From 6d9746dcc92fe3934abb91309100716d0e257abb Mon Sep 17 00:00:00 2001
From: Mikhail Khachayants <mkhachaiants@gmail.com>
Date: Sun, 5 Jan 2025 23:08:00 +0200
Subject: [PATCH] uriparser: move fuzz targets upstream

---
 projects/uriparser/Dockerfile                 |   2 +-
 projects/uriparser/build.sh                   |  19 ++-
 .../uri_dissect_query_malloc_fuzzer.cc        |  61 ---------
 projects/uriparser/uri_free_fuzzer.cc         |  29 -----
 projects/uriparser/uri_parse_fuzzer.cc        | 120 ------------------
 5 files changed, 10 insertions(+), 221 deletions(-)
 delete mode 100644 projects/uriparser/uri_dissect_query_malloc_fuzzer.cc
 delete mode 100644 projects/uriparser/uri_free_fuzzer.cc
 delete mode 100644 projects/uriparser/uri_parse_fuzzer.cc

diff --git a/projects/uriparser/Dockerfile b/projects/uriparser/Dockerfile
index 0f6ba06eeb9c..b08159c05433 100644
--- a/projects/uriparser/Dockerfile
+++ b/projects/uriparser/Dockerfile
@@ -18,4 +18,4 @@ FROM gcr.io/oss-fuzz-base/base-builder
 RUN apt-get update && apt-get install -y make autoconf automake wget sudo libtool cmake
 RUN git clone --depth 1 https://github.com/uriparser/uriparser uriparser
 WORKDIR uriparser
-COPY build.sh *.cc $SRC/
+COPY build.sh "$SRC/"
diff --git a/projects/uriparser/build.sh b/projects/uriparser/build.sh
index 3b7054de7bd9..4bab04b19634 100755
--- a/projects/uriparser/build.sh
+++ b/projects/uriparser/build.sh
@@ -18,14 +18,13 @@
 # build project
 mkdir -p build
 cd build
-cmake -DCMAKE_BUILD_TYPE=Release -DURIPARSER_BUILD_DOCS:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=OFF -DURIPARSER_BUILD_TESTS:BOOL=OFF ..
+cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \
+      -DURIPARSER_OSSFUZZ_BUILD=ON \
+      -DURIPARSER_BUILD_FUZZERS=ON \
+      -DURIPARSER_BUILD_DOCS=OFF \
+      -DURIPARSER_BUILD_TESTS=OFF \
+      -DURIPARSER_BUILD_TOOLS=OFF \
+      -DURIPARSER_ENABLE_INSTALL=OFF \
+      ..
 make
-make install
-
-# build fuzzers
-for fuzzers in $(find $SRC -name '*_fuzzer.cc'); do
-  fuzz_basename=$(basename -s .cc $fuzzers)
-  $CXX $CXXFLAGS -std=c++11 -I. \
-  $fuzzers $LIB_FUZZING_ENGINE ./liburiparser.a  \
-  -o $OUT/$fuzz_basename
-done
+cp fuzz/*_fuzzer "$OUT/"
diff --git a/projects/uriparser/uri_dissect_query_malloc_fuzzer.cc b/projects/uriparser/uri_dissect_query_malloc_fuzzer.cc
deleted file mode 100644
index 3714f85713ee..000000000000
--- a/projects/uriparser/uri_dissect_query_malloc_fuzzer.cc
+++ /dev/null
@@ -1,61 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Fuzz UriQuery.c:
-//   uriDissectQueryMallocA
-//   uriComposeQueryA
-
-#include <cstddef>
-#include <cstdint>
-#include <string>
-#include <utility>
-#include <vector>
-
-using std::string;
-#include "uriparser/include/uriparser/Uri.h"
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-
-  const string query(reinterpret_cast<const char *>(data), size);
-
-  UriQueryListA *query_list = nullptr;
-  int item_count = -1;
-
-  const char *query_start = query.c_str();
-  const char *query_end = query_start + size;
-
-  // Break a query like "a=b&2=3" into key/value pairs.
-  int result =
-      uriDissectQueryMallocA(&query_list, &item_count, query_start, query_end);
-
-  if (query_list == nullptr || result != URI_SUCCESS || item_count < 0)
-    return 0;
-
-  int chars_required = 0;
-  if (uriComposeQueryCharsRequiredA(query_list, &chars_required) != URI_SUCCESS)
-    return 0;
-
-  if (!chars_required) {
-    uriFreeQueryListA(query_list);
-    return 0;
-  }
-
-  std::vector<char> buf(chars_required, 0);
-  int written = -1;
-  // Reverse the process of uriDissectQueryMallocA.
