ICU-22479 Add fuzzer for RelativeTimeFormatFuzzer

And also fix a bug by checking the unit
2025-04-16 10:17:23 +00:00 · 2023-09-21 12:51:48 -07:00 · 2023-09-21 12:51:48 -07:00 · 77bc51e03e
commit 77bc51e03e
parent 263db44a3a
3 changed files with 107 additions and 2 deletions
--- a/icu4c/source/i18n/reldatefmt.cpp
+++ b/icu4c/source/i18n/reldatefmt.cpp
@ -1027,6 +1027,10 @@ void RelativeDateTimeFormatter::formatNumericImpl(
    if (U_FAILURE(status)) {
        return;
    }
+    if (unit < 0 || UDAT_REL_UNIT_COUNT <= unit) {
+        status = U_ILLEGAL_ARGUMENT_ERROR;
+        return;
+    }
    UDateDirection direction = UDAT_DIRECTION_NEXT;
    if (std::signbit(offset)) { // needed to handle -0.0
        direction = UDAT_DIRECTION_LAST;
@ -1095,7 +1099,9 @@ void RelativeDateTimeFormatter::formatAbsoluteImpl(
    if (U_FAILURE(status)) {
        return;
    }
-    if (unit == UDAT_ABSOLUTE_NOW && direction != UDAT_DIRECTION_PLAIN) {
+    if ((unit < 0 || UDAT_ABSOLUTE_UNIT_COUNT <= unit) ||
+        (direction < 0 || UDAT_DIRECTION_COUNT <= direction) ||
+        (unit == UDAT_ABSOLUTE_NOW && direction != UDAT_DIRECTION_PLAIN)) {
        status = U_ILLEGAL_ARGUMENT_ERROR;
        return;
    }
--- a/icu4c/source/test/fuzzer/Makefile.in
+++ b/icu4c/source/test/fuzzer/Makefile.in
@ -33,7 +33,7 @@ CPPFLAGS += -I$(srcdir) -I$(top_srcdir)/common -I$(top_srcdir)/i18n -I$(top_srcd
 DEFS += -D'U_TOPSRCDIR="$(top_srcdir)/"' -D'U_TOPBUILDDIR="$(BUILDDIR)"'
 LIBS = $(LIBCTESTFW) $(LIBICUTOOLUTIL) $(LIBICUIO) $(LIBICUI18N) $(LIBICUUC) $(DEFAULT_LIBS) $(LIB_M)

-FUZZER_TARGETS = break_iterator_fuzzer calendar_fuzzer collator_compare_fuzzer collator_rulebased_fuzzer converter_fuzzer date_format_fuzzer list_format_fuzzer locale_fuzzer locale_morph_fuzzer number_format_fuzzer ucasemap_fuzzer uloc_canonicalize_fuzzer uloc_for_language_tag_fuzzer uloc_get_name_fuzzer uloc_is_right_to_left_fuzzer uloc_open_keywords_fuzzer unicode_string_codepage_create_fuzzer uregex_open_fuzzer
+FUZZER_TARGETS = break_iterator_fuzzer calendar_fuzzer collator_compare_fuzzer collator_rulebased_fuzzer converter_fuzzer date_format_fuzzer list_format_fuzzer locale_fuzzer locale_morph_fuzzer number_format_fuzzer relative_date_time_formatter_fuzzer ucasemap_fuzzer uloc_canonicalize_fuzzer uloc_for_language_tag_fuzzer uloc_get_name_fuzzer uloc_is_right_to_left_fuzzer uloc_open_keywords_fuzzer unicode_string_codepage_create_fuzzer uregex_open_fuzzer

