-
Notifications
You must be signed in to change notification settings - Fork 219
Fuzz Testing Of PDFParser
This project includes a simple libFuzzer fuzzing harness for PDFParser: PDFWriterTesting/PDFParserFuzzingHarness.cpp.
Building it requires clang and setting -DBUILD_FUZZING_HARNESS=ON.
You can use libFuzzer or another compatible fuzzer such as AFL++.
The project can then be build like this:
mkdir build
cd build
cmake -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DBUILD_FUZZING_HARNESS=ON ..
cmake --build . -- -j$(nproc)(Note: depending on your platform -- -j$(nproc) option might not be recognized, it's ok to run without it)
Afterward, fuzzing can start:
./PDFWriterTesting/PDFParserFuzzingHarness ../PDFWriterTesting/Materials/fuzzing/MinimalFuzzingCorpusThis starts libFuzzer. When a crash is found, fuzzing is stopped and the crash is saved.
To use advanced fuzzing features such as multi-core scaling, dictionaries, etc. install AFL++ and compile the project with AFL++:
mkdir build
cd build
cmake -DCMAKE_C_COMPILER=afl-clang-fast -DCMAKE_CXX_COMPILER=afl-clang-fast++ -DBUILD_FUZZING_HARNESS=ON ..
cmake --build . -- -j$(nproc)To run AFL++:
afl-fuzz -i ../PDFWriterTesting/Materials/fuzzing/MinimalFuzzingCorpus -o fuzzing-out -x ../PDFWriterTesting/Materials/fuzzing/pdf.dict -t 50 -- ./PDFParserFuzzingHarnessAFL++ continues to run until stopped. Crashes and more information is found in fuzzing-out.
For advanced (multi-core, comparisons, ...) information on fuzzing with AFL++ take a look at the documentation or Trail of Bits testing handbook.
- First Steps In Creating a PDF file
- Creating PDF Pages
- Images Support
- Text Support
- Adding Content to PDF Pages
- Links
- Unicode and UnicodeString class
- PDF Embedding
- Custom input and output
- Using Form XObjects
- Forward Referencing
- JPG Images Support
- TIFF Images Support
- PNG Images support