add a separate fuzzer for OLE2

Change-Id: I518bd8dc6fd50e96746d6d415190551c6cbfdea5
Reviewed-on: https://gerrit.libreoffice.org/35178
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

5 files changed, 116 insertions, 1 deletions

diff --git a/Makefile.in b/Makefile.in
index 9c934dd396d9..3f07ddee079d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -446,7 +446,7 @@ $(foreach ide,\
     eclipsecdt,\
 $(eval $(call gb_Top_GbuildToIdeIntegrationNS,$(ide))))
 
-fuzzers: Library_sal Library_salhelper Library_reg Library_store Library_unoidl codemaker Library_cppu Library_i18nlangtag Library_cppuhelper Library_comphelper StaticLibrary_ulingu StaticLibrary_jpeg StaticLibrary_findsofficepath Library_tl Library_basegfx Library_canvastools Library_cppcanvas Library_dbtools Library_deploymentmisc Library_deploymentmisc Library_editeng Library_fwe Library_fwi Library_i18nutil Library_localebe1 Library_sax Library_sofficeapp Library_ucbhelper Library_opencl Rdb_services udkapi offapi Library_clew Library_gie Library_icg Library_reflection Library_invocadapt Library_bootstrap Library_introspection Library_stocservices Library_xmlreader Library_gcc3_uno instsetoo_native more_fonts StaticLibrary_fuzzer Executable_wmffuzzer Executable_jpgfuzzer Executable_giffuzzer Executable_xbmfuzzer Executable_xpmfuzzer Executable_pngfuzzer Executable_bmpfuzzer Executable_svmfuzzer Executable_pcdfuzzer Executable_dxffuzzer Executable_metfuzzer Executable_ppmfuzzer Executable_psdfuzzer Executable_epsfuzzer Executable_pctfuzzer Executable_pcxfuzzer Executable_rasfuzzer Executable_tgafuzzer Executable_tiffuzzer Executable_hwpfuzzer Executable_602fuzzer Executable_lwpfuzzer AllLangResTarget_sd
+fuzzers: Library_sal Library_salhelper Library_reg Library_store Library_unoidl codemaker Library_cppu Library_i18nlangtag Library_cppuhelper Library_comphelper StaticLibrary_ulingu StaticLibrary_jpeg StaticLibrary_findsofficepath Library_tl Library_basegfx Library_canvastools Library_cppcanvas Library_dbtools Library_deploymentmisc Library_deploymentmisc Library_editeng Library_fwe Library_fwi Library_i18nutil Library_localebe1 Library_sax Library_sofficeapp Library_ucbhelper Library_opencl Rdb_services udkapi offapi Library_clew Library_gie Library_icg Library_reflection Library_invocadapt Library_bootstrap Library_introspection Library_stocservices Library_xmlreader Library_gcc3_uno instsetoo_native more_fonts StaticLibrary_fuzzer Executable_wmffuzzer Executable_jpgfuzzer Executable_giffuzzer Executable_xbmfuzzer Executable_xpmfuzzer Executable_pngfuzzer Executable_bmpfuzzer Executable_svmfuzzer Executable_pcdfuzzer Executable_dxffuzzer Executable_metfuzzer Executable_ppmfuzzer Executable_psdfuzzer Executable_epsfuzzer Executable_pctfuzzer Executable_pcxfuzzer Executable_rasfuzzer Executable_tgafuzzer Executable_tiffuzzer Executable_hwpfuzzer Executable_602fuzzer Executable_lwpfuzzer Executable_olefuzzer AllLangResTarget_sd
 
