Extensive fuzzing for poppler with OSS-Fuz

Hello poppler developers and contributors,

I am a Software Engineering Intern at Google, working with the Third Party Security (TPS) team. As part of my internship I am working on fuzzing GNOME libraries and poppler is one of the libraries that we have picked for this work.

In a nutshell, fuzzing (or fuzz testing) is an automated software testing technique that involves passing invalid, unexpected or random inputs to a program and monitoring the behavior of the program for exceptions, failing assertions or potential memory leaks/overflows. Fuzzers are a reasonable complement to classical software testing techniques as they: (1) are easy to write, (2) can test small parts of code, and (3) can look for new bugs and vulnerabilities.

Google has a free fuzzing infrastructure, called OSS-Fuzz, that you can use to continuously run your fuzzers to identify security vulnerabilities and security bugs in your project. As you might know the poppler project is already integrated with the OSS-Fuzz. However, there is only a single fuzzer with low coverage so there is potential for increasing the code coverage by adding new fuzzers.

This MR includes fuzzers for source codes under the cpp, glib and qt5 directories. You can find the fuzzers for each directory under [dir]/tests/fuzzing. You can use these test files as a set of inputs that can serve as a starting point for the fuzzers. Note that these fuzzers use a library called libFuzzer that requires a recent version of the clang compiler. You need to use the -fsanitize=fuzzer,address flag with clang for the necessary instrumentation.

One thing that you might consider moving forward is hosting the fuzzers in the poppler repository. The only fuzzer for poppler (pdf_fuzzer.cc for the cpp API) currently resides in the OSS-Fuzz repository. In an ideal integration with OSS-Fuzz the code of the fuzzer(s) would be a part of the project’s source code repository as this makes it easy to maintain the fuzzers and minimizes breakages that can arise as source code changes over time.

Please do not hesitate to contact us if you have any questions regarding the fuzzers or OSS-Fuzz. We are hoping to hear from you and looking forward to collaborating with you on this effort.