
   -DBUILD_SHARED_LIBS=OFF \
   -DFONT_CONFIGURATION=generic \
-  -DENABLE_FUZZER=OFF \
   -DENABLE_DCTDECODER=none \
-  -DENABLE_GOBJECT_INTROSPECTION=OFF \
   -DENABLE_LIBPNG=OFF \
   -DENABLE_ZLIB=OFF \
   -DENABLE_LIBTIFF=OFF \
   -DENABLE_LIBJPEG=OFF \
-  -DENABLE_GLIB=ON \
+  -DENABLE_GLIB=OFF \
   -DENABLE_LIBCURL=OFF \
-  -DENABLE_QT5=ON \
+  -DENABLE_QT5=OFF \
   -DENABLE_UTILS=OFF \
-  -DWITH_Cairo=ON \
+  -DWITH_Cairo=OFF \
   -DWITH_NSS3=OFF \
-  -DCMAKE_INSTALL_PREFIX=$PREFIX \
-  -DCMAKE_PREFIX_PATH=$PREFIX
-
-export PKG_CONFIG="`which pkg-config` --static"
-make -j$(nproc) poppler poppler-cpp poppler-glib poppler-qt5
+  -DCMAKE_INSTALL_PREFIX=$WORK
+make -j$(nproc) poppler poppler-cpp
 
-PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -lc -lz -pthread -lrt -lpthread"
-DEPS="gmodule-2.0 glib-2.0 gio-2.0 gobject-2.0 freetype2 lcms2 libopenjp2 libpng cairo cairo-gobject pango"
-BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`"
-BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`"
+fuzz_target=pdf_fuzzer
 
-fuzzers=$(find $SRC/poppler/cpp/tests/fuzzing/ -name "*_fuzzer.cc")
-for f in $fuzzers; do
-  fuzzer_name=$(basename $f .cc)
-
-  $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/cpp \
-    $BUILD_CFLAGS \
-    $f -o $OUT/$fuzzer_name \
-    $PREDEPS_LDFLAGS \
-    $SRC/poppler/build/cpp/libpoppler-cpp.a \
-    $SRC/poppler/build/libpoppler.a \
-    $BUILD_LDFLAGS \
+$CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/cpp \
+    $SRC/fuzz/pdf_fuzzer.cc -o $OUT/$fuzz_target \
     $LIB_FUZZING_ENGINE \
-    -Wl,-Bdynamic
-done
-
-fuzzers=$(find $SRC/poppler/glib/tests/fuzzing/ -name "*_fuzzer.cc")
-for f in $fuzzers; do
-  fuzzer_name=$(basename $f .cc)
-
-  $CXX $CXXFLAGS -std=c++11 -I$SRC/poppler/glib -I$SRC/poppler/build/glib \
-    $BUILD_CFLAGS \
-    $f -o $OUT/$fuzzer_name \
-    $PREDEPS_LDFLAGS \
-    $SRC/poppler/build/glib/libpoppler-glib.a \
     $SRC/poppler/build/cpp/libpoppler-cpp.a \
     $SRC/poppler/build/libpoppler.a \
-    $BUILD_LDFLAGS \
-    $LIB_FUZZING_ENGINE \
-    -Wl,-Bdynamic
-done
-
-PREDEPS_LDFLAGS="-Wl,-Bdynamic -ldl -lm -lc -lz -pthread -lrt -lpthread"
-DEPS="gmodule-2.0 glib-2.0 gio-2.0 gobject-2.0 freetype2 lcms2 libopenjp2 libpng Qt5Core Qt5Gui Qt5Xml"
-BUILD_CFLAGS="$CFLAGS `pkg-config --static --cflags $DEPS`"
-BUILD_LDFLAGS="-Wl,-static `pkg-config --static --libs $DEPS`"
-
-fuzzers=$(find $SRC/poppler/qt5/tests/fuzzing/ -name "*_fuzzer.cc")
-for f in $fuzzers; do
-  fuzzer_name=$(basename $f .cc)
-
-  $CXX $CXXFLAGS -std=c++11 -fPIC \
-    -I$SRC/poppler/qt5/src \
-    $BUILD_CFLAGS \
-    $f -o $OUT/$fuzzer_name \
-    $PREDEPS_LDFLAGS \
-    $SRC/poppler/build/qt5/src/libpoppler-qt5.a \
-    $SRC/poppler/build/cpp/libpoppler-cpp.a \
-    $SRC/poppler/build/libpoppler.a \
-    $BUILD_LDFLAGS \
-    $LIB_FUZZING_ENGINE \
-    -Wl,-Bdynamic
-done
+    $WORK/lib/libfreetype.a \
+    $WORK/lib/liblcms2.a \
+    $WORK/lib/libopenjp2.a
 