-  result = uriComposeQueryA(buf.data(), query_list, chars_required, &written);
-
-  uriFreeQueryListA(query_list);
-  return 0;
-}
diff --git a/projects/uriparser/uri_free_fuzzer.cc b/projects/uriparser/uri_free_fuzzer.cc
deleted file mode 100644
index 1ed647a47a86..000000000000
--- a/projects/uriparser/uri_free_fuzzer.cc
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <cstddef>
-#include <cstdint>
-#include <string>
-
-#include "uriparser/include/uriparser/Uri.h"
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  std::basic_string<char> fuzz_uri(reinterpret_cast<const char *>(data), size);
-  UriParserStateA state;
-  UriUriA uriA;
-  state.uri = &uriA;
-  uriParseUriA(&state, fuzz_uri.c_str());
-  uriFreeUriMembersA(&uriA);
-  return 0;
-}
diff --git a/projects/uriparser/uri_parse_fuzzer.cc b/projects/uriparser/uri_parse_fuzzer.cc
deleted file mode 100644
index 4eca6698e3c5..000000000000
--- a/projects/uriparser/uri_parse_fuzzer.cc
+++ /dev/null
@@ -1,120 +0,0 @@
-// Copyright 2020 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#include <cstddef>
-#include <cstring>
-#include <string>
-#include <vector>
-#include <fuzzer/FuzzedDataProvider.h>
-
-using std::string;
-#include "uriparser/include/uriparser/Uri.h"
-#include "uriparser/include/uriparser/UriIp4.h"
-
-class UriParserA {
- public:
-  UriParserA() { memset((void *)&uri_, 0, sizeof(uri_)); }
-  ~UriParserA() { uriFreeUriMembersA(&uri_); }
-
-  UriUriA *get_mutable_uri() { return &uri_; }
-  UriUriA *get_uri() const { return const_cast<UriUriA *>(&uri_); }
-
- private:
-  UriUriA uri_;
-};
-
-void Escapes(const string &uri) {
-  const char *first = uri.c_str();
-  // A new line char takes 6 char to encode.
-  // Use a vector to make a C string.
-  std::vector<char> buf1(uri.size() * 6 + 1);
-  std::vector<char> buf2(uri.size() * 3 + 1);
-
-  char *result;
-  result = uriEscapeA(first, &buf1[0], URI_TRUE, URI_TRUE);
-  result = uriEscapeA(first, &buf1[0], URI_FALSE, URI_TRUE);
-  if (buf1.data()) uriUnescapeInPlaceA(&buf1[0]);
-
-  result = uriEscapeA(first, &buf2[0], URI_TRUE, URI_FALSE);
-  result = uriEscapeA(first, &buf2[0], URI_FALSE, URI_FALSE);
-  if (buf2.data()) uriUnescapeInPlaceA(&buf2[0]);
-}
-
-void FileNames(const string &uri) {
-  const size_t size = 8 + 3 * uri.size() + 1;
-  std::vector<char> buf(size);
-
-  uriUnixFilenameToUriStringA(uri.c_str(), &buf[0]);
-  uriWindowsFilenameToUriStringA(uri.c_str(), &buf[0]);
-  uriUriStringToUnixFilenameA(uri.c_str(), &buf[0]);
-  uriUriStringToWindowsFilenameA(uri.c_str(), &buf[0]);
-}
-
-int uriParseIpFourAddressA(unsigned char *octetOutput, const char *first,
-                           const char *afterLast);
-
-void Ipv4(const string &s) {
-  const char *cstr = s.c_str();
-  unsigned char result[4] = {};
-  uriParseIpFourAddressA(result, cstr, &cstr[s.size()]);
-}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-
-  FuzzedDataProvider stream(data, size);
-  bool domainRelative = stream.ConsumeBool();
-  size_t uriSize = stream.remaining_bytes() / 2;
-
-  const string uri1 = stream.ConsumeBytesAsString(uriSize);
-  const string uri2 = stream.ConsumeRemainingBytesAsString();
-
-  Escapes(uri1);
-  Escapes(uri2);
-
-  FileNames(uri1);
-  FileNames(uri2);
-
-  Ipv4(uri1);
-  Ipv4(uri2);
-
-  UriParserA parser1;
-  UriParserStateA state1;
-  state1.uri = parser1.get_mutable_uri();
-  if (uriParseUriA(&state1, uri1.c_str()) != URI_SUCCESS)
-    return 0;
-
-  char buf[1024 * 8] = {0};
-  int written = 0;
-  uriToStringA(buf, state1.uri, sizeof(buf), &written);
-
-  UriParserA parser2;
-  UriParserStateA state2;
-  state2.uri = parser2.get_mutable_uri();
-  if (uriParseUriA(&state2, uri2.c_str()) != URI_SUCCESS)
-    return 0;
-
-  uriEqualsUriA(state1.uri, state2.uri);
-
-  uriNormalizeSyntaxA(state1.uri);
-
-  UriUriA absUri;
-  uriAddBaseUriA(&absUri, state1.uri, state2.uri);
-  uriFreeUriMembersA(&absUri);
-
-  UriUriA relUri;
-  uriRemoveBaseUriA(&relUri, state1.uri, state2.uri, domainRelative);
-  uriFreeUriMembersA(&relUri);
-
-  return 0;
-}