AuroraMiddleware/scuffed-code
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c86028c70c
scuffed-code/icu4c/source/test/fuzzer/ucasemap_fuzzer.cc
Norbert Runge 219730e167 ICU-20217 Interprets fuzzer data as UCHar* instead of UTF-8. The conversion 
from assumed UTF-8 resulted in an extremely large percentage of Unicode
replacement characters in the data passed to the API under test.

ICU-20217 Uses fuzzer generated bytes to make random selection of locales, converters,
etc., replacing the random number generator. This way the fuzzer can control
the selections.

ICU-20217 Minor follow-ups from code review.
Removes fuzzer target break_iterator_utf32_fuzzer which does not perform
anything useful what the regular break iterator fuzzer target already performs.

ICU-20217 Fixes for-loop body.

ICU-20217 Uses am allocated buffer to pass head-truncated fuzzer data to the
API under test. The fuzzer may otherwise not detect buffer underflow.
by

ICU-20217 Typing fix.

ICU-20217 Fixing typing.

ICU-20217 Improve fuzzer targets, move truncated fuzzer data into a
new buffer to prevent that buffer underflow goes undetected.

ICU-20217 Fixes buffer management of fuzzer-provided data.

ICU-20217 Factor in PR review comments.
2019-02-20 15:22:26 -08:00

71 lines
1.9 KiB
C++
Raw Blame History

// © 2019 and later: Unicode, Inc. and others.
// License & terms of use: http://www.unicode.org/copyright.html
// Fuzzer for ucasemap.
#include <stddef.h>
#include <stdint.h>
#include <memory>
#include "fuzzer_utils.h"
#include "unicode/ucasemap.h"
IcuEnvironment* env = new IcuEnvironment();
template<typename T>
using deleted_unique_ptr = std::unique_ptr<T,std::function<void(T*)>>;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
UErrorCode status = U_ZERO_ERROR;
uint8_t rnd8 = 0;
uint16_t rnd16 = 0;
uint32_t rnd32 = 0;
if (size < 7) {
return 0;
}
// Extract one, two, and four bytes from fuzzer data for random selection
// purposes.
rnd8 = *data;
data++;
rnd16 = *(reinterpret_cast<const uint16_t *>(data));
data = data + 2;
rnd32 = *(reinterpret_cast<const uint32_t *>(data));
data = data + 4;
size = size - 7;
std::unique_ptr<char[]> fuzzbuff(new char[size]);
std::memcpy(fuzzbuff.get(), data, size);
const icu::Locale& locale = GetRandomLocale(rnd16);
uint32_t open_flags = rnd32;
deleted_unique_ptr<UCaseMap> csm(
ucasemap_open(locale.getName(), open_flags, &status),
[](UCaseMap* map) { ucasemap_close(map); });
if (U_FAILURE(status)) {
return 0;
}
int32_t dst_size = size * 2;
std::unique_ptr<char[]> dst(new char[dst_size]);
auto src = reinterpret_cast<const char*>(fuzzbuff.get());
switch (rnd8 % 4) {
case 0: ucasemap_utf8ToLower(csm.get(), dst.get(), dst_size, src, size,
&status);
break;
case 1: ucasemap_utf8ToUpper(csm.get(), dst.get(), dst_size, src, size,
&status);
break;
case 2: ucasemap_utf8ToTitle(csm.get(), dst.get(), dst_size, src, size,
&status);
break;
case 3: ucasemap_utf8FoldCase(csm.get(), dst.get(), dst_size, src, size,
&status);
break;
}
return 0;
}
Reference in New Issue View Git Blame Copy Permalink