// Copyright 2021 The PDFium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include <fuzzer/FuzzedDataProvider.h>

#include <cctype>
#include <string>

#include "public/fpdf_formfill.h"
#include "testing/fuzzers/pdf_fuzzer_templates.h"
#include "testing/fuzzers/pdfium_fuzzer_helper.h"

class PDFiumXFAFuzzer : public PDFiumFuzzerHelper {
 public:
  PDFiumXFAFuzzer() = default;
  ~PDFiumXFAFuzzer() override = default;

  int GetFormCallbackVersion() const override { return 2; }

  // Return false if XFA doesn't load as otherwise we're duplicating the work
  // done by the non-xfa fuzzer.
  bool OnFormFillEnvLoaded(FPDF_DOCUMENT doc) override {
    int form_type = FPDF_GetFormType(doc);
    if (form_type != FORMTYPE_XFA_FULL && form_type != FORMTYPE_XFA_FOREGROUND)
      return false;
    return FPDF_LoadXFA(doc);
  }
};

bool IsValidForFuzzing(const uint8_t* data, size_t size) {
  if (size > 2048) {
    return false;
  }

  const char* ptr = reinterpret_cast<const char*>(data);
  bool is_open = false;
  size_t tag_size = 0;
  for (size_t i = 0; i < size; i++) {
    if (!std::isspace(ptr[i]) && !std::isprint(ptr[i])) {
      return false;
    }

    // We do not want any script tags. The reason is this fuzzer
    // should avoid exploring v8 code. Avoiding anything with "script"
    // is an over-approximation, in that some inputs may contain "script"
    // and still be a valid fuzz-case. However, this over-approximation is
    // used to enforce strict constraints and avoid cases where whitespace
    // may play a role, or other tags, e.g. "Javascript" will end up triggering
    // large explorations of v8 code. The alternative we considered were
    // "<script"
    if (i + 6 < size && memcmp(ptr + i, "script", 6) == 0) {
      return false;
    }

    if (ptr[i] == '<') {
      if (is_open) {
        return false;
      }
      is_open = true;
      tag_size = 0;
    } else if (ptr[i] == '>') {
      if (!is_open || tag_size == 0) {
        return false;
      }
      is_open = false;
    } else if (is_open) {
      tag_size++;
    }
  }
  // we must close the last bracket.
  return !is_open;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Filter the string to reduce the state space exploration.
  if (!IsValidForFuzzing(data, size)) {
    return 0;
  }
  std::string xfa_string = "<xdp xmlns=\"http://ns.adobe.com/xdp/\">";
  xfa_string += std::string(reinterpret_cast<const char*>(data), size);
  xfa_string += "</xdp>";

  // Add 1 for newline before endstream.
  std::string xfa_stream_len = std::to_string(xfa_string.size() + 1);

  // Compose the fuzzer
  std::string xfa_final_str = std::string(kSimplePdfTemplate);
  xfa_final_str.replace(xfa_final_str.find("$1"), 2, xfa_stream_len);
  xfa_final_str.replace(xfa_final_str.find("$2"), 2, xfa_string);

#ifdef PDFIUM_FUZZER_DUMP
  for (size_t i = 0; i < xfa_final_str.size(); i++) {
    putc(xfa_final_str[i], stdout);
  }
#endif

  PDFiumXFAFuzzer fuzzer;
  fuzzer.RenderPdf(xfa_final_str.c_str(), xfa_final_str.size());
  return 0;
}