From c38b5d7ceaf4c19812e63f6a81ed19ed30ac2f94 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolan.mcnamara@collabora.com>
Date: Sun, 17 Mar 2024 21:58:29 +0000
Subject: add a sc-html fuzzer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Change-Id: I0d74859e276bfa98d8abf7b2e66600f849971468
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/164956
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
---
 vcl/Executable_schtmlfuzzer.mk   | 46 +++++++++++++++++++++
 vcl/Module_vcl.mk                |  1 +
 vcl/workben/fftester.cxx         | 10 +++++
 vcl/workben/schtmlfuzzer.cxx     | 89 ++++++++++++++++++++++++++++++++++++++++
 vcl/workben/schtmlfuzzer.options |  3 ++
 5 files changed, 149 insertions(+)
 create mode 100644 vcl/Executable_schtmlfuzzer.mk
 create mode 100644 vcl/workben/schtmlfuzzer.cxx
 create mode 100644 vcl/workben/schtmlfuzzer.options

(limited to 'vcl')

diff --git a/vcl/Executable_schtmlfuzzer.mk b/vcl/Executable_schtmlfuzzer.mk
new file mode 100644
index 000000000000..e600baa3f2fc
--- /dev/null
+++ b/vcl/Executable_schtmlfuzzer.mk
@@ -0,0 +1,46 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+include $(SRCDIR)/vcl/commonfuzzer.mk
+
+$(eval $(call gb_Executable_Executable,schtmlfuzzer))
+
+$(eval $(call gb_Executable_use_api,schtmlfuzzer,\
+    offapi \
+    udkapi \
+))
+
+$(eval $(call gb_Executable_use_externals,schtmlfuzzer,\
+	$(fuzzer_externals) \
+))
+
+$(eval $(call gb_Executable_set_include,schtmlfuzzer,\
+    $$(INCLUDE) \
+    -I$(SRCDIR)/vcl/inc \
+))
+
+$(eval $(call gb_Executable_use_libraries,schtmlfuzzer,\
+    $(fuzzer_calc_libraries) \
+    $(fuzzer_core_libraries) \
+))
+
+$(eval $(call gb_Executable_use_static_libraries,schtmlfuzzer,\
+    $(fuzzer_statics) \
+))
+
+$(eval $(call gb_Executable_add_exception_objects,schtmlfuzzer,\
+	vcl/workben/schtmlfuzzer \
+))
+
+$(eval $(call gb_Executable_add_libs,schtmlfuzzer,\
+	$(LIB_FUZZING_ENGINE) \
+))
+
+# vim: set noet sw=4 ts=4:
diff --git a/vcl/Module_vcl.mk b/vcl/Module_vcl.mk
index c0729d78209b..35c6427b4ed1 100644
--- a/vcl/Module_vcl.mk
+++ b/vcl/Module_vcl.mk
@@ -195,6 +195,7 @@ $(eval $(call gb_Module_add_targets,vcl,\
     Executable_fodsfuzzer \
     Executable_fodpfuzzer \
     Executable_xlsfuzzer \
+    Executable_schtmlfuzzer \
     Executable_scrtffuzzer \
     Executable_wksfuzzer \
     Executable_diffuzzer \
diff --git a/vcl/workben/fftester.cxx b/vcl/workben/fftester.cxx
index 587b26fd2495..f28c78d97078 100644
--- a/vcl/workben/fftester.cxx
+++ b/vcl/workben/fftester.cxx
@@ -502,6 +502,16 @@ SAL_IMPLEMENT_MAIN_WITH_ARGS(argc, argv)
             SvFileStream aFileStream(out, StreamMode::READ);
             ret = static_cast<int>((*pfnImport)(aFileStream));
         }
+        else if (strcmp(argv[2], "sc-html") == 0)
+        {
+            static FFilterCall pfnImport(nullptr);
+            if (!pfnImport)
+            {
+                pfnImport = load(u"libscfiltlo.so", "TestImportCalcHTML");
+            }
+            SvFileStream aFileStream(out, StreamMode::READ);
+            ret = static_cast<int>((*pfnImport)(aFileStream));
+        }
         else if (strcmp(argv[2], "slk") == 0)
         {
             static FFilterCall pfnImport(nullptr);
diff --git a/vcl/workben/schtmlfuzzer.cxx b/vcl/workben/schtmlfuzzer.cxx
new file mode 100644
index 000000000000..517e3573ab04
--- /dev/null
+++ b/vcl/workben/schtmlfuzzer.cxx
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <tools/stream.hxx>
+#include "commonfuzzer.hxx"
+
+#include <config_features.h>
+#include <osl/detail/component-mapping.h>
+
+extern "C" {
+void* i18npool_component_getFactory(const char*, void*, void*);
+