 mv $SRC/{*.zip,*.dict} $OUT
 
-if [ ! -f "${OUT}/poppler_seed_corpus.zip" ]; then
+if [ ! -f "${OUT}/${fuzz_target}_seed_corpus.zip" ]; then
   echo "missing seed corpus"
   exit 1
 fi
 
-if [ ! -f "${OUT}/poppler.dict" ]; then
+if [ ! -f "${OUT}/${fuzz_target}.dict" ]; then
   echo "missing dictionary"
   exit 1
 fi
-
-fuzzers=$(find $OUT -name "*_fuzzer")
-for f in $fuzzers; do
-  fuzzer_name=$(basename $f)
-  ln -sf $OUT/poppler_seed_corpus.zip $OUT/${fuzzer_name}_seed_corpus.zip
-  ln -sf $OUT/poppler.dict $OUT/${fuzzer_name}.dict
-done
diff --git a/projects/poppler/pdf_fuzzer.cc b/projects/poppler/pdf_fuzzer.cc
new file mode 100644
index 00000000..0f158bd8
--- /dev/null
+++ b/projects/poppler/pdf_fuzzer.cc
@@ -0,0 +1,55 @@
+/*
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+*/
+
+#include <cstdint>
+
+#include <poppler-destination.h>
+#include <poppler-global.h>
+#include <poppler-document.h>
+#include <poppler-page.h>
+#include <poppler-page-renderer.h>
+
+static void nop_func(const std::string& msg, void*) {};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  poppler::set_debug_error_function(nop_func, nullptr);
+
+  poppler::document *doc = poppler::document::load_from_raw_data((const char *)data, size);
+  if (!doc || doc->is_locked()) {
+    delete doc;
+    return 0;
+  }
+  doc->metadata();
+  doc->create_destination_map();
+  doc->embedded_files();
+  doc->fonts();
+
+  poppler::page_renderer r;
+  for (int i = 0; i < doc->pages(); i++) {
+    poppler::page *p = doc->create_page(i);
+    if (!p) {
+      continue;
+    }
+    r.render_page(p);
+    p->text_list(poppler::page::text_list_include_font);
+    delete p;
+  }
+
+  delete doc;
+  return 0;
+}
diff --git a/projects/poppler/project.yaml b/projects/poppler/project.yaml
index 68201fa6..88e7f0f5 100644
--- a/projects/poppler/project.yaml
+++ b/projects/poppler/project.yaml
@@ -3,6 +3,7 @@ language: c++
 primary_contact: tsdgeos@gmail.com
 sanitizers:
   - address
+  - memory
   - undefined
 auto_ccs:
   - jonathan@titanous.com
author	Abhishek Arya <inferno@chromium.org>	2020-11-27 07:56:21 -0800
committer	GitHub <noreply@github.com>	2020-11-27 07:56:21 -0800
commit	675d138642c865ea022aef41ba7a9bdf429859dd (patch)
tree	7e27f6a902793b2fbb6aad18772eea3a6e34959c /projects
parent	42d01f9c43ebdc8d2048adc52bc9077454df8f0d (diff)