 OBJECTS = $(FUZZER_TARGETS:%=%.o)
 OBJECTS += fuzzer_driver.o locale_util.o
--- a/icu4c/source/test/fuzzer/relative_date_time_formatter_fuzzer.cpp
+++ b/icu4c/source/test/fuzzer/relative_date_time_formatter_fuzzer.cpp
@ -0,0 +1,99 @@
+// © 2023 and later: Unicode, Inc. and others.
+// License & terms of use: http://www.unicode.org/copyright.html
+
+// Fuzzer for ICU RelativeDateTimeFormatter.
+
+#include <cstring>
+
+#include "fuzzer_utils.h"
+
+#include "unicode/reldatefmt.h"
+#include "unicode/locid.h"
+
+const UDisplayContext validCapitalizations[] = {
+    UDISPCTX_CAPITALIZATION_NONE,
+    UDISPCTX_CAPITALIZATION_FOR_MIDDLE_OF_SENTENCE,
+    UDISPCTX_CAPITALIZATION_FOR_BEGINNING_OF_SENTENCE,
+    UDISPCTX_CAPITALIZATION_FOR_UI_LIST_OR_MENU,
+    UDISPCTX_CAPITALIZATION_FOR_STANDALONE
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    uint16_t rnd;
+    UDateRelativeDateTimeFormatterStyle style;
+    UDisplayContext context;
+    if (size < sizeof(rnd) + sizeof(style) + sizeof(context) ) return 0;
+    icu::StringPiece fuzzData(reinterpret_cast<const char *>(data), size);
+
+    std::memcpy(&rnd, fuzzData.data(), sizeof(rnd));
+    icu::Locale locale = GetRandomLocale(rnd);
+    fuzzData.remove_prefix(sizeof(rnd));
+
+    std::memcpy(&style, fuzzData.data(), sizeof(style));
+    fuzzData.remove_prefix(sizeof(style));
+
+    std::memcpy(&context, fuzzData.data(), sizeof(context));
+    fuzzData.remove_prefix(sizeof(context));
+
+    UErrorCode status = U_ZERO_ERROR;
+    // Test all range of style and context
+    std::unique_ptr<icu::RelativeDateTimeFormatter> formatter(
+        new icu::RelativeDateTimeFormatter(
+            locale, nullptr, style, context, status));
+    status = U_ZERO_ERROR;
+
+    // Then we test with only valid style and context
+    style = static_cast<UDateRelativeDateTimeFormatterStyle>(
+        static_cast<int>(style) % UDAT_STYLE_COUNT);
+    context = validCapitalizations[
+        static_cast<int>(context) %
+            (sizeof(validCapitalizations) / sizeof(UDisplayContext))];
+    formatter.reset(new icu::RelativeDateTimeFormatter(
+        locale, nullptr, style, context, status));
+
+    if (U_SUCCESS(status)) {
+        URelativeDateTimeUnit unit;
+        UDateAbsoluteUnit aunit;
+        UDateDirection dir;
+        double number;
+        while (fuzzData.length() >
+               static_cast<int>(sizeof(unit) + sizeof(number))) {
+            // unit and aunit share the same bytes.
+            std::memcpy(&unit, fuzzData.data(), sizeof(unit));
+            std::memcpy(&aunit, fuzzData.data(), sizeof(aunit));
+            fuzzData.remove_prefix(sizeof(unit));
+
+            // number and dir share the same bytes.
+            std::memcpy(&number, fuzzData.data(), sizeof(number));
+            std::memcpy(&dir, fuzzData.data(), sizeof(dir));
+            fuzzData.remove_prefix(sizeof(number));
+
+            // Test with any values for unit, aunit and dir
+            status = U_ZERO_ERROR;
+            icu::FormattedRelativeDateTime formatted =
+                formatter->formatNumericToValue(number, unit, status);
+            status = U_ZERO_ERROR;
+            formatted = formatter->formatToValue(number, unit, status);
+
+            status = U_ZERO_ERROR;
+            formatted = formatter->formatToValue(dir, aunit, status);
+
+            // Test with valid values for unit and aunit
+            unit = static_cast<URelativeDateTimeUnit>(
+                static_cast<int>(unit) % UDAT_REL_UNIT_COUNT);
+            aunit = static_cast<UDateAbsoluteUnit>(
+                static_cast<int>(aunit) % UDAT_ABSOLUTE_UNIT_COUNT);
+            dir = static_cast<UDateDirection>(
+                static_cast<int>(dir) % UDAT_DIRECTION_COUNT);
+
+            status = U_ZERO_ERROR;
+            formatted = formatter->formatNumericToValue(number, unit, status);
+            status = U_ZERO_ERROR;
+            formatted = formatter->formatToValue(number, unit, status);
+            status = U_ZERO_ERROR;
+            formatted = formatter->formatToValue(dir, aunit, status);
+        }
+    }
+
+    return EXIT_SUCCESS;
+}