Skip to content

Add comprehensive OSS-Fuzz integration with 19 fuzzers#81

Open
skypher wants to merge 2 commits intoArtifexSoftware:masterfrom
skypher:oss-fuzz-comprehensive
Open

Add comprehensive OSS-Fuzz integration with 19 fuzzers#81
skypher wants to merge 2 commits intoArtifexSoftware:masterfrom
skypher:oss-fuzz-comprehensive

Conversation

@skypher
Copy link

@skypher skypher commented Dec 22, 2025

Summary

This PR adds a complete fuzzing infrastructure for integration with Google's OSS-Fuzz continuous fuzzing service, targeting all major MuPDF attack surfaces.

Fuzzers Added (19 total)

Category Fuzzers
Document formats fuzz_image, fuzz_svg, fuzz_xps, fuzz_epub, fuzz_cbz, fuzz_html
Parsers fuzz_xml, fuzz_html5, fuzz_json
PDF subsystems fuzz_pdf_lexer, fuzz_pdf_object, fuzz_pdf_stream, fuzz_cmap, fuzz_stext
Resources fuzz_font, fuzz_colorspace, fuzz_archive, fuzz_filter, fuzz_path

Also Includes

  • 11 dictionaries: Format-specific tokens for mutation guidance (PDF, SVG, XML, HTML, JSON, etc.)
  • Seed corpus: Minimal valid files for each format to bootstrap fuzzing
  • build.sh: OSS-Fuzz build orchestration script
  • Makefile: Local fuzzer development and testing
  • Multi-engine support: Compatible with libfuzzer, AFL++, and honggfuzz
  • All sanitizers: ASan, MSan, and UBSan

Testing

  • All 19 fuzzers compile successfully against MuPDF
  • Tested with OSS-Fuzz infrastructure locally (check_build passes for all 20 fuzzers)
  • fuzz_image includes OOM protection (MAX_IMAGE_DIM check)
  • fuzz_path exercises both path construction and rasterization

Files

fuzz/
├── fuzz_*.c          # 19 fuzzer source files (with AGPL headers)
├── build.sh          # OSS-Fuzz build script
├── Makefile          # Local development makefile
├── dictionaries/     # 11 format-specific dictionaries
└── corpus/           # Seed files for each fuzzer

Next Steps

After this merges, a corresponding PR will be submitted to google/oss-fuzz with the build integration (Dockerfile, project.yaml).

@skypher
Add comprehensive OSS-Fuzz integration with 19 fuzzers
944e8e7 
This adds a complete fuzzing infrastructure targeting all major MuPDF
attack surfaces for integration with Google's OSS-Fuzz continuous
fuzzing service.

Fuzzers added:
- Document formats: fuzz_image, fuzz_svg, fuzz_xps, fuzz_epub, fuzz_cbz, fuzz_html
- Parsers: fuzz_xml, fuzz_html5, fuzz_json
- PDF subsystems: fuzz_pdf_lexer, fuzz_pdf_object, fuzz_pdf_stream, fuzz_cmap, fuzz_stext
- Resources: fuzz_font, fuzz_colorspace, fuzz_archive, fuzz_filter, fuzz_path

Also includes:
- 11 format-specific dictionaries for mutation guidance
- Seed corpus with minimal valid files for each format
- Support for libfuzzer, AFL++, and honggfuzz engines
- Compatible with ASan, MSan, and UBSan sanitizers

Tested with OSS-Fuzz infrastructure locally - all fuzzers pass check_build.
@skypher
Address review feedback for OSS-Fuzz integration
8529be9 
- Fix OOM risk in fuzz_image.c by checking image dimensions before
  decoding (MAX_IMAGE_DIM = 8192)
- Add fuzz/build.sh for OSS-Fuzz build orchestration
- Add fuzz/Makefile for local fuzzer development and testing
- Apply AGPL license headers to all 19 fuzzer source files
- Enhance fuzz_path.c to exercise rasterizer (fill/stroke paths)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@skypher