 endif # MAKE_RESTARTS
 
diff --git a/Repository.mk b/Repository.mk
index ec7340445edb..322650aa182b 100644
--- a/Repository.mk
+++ b/Repository.mk
@@ -115,6 +115,7 @@ $(eval $(call gb_Helper_register_executables_for_install,OOO,brand, \
 	$(call gb_Helper_optional,FUZZERS,hwpfuzzer) \
 	$(call gb_Helper_optional,FUZZERS,602fuzzer) \
 	$(call gb_Helper_optional,FUZZERS,lwpfuzzer) \
+	$(call gb_Helper_optional,FUZZERS,olefuzzer) \
 	$(if $(filter-out ANDROID IOS MACOSX WNT,$(OS)),oosplash) \
 	soffice_bin \
 	$(if $(filter DESKTOP,$(BUILD_TYPE)),unopkg_bin) \
diff --git a/vcl/Executable_olefuzzer.mk b/vcl/Executable_olefuzzer.mk
new file mode 100644
index 000000000000..d339f4cc80a6
--- /dev/null
+++ b/vcl/Executable_olefuzzer.mk
@@ -0,0 +1,47 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+include $(SRCDIR)/vcl/commonfuzzer.mk
+
+$(eval $(call gb_Executable_Executable,olefuzzer))
+
+$(eval $(call gb_Executable_use_api,olefuzzer,\
+    offapi \
+    udkapi \
+))
+
+$(eval $(call gb_Executable_use_externals,olefuzzer,\
+	$(fuzzer_externals) \
+))
+
+$(eval $(call gb_Executable_set_include,olefuzzer,\
+    $$(INCLUDE) \
+    -I$(SRCDIR)/vcl/inc \
+))
+
+$(eval $(call gb_Executable_use_libraries,olefuzzer,\
+	$(fuzzer_libraries) \
+))
+
+$(eval $(call gb_Executable_use_static_libraries,olefuzzer,\
+    findsofficepath \
+    ulingu \
+    fuzzer \
+))
+
+$(eval $(call gb_Executable_add_exception_objects,olefuzzer,\
+	vcl/workben/olefuzzer \
+))
+
+$(eval $(call gb_Executable_add_libs,olefuzzer,\
+	-lFuzzingEngine \
+))
+
+# vim: set noet sw=4 ts=4:
diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk
index c2290325b01e..ca1a12e752e3 100644
--- a/vcl/Module_vcl.mk
+++ b/vcl/Module_vcl.mk
@@ -128,6 +128,7 @@ $(eval $(call gb_Module_add_targets,vcl,\
     Executable_hwpfuzzer \
     Executable_602fuzzer \
     Executable_lwpfuzzer \
+    Executable_olefuzzer \
 ))
 endif
 
diff --git a/vcl/workben/olefuzzer.cxx b/vcl/workben/olefuzzer.cxx
new file mode 100644
index 000000000000..349e27ecd28b
--- /dev/null
+++ b/vcl/workben/olefuzzer.cxx
@@ -0,0 +1,66 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <vector>
+
+#include <sot/storage.hxx>
+
+#include <tools/stream.hxx>
+
+#include "commonfuzzer.hxx"
+
+namespace
+{
+
+void traverse(const tools::SvRef<SotStorage>& rStorage, std::vector<unsigned char>& rBuf)
+{
+    SvStorageInfoList infos;
+
+    rStorage->FillInfoList(&infos);
+
+    for (const auto& info: infos)
+    {
+        if (info.IsStream())
+        {
+            // try to open and read all content
+            tools::SvRef<SotStorageStream> xStream(rStorage->OpenSotStream(info.GetName(), StreamMode::STD_READ));
+            const size_t nSize = xStream->GetSize();
+            const size_t nRead = xStream->ReadBytes(rBuf.data(), nSize);
+            (void) nRead;
+        }
+        else if (info.IsStorage())
+        {
+            tools::SvRef<SotStorage> xStorage(rStorage->OpenSotStorage(info.GetName(), StreamMode::STD_READ));
+
+            // continue with children
+            traverse(xStorage, rBuf);
+        }
+        else
+        {
+        }
+    }
+}
+
+void TestImportOLE2(SvStream &rStream, size_t nSize)
+{
+    tools::SvRef<SotStorage> xRootStorage(new SotStorage(&rStream, false));
+    std::vector<unsigned char> aTmpBuf(nSize);
+    traverse(xRootStorage, aTmpBuf);
+}
+
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ);
+    TestImportOLE2(aStream, size);
+    return 0;
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */