Add comprehensive OSS-Fuzz integration with 19 fuzzers

fuzz/Makefile

@@ -0,0 +1,53 @@
+# Copyright (C) 2025 Artifex Software, Inc.
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# Makefile for building MuPDF fuzzers locally
+#
+# Usage:
+#   make                  # Build all fuzzers
+#   make fuzz_image       # Build specific fuzzer
+#   make run_image        # Run fuzzer with corpus
+#   make clean            # Remove built fuzzers
+#
+# Prerequisites:
+#   - clang with fuzzer support
+#   - MuPDF libraries built: make -C .. libs HAVE_X11=no HAVE_GLUT=no
+
+MUPDF_ROOT = ..
+CC = clang
+CFLAGS = -g -O1 -fno-omit-frame-pointer \
+         -fsanitize=fuzzer,address,undefined \
+         -I$(MUPDF_ROOT)/include
+LDFLAGS = -fsanitize=fuzzer,address,undefined
+LIBS = $(MUPDF_ROOT)/build/release/libmupdf.a \
+       $(MUPDF_ROOT)/build/release/libmupdf-third.a \
+       -lm -lpthread
+
+FUZZERS = fuzz_archive fuzz_cbz fuzz_cmap fuzz_colorspace fuzz_epub \
+          fuzz_filter fuzz_font fuzz_html fuzz_html5 fuzz_image \
+          fuzz_json fuzz_path fuzz_pdf_lexer fuzz_pdf_object \
+          fuzz_pdf_stream fuzz_stext fuzz_svg fuzz_xml fuzz_xps
+
+.PHONY: all clean run_% libs
+
+all: libs $(FUZZERS)
+
+libs:
+	$(MAKE) -C $(MUPDF_ROOT) libs HAVE_X11=no HAVE_GLUT=no
+
+fuzz_%: fuzz_%.c $(MUPDF_ROOT)/build/release/libmupdf.a
+	$(CC) $(CFLAGS) $< -o $@ $(LDFLAGS) $(LIBS)
+
+# Run a fuzzer with its corpus (e.g., make run_image)
+run_%: fuzz_%
+	@mkdir -p corpus/$*
+	./fuzz_$* corpus/$* $(if $(wildcard corpus/$*/*),,-max_total_time=60)
+
+clean:
+	rm -f $(FUZZERS)
+	rm -rf corpus/*/crash-* corpus/*/oom-*
+
+# Coverage build (for measuring code coverage)
+coverage: CFLAGS = -g -O1 -fprofile-instr-generate -fcoverage-mapping -I$(MUPDF_ROOT)/include
+coverage: LDFLAGS = -fprofile-instr-generate -fcoverage-mapping
+coverage: clean all

fuzz/build.sh

@@ -0,0 +1,37 @@
+#!/bin/bash -eu
+# Copyright (C) 2025 Artifex Software, Inc.
+# SPDX-License-Identifier: AGPL-3.0-or-later
+#
+# OSS-Fuzz build script for MuPDF fuzzers
+
+# Build MuPDF static libraries
+make -j$(nproc) libs HAVE_X11=no HAVE_GLUT=no
+
+# List of all 19 fuzzers
+FUZZERS="archive cbz cmap colorspace epub filter font html html5 image json path pdf_lexer pdf_object pdf_stream stext svg xml xps"
+
+# Build each fuzzer
+for f in $FUZZERS; do
+    $CC $CFLAGS -Iinclude \
+        fuzz/fuzz_$f.c -o $OUT/fuzz_$f \
+        $LIB_FUZZING_ENGINE build/release/libmupdf.a build/release/libmupdf-third.a -lm -lpthread
+done
+
+# Copy dictionaries
+if [ -d "fuzz/dictionaries" ]; then
+    for dict in fuzz/dictionaries/*.dict; do
+        if [ -f "$dict" ]; then
+            base=$(basename "$dict" .dict)
+            cp "$dict" "$OUT/fuzz_${base}.dict" 2>/dev/null || true
+        fi
+    done
+fi
+
+# Create seed corpora
+for f in $FUZZERS; do
+    if [ -d "fuzz/corpus/$f" ] && [ "$(ls -A fuzz/corpus/$f 2>/dev/null)" ]; then
+        zip -jr "$OUT/fuzz_${f}_seed_corpus.zip" "fuzz/corpus/$f/" 2>/dev/null || true
+    fi
+done
+
+echo "Build complete: $(ls -1 $OUT/fuzz_* | wc -l) artifacts created"

fuzz/corpus/cmap/identity.cmap

@@ -0,0 +1,16 @@
+/CIDInit /ProcSet findresource begin
+12 dict begin
+begincmap
+/CIDSystemInfo << /Registry (Adobe) /Ordering (Identity) /Supplement 0 >> def
+/CMapName /Identity-H def
+/CMapType 1 def
+1 begincodespacerange
+<0000> <FFFF>
+endcodespacerange
+1 begincidrange
+<0000> <FFFF> 0
+endcidrange
+endcmap
+CMapName currentdict /CMap defineresource pop
+end
+end

fuzz/corpus/filter/flate.bin

@@ -0,0 +1 @@
+x

fuzz/corpus/html/minimal.html

@@ -0,0 +1,5 @@
+<!DOCTYPE html>
+<html>
+<head><title>Test</title></head>
+<body><p>Hello</p></body>
+</html>

fuzz/corpus/html5/minimal.html

@@ -0,0 +1,5 @@
+<!DOCTYPE html>
+<html>
+<head><title>Test</title></head>
+<body><p>Hello</p></body>
+</html>

fuzz/corpus/json/complex.json

@@ -0,0 +1 @@
+{"string":"hello","number":42,"float":3.14,"bool":true,"null":null,"array":[1,2,3],"object":{"nested":"value"}}

fuzz/corpus/json/minimal.json

@@ -0,0 +1 @@
+{}

fuzz/corpus/path/simple.path

@@ -0,0 +1 @@
+M 0 0 L 100 100 C 50 50 75 25 100 0 Z

fuzz/corpus/pdf_stream/content.stream

@@ -0,0 +1,5 @@
+BT
+/F1 12 Tf
+100 700 Td
+(Hello World) Tj
+ET