+void* com_sun_star_i18n_LocaleDataImpl_get_implementation(void*, void*);
+void* com_sun_star_i18n_BreakIterator_Unicode_get_implementation(void*, void*);
+void* com_sun_star_i18n_BreakIterator_get_implementation(void*, void*);
+void* com_sun_star_comp_framework_Desktop_get_implementation(void*, void*);
+void* com_sun_star_i18n_CharacterClassification_Unicode_get_implementation(void*, void*);
+void* com_sun_star_i18n_CharacterClassification_get_implementation(void*, void*);
+void* com_sun_star_i18n_NativeNumberSupplier_get_implementation(void*, void*);
+void* com_sun_star_i18n_NumberFormatCodeMapper_get_implementation(void*, void*);
+void* com_sun_star_i18n_Transliteration_get_implementation(void*, void*);
+void* i18npool_CalendarImpl_get_implementation(void*, void*);
+void* com_sun_star_comp_uui_UUIInteractionHandler_get_implementation(void*, void*);
+}
+
+const lib_to_factory_mapping* lo_get_factory_map(void)
+{
+    static lib_to_factory_mapping map[]
+        = { { "libi18npoollo.a", i18npool_component_getFactory }, { 0, 0 } };
+
+    return map;
+}
+
+const lib_to_constructor_mapping* lo_get_constructor_map(void)
+{
+    static lib_to_constructor_mapping map[]
+        = { { "com_sun_star_i18n_LocaleDataImpl_get_implementation",
+              com_sun_star_i18n_LocaleDataImpl_get_implementation },
+            { "com_sun_star_i18n_BreakIterator_Unicode_get_implementation",
+              com_sun_star_i18n_BreakIterator_Unicode_get_implementation },
+            { "com_sun_star_i18n_BreakIterator_get_implementation",
+              com_sun_star_i18n_BreakIterator_get_implementation },
+            { "com_sun_star_comp_framework_Desktop_get_implementation",
+              com_sun_star_comp_framework_Desktop_get_implementation },
+            { "com_sun_star_i18n_CharacterClassification_Unicode_get_implementation",
+              com_sun_star_i18n_CharacterClassification_Unicode_get_implementation },
+            { "com_sun_star_i18n_CharacterClassification_get_implementation",
+              com_sun_star_i18n_CharacterClassification_get_implementation },
+            { "com_sun_star_i18n_NativeNumberSupplier_get_implementation",
+              com_sun_star_i18n_NativeNumberSupplier_get_implementation },
+            { "com_sun_star_i18n_NumberFormatCodeMapper_get_implementation",
+              com_sun_star_i18n_NumberFormatCodeMapper_get_implementation },
+            { "com_sun_star_i18n_Transliteration_get_implementation",
+              com_sun_star_i18n_Transliteration_get_implementation },
+            { "i18npool_CalendarImpl_get_implementation",
+              i18npool_CalendarImpl_get_implementation },
+            { "com_sun_star_comp_uui_UUIInteractionHandler_get_implementation",
+              com_sun_star_comp_uui_UUIInteractionHandler_get_implementation },
+            { 0, 0 } };
+
+    return map;
+}
+
+extern "C" void* lo_get_custom_widget_func(const char*) { return nullptr; }
+
+extern "C" void* ScCreateDialogFactory() { return nullptr; }
+
+extern "C" bool TestImportCalcHTML(SvStream& rStream);
+
+extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
+{
+    TypicalFuzzerInitialize(argc, argv);
+    return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    SvMemoryStream aStream(const_cast<uint8_t*>(data), size, StreamMode::READ);
+    (void)TestImportCalcHTML(aStream);
+    return 0;
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/vcl/workben/schtmlfuzzer.options b/vcl/workben/schtmlfuzzer.options
new file mode 100644
index 000000000000..32f759a0969a
--- /dev/null
+++ b/vcl/workben/schtmlfuzzer.options
@@ -0,0 +1,3 @@
+[libfuzzer]
+max_len = 20480
+dict = html.dict
-- 
cgit