summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Repository.mk1
-rwxr-xr-xbin/oss-fuzz-setup.sh1
-rw-r--r--sc/source/ui/docshell/docsh.cxx16
-rw-r--r--vcl/Executable_schtmlfuzzer.mk46
-rw-r--r--vcl/Module_vcl.mk1
-rw-r--r--vcl/workben/fftester.cxx10
-rw-r--r--vcl/workben/schtmlfuzzer.cxx89
-rw-r--r--vcl/workben/schtmlfuzzer.options3
8 files changed, 167 insertions, 0 deletions
diff --git a/Repository.mk b/Repository.mk
index aa740fae6860..5b60bd66cfcc 100644
--- a/Repository.mk
+++ b/Repository.mk
@@ -150,6 +150,7 @@ $(eval $(call gb_Helper_register_executables_for_install,OOO,brand, \
$(call gb_Helper_optional,FUZZERS,fodsfuzzer) \
$(call gb_Helper_optional,FUZZERS,fodpfuzzer) \
$(call gb_Helper_optional,FUZZERS,xlsfuzzer) \
+ $(call gb_Helper_optional,FUZZERS,schtmlfuzzer) \
$(call gb_Helper_optional,FUZZERS,scrtffuzzer) \
$(call gb_Helper_optional,FUZZERS,wksfuzzer) \
$(call gb_Helper_optional,FUZZERS,diffuzzer) \
diff --git a/bin/oss-fuzz-setup.sh b/bin/oss-fuzz-setup.sh
index d8ad9f44f262..5bfc0ce887eb 100755
--- a/bin/oss-fuzz-setup.sh
+++ b/bin/oss-fuzz-setup.sh
@@ -167,5 +167,6 @@ curl --no-progress-meter -S \
-C - -O https://dev-www.libreoffice.org/corpus/zipfuzzer_seed_corpus.zip
cp fodtfuzzer_seed_corpus.zip fodt2pdffuzzer_seed_corpus.zip
cp fodsfuzzer_seed_corpus.zip fods2xlsfuzzer_seed_corpus.zip
+cp htmlfuzzer_seed_corpus.zip schtmlfuzzer_seed_corpus.zip
echo end downloading dependencies at `date -u`
diff --git a/sc/source/ui/docshell/docsh.cxx b/sc/source/ui/docshell/docsh.cxx
index 857313f587b9..c3dd185a0ac9 100644
--- a/sc/source/ui/docshell/docsh.cxx
+++ b/sc/source/ui/docshell/docsh.cxx
@@ -3488,6 +3488,22 @@ extern "C" SAL_DLLPUBLIC_EXPORT bool TestImportSLK(SvStream &rStream)
return aImpEx.ImportStream(rStream, OUString(), SotClipboardFormatId::SYLK);
}
+extern "C" SAL_DLLPUBLIC_EXPORT bool TestImportCalcHTML(SvStream &rStream)
+{
+ ScDLL::Init();
+ ScDocument aDocument;
+ ScDocOptions aDocOpt = aDocument.GetDocOptions();
+ aDocOpt.SetLookUpColRowNames(false);
+ aDocument.SetDocOptions(aDocOpt);
+ aDocument.MakeTable(0);
+ aDocument.EnableExecuteLink(false);
+ aDocument.SetInsertingFromOtherDoc(true);
+ aDocument.SetImportingXML(true);
+
+ ScImportExport aImpEx(aDocument);
+ return aImpEx.ImportStream(rStream, OUString(), SotClipboardFormatId::HTML);
+}
+
extern "C" SAL_DLLPUBLIC_EXPORT bool TestImportDBF(SvStream &rStream)
{
ScDLL::Init();
diff --git a/vcl/Executable_schtmlfuzzer.mk b/vcl/Executable_schtmlfuzzer.mk
new file mode 100644
index 000000000000..e600baa3f2fc
--- /dev/null
+++ b/vcl/Executable_schtmlfuzzer.mk
@@ -0,0 +1,46 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+include $(SRCDIR)/vcl/commonfuzzer.mk
+
+$(eval $(call gb_Executable_Executable,schtmlfuzzer))
+
+$(eval $(call gb_Executable_use_api,schtmlfuzzer,\
+ offapi \
+ udkapi \
+))
+
+$(eval $(call gb_Executable_use_externals,schtmlfuzzer,\
+ $(fuzzer_externals) \
+))
+
+$(eval $(call gb_Executable_set_include,schtmlfuzzer,\
+ $$(INCLUDE) \
+ -I$(SRCDIR)/vcl/inc \
+))
+
+$(eval $(call gb_Executable_use_libraries,schtmlfuzzer,\
+ $(fuzzer_calc_libraries) \
+ $(fuzzer_core_libraries) \
+))
+
+$(eval $(call gb_Executable_use_static_libraries,schtmlfuzzer,\
+ $(fuzzer_statics) \
+))
+
+$(eval $(call gb_Executable_add_exception_objects,schtmlfuzzer,\
+ vcl/workben/schtmlfuzzer \
+))
+
+$(eval $(call gb_Executable_add_libs,schtmlfuzzer,\
+ $(LIB_FUZZING_ENGINE) \
+))
+
+# vim: set noet sw=4 ts=4:
diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk
index c0729d78209b..35c6427b4ed1 100644
--- a/vcl/Module_vcl.mk
+++ b/vcl/Module_vcl.mk
@@ -195,6 +195,7 @@ $(eval $(call gb_Module_add_targets,vcl,\
Executable_fodsfuzzer \
Executable_fodpfuzzer \
Executable_xlsfuzzer \
+ Executable_schtmlfuzzer \
Executable_scrtffuzzer \
Executable_wksfuzzer \
Executable_diffuzzer \
diff --git a/vcl/workben/fftester.cxx b/vcl/workben/fftester.cxx
index 587b26fd2495..f28c78d97078 100644
--- a/vcl/workben/fftester.cxx
+++ b/vcl/workben/fftester.cxx
@@ -502,6 +502,16 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(argc, argv)
SvFileStream aFileStream(out, StreamMode::READ);
