[libfuzzer] ICU convertors fuzzer.
diff --git a/fuzzers/BUILD.gn b/fuzzers/BUILD.gn
index 1503550..f8868a8 100644
--- a/fuzzers/BUILD.gn
+++ b/fuzzers/BUILD.gn
@@ -63,6 +63,8 @@
deps = [
":fuzzer_support",
]
+ seed_corpus = "//third_party/icu/source/test/testdata"
+ libfuzzer_options = [ "max_len=10240" ]
}
fuzzer_test("icu_break_iterator_utf32_fuzzer") {
@@ -86,3 +88,14 @@
seed_corpus = "//third_party/icu/source/test/testdata"
libfuzzer_options = [ "max_len=10240" ]
}
+
+fuzzer_test("icu_converter_fuzzer") {
+ sources = [
+ "icu_converter_fuzzer.cc",
+ ]
+ deps = [
+ ":fuzzer_support",
+ ]
+ seed_corpus = "//third_party/icu/source/test/testdata"
+ libfuzzer_options = [ "max_len=10240" ]
+}
diff --git a/fuzzers/icu_converter_fuzzer.cc b/fuzzers/icu_converter_fuzzer.cc
new file mode 100644
index 0000000..9b8102d
--- /dev/null
+++ b/fuzzers/icu_converter_fuzzer.cc
@@ -0,0 +1,45 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <algorithm>
+#include <array>
+#include <memory>
+#include <vector>
+
+#include "third_party/icu/source/common/unicode/unistr.h"
+#include "third_party/icu/source/common/unicode/ucnv.h"
+#include "third_party/icu/fuzzers/fuzzer_utils.h"
+
+IcuEnvironment* env = new IcuEnvironment();
+
+template <typename T>
+using deleted_unique_ptr = std::unique_ptr<T, std::function<void(T*)>>;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ UErrorCode status = U_ZERO_ERROR;
+ auto rng = CreateRng(data, size);
+ icu::UnicodeString str(UnicodeStringFromUtf8(data, size));
+
+ const char* converter_name =
+ ucnv_getAvailableName(rng() % ucnv_countAvailable());
+
+ deleted_unique_ptr<UConverter> converter(ucnv_open(converter_name, &status),
+ &ucnv_close);
+
+ if (U_FAILURE(status))
+ return 0;
+
+ static const size_t dest_buffer_size = 1024 * 1204;
+ static const std::unique_ptr<char[]> dest_buffer(new char[dest_buffer_size]);
+
+ str.extract(dest_buffer.get(), dest_buffer_size, converter.get(), status);
+
+ if (U_FAILURE(status))
+ return 0;
+
+ return 0;
+}