From bff3b9e5d1eb096e7ae3340e13426728ae14c06b Mon Sep 17 00:00:00 2001
From: Paul Dreik <github@pauldreik.se>
Date: Mon, 23 Aug 2021 08:50:25 +0200
Subject: [PATCH] add fuzzers for chrono timepoint and localtime,gmtime

---
 test/fuzzing/CMakeLists.txt        |  2 +-
 test/fuzzing/chrono-timepoint.cc   | 51 ++++++++++++++++++++++++++++++
 test/fuzzing/timefunc-localtime.cc | 30 ++++++++++++++++++
 3 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 test/fuzzing/chrono-timepoint.cc
 create mode 100644 test/fuzzing/timefunc-localtime.cc

diff --git a/test/fuzzing/CMakeLists.txt b/test/fuzzing/CMakeLists.txt
index 2f716d83..14537bf8 100644
--- a/test/fuzzing/CMakeLists.txt
+++ b/test/fuzzing/CMakeLists.txt
@@ -25,6 +25,6 @@ function(add_fuzzer source)
   target_compile_features(${name} PRIVATE cxx_generic_lambdas)
 endfunction()
 
-foreach (source chrono-duration.cc float.cc named-arg.cc one-arg.cc two-args.cc)
+foreach (source chrono-duration.cc chrono-timepoint.cc float.cc named-arg.cc one-arg.cc two-args.cc timefunc-localtime.cc)
   add_fuzzer(${source})
 endforeach ()
diff --git a/test/fuzzing/chrono-timepoint.cc b/test/fuzzing/chrono-timepoint.cc
new file mode 100644
index 00000000..a9fd0a84
--- /dev/null
+++ b/test/fuzzing/chrono-timepoint.cc
@@ -0,0 +1,51 @@
+// Copyright (c) 2021, Paul Dreik
+// For license information refer to format.h.
+#include <fmt/chrono.h>
+
+#include "fuzzer-common.h"
+
+/*
+ * a fuzzer for the chrono timepoints formatters
+ * C is a clock (std::chrono::system_clock etc)
+ */
+template <typename C> void doit(const uint8_t* data, size_t size) {
+  using D = typename C::duration;
+  using TP = typename C::time_point;
+  using Rep = typename TP::rep;
+  constexpr auto N = sizeof(Rep);
+  if (size < N) return;
+
+  const auto x = assign_from_buf<Rep>(data);
+  D dur{x};
+  TP timepoint{dur};
+  data += N;
+  size -= N;
+  data_to_string format_str(data, size);
+
+  std::string message = fmt::format(format_str.get(), timepoint);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  if (size < 1) return 0;
+  const auto action = data[0] & 0b11;
+  data += 1;
+  size -= 1;
+
+  try {
+    switch (action) {
+    case 0:
+      doit<std::chrono::system_clock>(data, size);
+      break;
+    case 1:
+      // won't compile
+      // doit<std::chrono::steady_clock>(data,size);
+      break;
+    case 2:
+      // may be the same as system_clock
+      doit<std::chrono::high_resolution_clock>(data, size);
+      break;
+    }
+  } catch (...) {
+  }
+  return 0;
+}
diff --git a/test/fuzzing/timefunc-localtime.cc b/test/fuzzing/timefunc-localtime.cc
new file mode 100644
index 00000000..d23ca58b
--- /dev/null
+++ b/test/fuzzing/timefunc-localtime.cc
@@ -0,0 +1,30 @@
+// Copyright (c) 2021, Paul Dreik
+// For license information refer to format.h.
+#include <fmt/chrono.h>
+
+#include "fuzzer-common.h"
+
+/*
+ * a fuzzer for fmt::localtime and fmt::gmtime
+ */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  constexpr auto N = sizeof(std::time_t);
+  if (size != N + 1) return 0;
+
+  const auto action = data[0] & 0x1;
+  const std::time_t x = assign_from_buf<std::time_t>(data + 1);
+
+  try {
+    switch (action) {
+    case 0: {
+      auto ignored = fmt::localtime(x);
+    } break;
+    case 1: {
+      auto ignored = fmt::gmtime(x);
+    } break;
+    }
+
+  } catch (...) {
+  }
+  return 0;
+}