Google Git
Sign in
fuchsia / third_party / icu / b5ecbb29a26532f72ef482569b223d5a51fd50bf^! / .
commitb5ecbb29a26532f72ef482569b223d5a51fd50bf[log] [tgz]
authorMike Aizatsky <aizatsky@chromium.org>Thu Jul 07 15:12:43 2016 -0700
committerMike Aizatsky <aizatsky@chromium.org>Fri Jul 08 14:15:00 2016 -0700
tree165027d4dcf8d4e2ffc4aa50102725ed5cfb37a6
parenta789fc26a839d0c02f0eaaa221e134ee8f3ca2eb [diff]
[libfuzzer] ICU convertors fuzzer.

diff --git a/fuzzers/BUILD.gn b/fuzzers/BUILD.gn
index 1503550..f8868a8 100644
--- a/fuzzers/BUILD.gn
+++ b/fuzzers/BUILD.gn

@@ -63,6 +63,8 @@
   deps = [
     ":fuzzer_support",
   ]
+  seed_corpus = "//third_party/icu/source/test/testdata"
+  libfuzzer_options = [ "max_len=10240" ]
 }
 
 fuzzer_test("icu_break_iterator_utf32_fuzzer") {
@@ -86,3 +88,14 @@
   seed_corpus = "//third_party/icu/source/test/testdata"
   libfuzzer_options = [ "max_len=10240" ]
 }
+
+fuzzer_test("icu_converter_fuzzer") {
+  sources = [
+    "icu_converter_fuzzer.cc",
+  ]
+  deps = [
+    ":fuzzer_support",
+  ]
+  seed_corpus = "//third_party/icu/source/test/testdata"
+  libfuzzer_options = [ "max_len=10240" ]
+}

diff --git a/fuzzers/icu_converter_fuzzer.cc b/fuzzers/icu_converter_fuzzer.cc
new file mode 100644
index 0000000..9b8102d
--- /dev/null
+++ b/fuzzers/icu_converter_fuzzer.cc

@@ -0,0 +1,45 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <algorithm>
+#include <array>
+#include <memory>
+#include <vector>
+
+#include "third_party/icu/source/common/unicode/unistr.h"
+#include "third_party/icu/source/common/unicode/ucnv.h"
+#include "third_party/icu/fuzzers/fuzzer_utils.h"
+
+IcuEnvironment* env = new IcuEnvironment();
+
+template <typename T>
+using deleted_unique_ptr = std::unique_ptr<T, std::function<void(T*)>>;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  UErrorCode status = U_ZERO_ERROR;
+  auto rng = CreateRng(data, size);
+  icu::UnicodeString str(UnicodeStringFromUtf8(data, size));
+
+  const char* converter_name =
+      ucnv_getAvailableName(rng() % ucnv_countAvailable());
+
+  deleted_unique_ptr<UConverter> converter(ucnv_open(converter_name, &status),
+                                           &ucnv_close);
+
+  if (U_FAILURE(status))
+    return 0;
+
+  static const size_t dest_buffer_size = 1024 * 1204;
+  static const std::unique_ptr<char[]> dest_buffer(new char[dest_buffer_size]);
+
+  str.extract(dest_buffer.get(), dest_buffer_size, converter.get(), status);
+
+  if (U_FAILURE(status))
+    return 0;
+
+  return 0;
+}