ret = static_cast<int>((*pfnImport)(aFileStream));
}
+ else if (strcmp(argv[2], "sc-html") == 0)
+ {
+ static FFilterCall pfnImport(nullptr);
+ if (!pfnImport)
+ {
+ pfnImport = load(u"libscfiltlo.so", "TestImportCalcHTML");
+ }
+ SvFileStream aFileStream(out, StreamMode::READ);
+ ret = static_cast<int>((*pfnImport)(aFileStream));
+ }
else if (strcmp(argv[2], "slk") == 0)
{
static FFilterCall pfnImport(nullptr);
diff --git a/vcl/workben/schtmlfuzzer.cxx b/vcl/workben/schtmlfuzzer.cxx
new file mode 100644
index 000000000000..517e3573ab04
--- /dev/null
+++ b/vcl/workben/schtmlfuzzer.cxx
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <tools/stream.hxx>
+#include "commonfuzzer.hxx"
+
+#include <config_features.h>
+#include <osl/detail/component-mapping.h>
+
+extern "C" {
+void* i18npool_component_getFactory(const char*, void*, void*);
+
+void* com_sun_star_i18n_LocaleDataImpl_get_implementation(void*, void*);
+void* com_sun_star_i18n_BreakIterator_Unicode_get_implementation(void*, void*);
+void* com_sun_star_i18n_BreakIterator_get_implementation(void*, void*);
+void* com_sun_star_comp_framework_Desktop_get_implementation(void*, void*);
+void* com_sun_star_i18n_CharacterClassification_Unicode_get_implementation(void*, void*);
+void* com_sun_star_i18n_CharacterClassification_get_implementation(void*, void*);
+void* com_sun_star_i18n_NativeNumberSupplier_get_implementation(void*, void*);
+void* com_sun_star_i18n_NumberFormatCodeMapper_get_implementation(void*, void*);
+void* com_sun_star_i18n_Transliteration_get_implementation(void*, void*);
+void* i18npool_CalendarImpl_get_implementation(void*, void*);
+void* com_sun_star_comp_uui_UUIInteractionHandler_get_implementation(void*, void*);
+}
+
+const lib_to_factory_mapping* lo_get_factory_map(void)
+{
+ static lib_to_factory_mapping map[]
+ = { { "libi18npoollo.a", i18npool_component_getFactory }, { 0, 0 } };
+
+ return map;
+}
+
+const lib_to_constructor_mapping* lo_get_constructor_map(void)
+{
+ static lib_to_constructor_mapping map[]
+ = { { "com_sun_star_i18n_LocaleDataImpl_get_implementation",
+ com_sun_star_i18n_LocaleDataImpl_get_implementation },
+ { "com_sun_star_i18n_BreakIterator_Unicode_get_implementation",
+ com_sun_star_i18n_BreakIterator_Unicode_get_implementation },
+ { "com_sun_star_i18n_BreakIterator_get_implementation",
+ com_sun_star_i18n_BreakIterator_get_implementation },
+ { "com_sun_star_comp_framework_Desktop_get_implementation",
+ com_sun_star_comp_framework_Desktop_get_implementation },
+ { "com_sun_star_i18n_CharacterClassification_Unicode_get_implementation",
+ com_sun_star_i18n_CharacterClassification_Unicode_get_implementation },
+ { "com_sun_star_i18n_CharacterClassification_get_implementation",
+ com_sun_star_i18n_CharacterClassification_get_implementation },
+ { "com_sun_star_i18n_NativeNumberSupplier_get_implementation",
+ com_sun_star_i18n_NativeNumberSupplier_get_implementation },
+ { "com_sun_star_i18n_NumberFormatCodeMapper_get_implementation",
+ com_sun_star_i18n_NumberFormatCodeMapper_get_implementation },
+ { "com_sun_star_i18n_Transliteration_get_implementation",
+ com_sun_star_i18n_Transliteration_get_implementation },
+ { "i18npool_CalendarImpl_get_implementation",
+ i18npool_CalendarImpl_get_implementation },
+ { "com_sun_star_comp_uui_UUIInteractionHandler_get_implementation",
+ com_sun_star_comp_uui_UUIInteractionHandler_get_implementation },
+ { 0, 0 } };
+
+ return map;
+}
+
+extern "C" void* lo_get_custom_widget_func(const char*) { return nullptr; }
+
+extern "C" void* ScCreateDialogFactory() { return nullptr; }
+
+extern "C" bool TestImportCalcHTML(SvStream& rStream);
+
+extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
+{
+ TypicalFuzzerInitialize(argc, argv);
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ);
+ (void)TestImportCalcHTML(aStream);
+ return 0;
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/workben/schtmlfuzzer.options b/vcl/workben/schtmlfuzzer.options
new file mode 100644
index 000000000000..32f759a0969a
--- /dev/null
+++ b/vcl/workben/schtmlfuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 20480
+dict = html.dict