Add OSS-Fuzz integration with 10 fuzz targets#1768
Open
skypher wants to merge 5 commits intoHopding:masterfrom
Open
Add OSS-Fuzz integration with 10 fuzz targets#1768skypher wants to merge 5 commits intoHopding:masterfrom
skypher wants to merge 5 commits intoHopding:masterfrom
Conversation
- pdf_parser: Main PDF document parsing - pdf_modify: PDF modification and saving - pdf_form: AcroForm field parsing - jpeg_embed/png_embed: Image embedding - stream_decode: Flate/LZW/Ascii85/Hex/RunLength decoders - object_parser: Individual PDF object parsing - pdf_string: String escape sequence handling - xref_stream: Cross-reference stream parsing - page_embed: PDF page embedding Includes: - 10 TypeScript fuzz targets - 3 dictionaries (PDF, JPEG, PNG tokens) - 6 options files for resource limits - 260+ seed corpus files - GitHub Actions CI workflow for regression testing - Documentation (fuzz/README.md)
- Add oss-fuzz/ directory with OSS-Fuzz config files (Dockerfile, build.sh, project.yaml) - Add fuzzing dependencies to package.json devDependencies (@jazzer.js/core, esbuild, c8) - Remove continue-on-error from regression test step for strict corpus validation - Expand coverage job to run all 10 fuzzers instead of just pdf_parser - Add round-trip validation to pdf_modify.fuzz.ts (load saved PDF to verify output) - Update fuzz/README.md with correct paths and simplified setup
Fuzz Target Logic Fixes: - stream_decode.fuzz.ts: Clarify that decode() is intentional (triggers lazy decoding) - pdf_string.fuzz.ts: Use latin1 encoding to test arbitrary hex characters properly - xref_stream.fuzz.ts: Fix offset calculation - xrefOffset now points to start of XRef object - object_parser.fuzz.ts: Target PDFObjectParser directly for 10x+ performance improvement Performance & Limits: - page_embed.fuzz.ts: Align limit to 1MB to match page_embed.options - Add missing options files: jpeg_embed, png_embed, pdf_string, xref_stream Code Quality: - pdf_form.fuzz.ts: Refactor to use instanceof checks instead of try-catch blocks
- stream_decode.fuzz.ts: Add defensive check before calling decode() - oss-fuzz/build.sh: Remove redundant npm install (deps now in package.json)
The fuzzing dependencies (@jazzer.js/core, esbuild) bring in newer @types/node that are incompatible with TypeScript 3.9.5 used by pdf-lib. Instead, install them separately: - GitHub Actions workflow installs them with --no-save - OSS-Fuzz build.sh installs them with --no-save - README updated with manual install instructions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds comprehensive OSS-Fuzz integration to pdf-lib, enabling continuous fuzzing through Google's infrastructure.
Fuzz Targets (10 total)
pdf_parserPDFDocument.load()pdf_modifypdf_formjpeg_embedpng_embedstream_decodeobject_parserpdf_stringxref_streampage_embedFiles Added
fuzz/*.fuzz.ts- 10 TypeScript fuzz targetsfuzz/*.options- Fuzzer resource limits (max_len, timeout)fuzz/corpus/- Seed corpora with valid and edge-case inputsfuzz/dictionaries/- PDF, JPEG, PNG dictionaries for guided fuzzingfuzz/README.md- Documentation and usage instructionsoss-fuzz/- OSS-Fuzz configuration (Dockerfile, build.sh, project.yaml).github/workflows/fuzz.yml- CI workflow for regression testingLocal Testing
Coverage
Current test suite achieves 87.56% line coverage and 98.55% parser coverage. These fuzz targets provide additional coverage through randomized input generation.
OSS-Fuzz Integration
A companion PR will be submitted to google/oss-fuzz with the project configuration files after this PR is merged.
This work prepares pdf-lib for inclusion in Google's OSS-Fuzz continuous fuzzing infrastructure, helping identify potential parsing bugs and edge cases.