[iOS fuzzer] Fixed crashes in chrome_app_startup_parameters fuzzer
Fixed two issues with crashing in the three fuzzers for
chrome_app_startup_parameters. An AtExitManager was added into the
fuzzer's environment, which is needed as a callback for CHECKs that
naturally fail in the fuzzer's limited environment. Also, we
instantiate the i18n library since it is needed by GURL inside the
fuzzed function with i18n::InitializeICU().
Bug: 1523661
Change-Id: I8a4e6bf2b3410c65b119fad006c3ac24fb34145e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5253738
Reviewed-by: Gauthier Ambard <gambard@chromium.org>
Commit-Queue: Nicolas MacBeth <nicolasmacbeth@google.com>
Cr-Commit-Position: refs/heads/main@{#1255612}
diff --git a/ios/chrome/app/startup/BUILD.gn b/ios/chrome/app/startup/BUILD.gn
index 4bc4927..b07dc39 100644
--- a/ios/chrome/app/startup/BUILD.gn
+++ b/ios/chrome/app/startup/BUILD.gn
@@ -131,6 +131,7 @@
public_deps = [
":startup",
"//base",
+ "//base:i18n",
"//base/test:test_support",
"//ios/chrome/app:tests_fake_hook",
"//ios/chrome/browser/providers:chromium_providers",
diff --git a/ios/chrome/app/startup/chrome_app_startup_parameters_external_actions_fuzzer.mm b/ios/chrome/app/startup/chrome_app_startup_parameters_external_actions_fuzzer.mm
index baa8354..ce0788c 100644
--- a/ios/chrome/app/startup/chrome_app_startup_parameters_external_actions_fuzzer.mm
+++ b/ios/chrome/app/startup/chrome_app_startup_parameters_external_actions_fuzzer.mm
@@ -4,7 +4,17 @@
#import "ios/chrome/app/startup/chrome_app_startup_parameters.h"
+#import "base/at_exit.h"
+#import "base/i18n/icu_util.h"
+
+struct Environment {
+ Environment() { CHECK(base::i18n::InitializeICU()); }
+ base::AtExitManager at_exit;
+};
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static Environment env;
+
std::string str = std::string(reinterpret_cast<const char*>(data), size);
NSString* formatted_string = [NSString
diff --git a/ios/chrome/app/startup/chrome_app_startup_parameters_googlechromes_fuzzer.mm b/ios/chrome/app/startup/chrome_app_startup_parameters_googlechromes_fuzzer.mm
index 69e90a26..f41b14c 100644
--- a/ios/chrome/app/startup/chrome_app_startup_parameters_googlechromes_fuzzer.mm
+++ b/ios/chrome/app/startup/chrome_app_startup_parameters_googlechromes_fuzzer.mm
@@ -4,7 +4,17 @@
#import "ios/chrome/app/startup/chrome_app_startup_parameters.h"
+#import "base/at_exit.h"
+#import "base/i18n/icu_util.h"
+
+struct Environment {
+ Environment() { CHECK(base::i18n::InitializeICU()); }
+ base::AtExitManager at_exit;
+};
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static Environment env;
+
std::string str = std::string(reinterpret_cast<const char*>(data), size);
NSString* formatted_string =
diff --git a/ios/chrome/app/startup/chrome_app_startup_parameters_scheme_fuzzer.mm b/ios/chrome/app/startup/chrome_app_startup_parameters_scheme_fuzzer.mm
index 8b20108..0396b77 100644
--- a/ios/chrome/app/startup/chrome_app_startup_parameters_scheme_fuzzer.mm
+++ b/ios/chrome/app/startup/chrome_app_startup_parameters_scheme_fuzzer.mm
@@ -4,7 +4,17 @@
#import "ios/chrome/app/startup/chrome_app_startup_parameters.h"
+#import "base/at_exit.h"
+#import "base/i18n/icu_util.h"
+
+struct Environment {
+ Environment() { CHECK(base::i18n::InitializeICU()); }
+ base::AtExitManager at_exit;
+};
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static Environment env;
+
std::string str = std::string(reinterpret_cast<const char*>(data), size);
NSString* formatted_string = [NSString stringWithFormat:@"%s", str.c_str()];