unplugged-system/external/pdfium/testing/fuzzers/pdf_cfgas_stringformatter_fuzzer.cc

// Copyright 2019 The PDFium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "xfa/fgas/crt/cfgas_stringformatter.h"

#include <stdint.h>

#include <iterator>

#include "core/fxcrt/cfx_datetime.h"
#include "core/fxcrt/fx_string.h"
#include "public/fpdfview.h"
#include "testing/fuzzers/pdfium_fuzzer_util.h"
#include "testing/fuzzers/xfa_process_state.h"
#include "v8/include/cppgc/heap.h"
#include "v8/include/cppgc/persistent.h"
#include "xfa/fxfa/parser/cxfa_localemgr.h"

namespace {

const wchar_t* const kLocales[] = {L"en", L"fr", L"jp", L"zh"};
const CFGAS_StringFormatter::DateTimeType kTypes[] = {
    CFGAS_StringFormatter::DateTimeType::kDate,
    CFGAS_StringFormatter::DateTimeType::kTime,
    CFGAS_StringFormatter::DateTimeType::kDateTime,
    CFGAS_StringFormatter::DateTimeType::kTimeDate};

}  // namespace

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size < 5 || size > 128)  // Big strings are unlikely to help.
    return 0;

  auto* state = static_cast<XFAProcessState*>(FPDF_GetFuzzerPerProcessState());
  cppgc::Heap* heap = state->GetHeap();

  uint8_t test_selector = data[0] % 10;
  uint8_t locale_selector = data[1] % std::size(kLocales);
  uint8_t type_selector = data[2] % std::size(kTypes);
  data += 3;
  size -= 3;

  size_t pattern_len = size / 2;
  size_t value_len = size - pattern_len;
  WideString pattern =
      WideString::FromLatin1(ByteStringView(data, pattern_len));
  WideString value =
      WideString::FromLatin1(ByteStringView(data + pattern_len, value_len));

  auto fmt = std::make_unique<CFGAS_StringFormatter>(pattern);

  WideString result;
  CFX_DateTime dt;
  switch (test_selector) {
    case 0:
      fmt->FormatText(value, &result);
      break;
    case 1: {
      auto* mgr = cppgc::MakeGarbageCollected<CXFA_LocaleMgr>(
          heap->GetAllocationHandle(), heap, nullptr,
          kLocales[locale_selector]);
      fmt->FormatNum(mgr, value, &result);
      break;
    }
    case 2: {
      auto* mgr = cppgc::MakeGarbageCollected<CXFA_LocaleMgr>(
          heap->GetAllocationHandle(), heap, nullptr,
          kLocales[locale_selector]);
      fmt->FormatDateTime(mgr, value, kTypes[type_selector], &result);
      break;
    }
    case 3: {
      fmt->FormatNull(&result);
      break;
    }
    case 4: {
      fmt->FormatZero(&result);
      break;
    }
    case 5: {
      fmt->ParseText(value, &result);
      break;
    }
    case 6: {
      auto* mgr = cppgc::MakeGarbageCollected<CXFA_LocaleMgr>(
          heap->GetAllocationHandle(), heap, nullptr,
          kLocales[locale_selector]);
      fmt->ParseNum(mgr, value, &result);
      break;
    }
    case 7: {
      auto* mgr = cppgc::MakeGarbageCollected<CXFA_LocaleMgr>(
          heap->GetAllocationHandle(), heap, nullptr,
          kLocales[locale_selector]);
      fmt->ParseDateTime(mgr, value, kTypes[type_selector], &dt);
      break;
    }
    case 8: {
      fmt->ParseNull(value);
      break;
    }
    case 9: {
      fmt->ParseZero(value);
      break;
    }
  }
  state->ForceGCAndPump();
  return 0;
}