Update re2 fuzzer to follow the upstream version.

testing/libfuzzer/fuzzers/re2_fuzzer.cc

-// Copyright (c) 2016 The Chromium Authors. All rights reserved.
+// Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+// Copyright 2016 The RE2 Authors.  All Rights Reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
 #include <stddef.h>
 #include <stdint.h>
 
+#include <map>
 #include <string>
 
 #include "re2/re2.h"
 #include "util/logging.h"
 
+using re2::StringPiece;
 using std::string;
 
-void Test(const string& buffer, const string& pattern,
-          const RE2::Options& options) {
+// NOT static, NOT signed.
+uint8_t dummy = 0;
+
+void Test(StringPiece pattern, const RE2::Options& options, StringPiece text) {
   RE2 re(pattern, options);
   if (!re.ok())
     return;
 
-  string m1, m2;
-  int i1, i2;
-  double d1;
+  // Don't waste time fuzzing high-fanout programs.
+  // (They can also cause bug reports due to fuzzer timeouts.)
+  std::map<int, int> histogram;
+  int fanout = re.ProgramFanout(&histogram);
+  if (fanout > 9)
+    return;
 
-  if (re.NumberOfCapturingGroups() == 0) {
-    RE2::FullMatch(buffer, re);
-    RE2::PartialMatch(buffer, re);
-  } else if (re.NumberOfCapturingGroups() == 1) {
-    RE2::FullMatch(buffer, re, &m1);
-    RE2::PartialMatch(buffer, re, &i1);
-  } else if (re.NumberOfCapturingGroups() == 2) {
-    RE2::FullMatch(buffer, re, &i1, &i2);
-    RE2::PartialMatch(buffer, re, &m1, &m2);
-  }
+  StringPiece sp1, sp2, sp3, sp4;
+  string s1, s2, s3, s4;
+  int i1, i2, i3, i4;
+  double d1, d2, d3, d4;
 
-  re2::StringPiece input(buffer);
-  RE2::Consume(&input, re, &m1);
-  RE2::FindAndConsume(&input, re, &d1);
-  string tmp1(buffer);
-  RE2::Replace(&tmp1, re, "zz");
-  string tmp2(buffer);
-  RE2::GlobalReplace(&tmp2, re, "xx");
-  RE2::QuoteMeta(re2::StringPiece(pattern));
+  RE2::FullMatch(text, re, &sp1, &sp2, &sp3, &sp4);
+  RE2::PartialMatch(text, re, &s1, &s2, &s3, &s4);
+
+  sp1 = sp2 = text;
+  RE2::Consume(&sp1, re, &i1, &i2, &i3, &i4);
+  RE2::FindAndConsume(&sp2, re, &d1, &d2, &d3, &d4);
+
+  s3 = s4 = text.ToString();
+  RE2::Replace(&s3, re, "");
+  RE2::GlobalReplace(&s4, re, "");
+
+  // Exercise some other API functionality.
+  dummy += re.NumberOfCapturingGroups();
+  dummy += RE2::QuoteMeta(pattern).size();
 }
 
-// Entry point for LibFuzzer.
+// Entry point for libFuzzer.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  if (size < 1)
+  if (size == 0 || size > 1024)
     return 0;
 
+  // The one-at-a-time hash by Bob Jenkins.
+  uint32_t hash = 0;
+  for (size_t i = 0; i < size; i++) {
+    hash += data[i];
+    hash += (hash << 10);
+    hash ^= (hash >> 6);
+  }
+  hash += (hash << 3);
+  hash ^= (hash >> 11);
+  hash += (hash << 15);
+
   re2::FLAGS_minloglevel = 3;
   RE2::Options options;
+  options.set_log_errors(false);
+  options.set_encoding(hash & 1 ? RE2::Options::EncodingLatin1
+                                : RE2::Options::EncodingUTF8);
+  options.set_posix_syntax(hash & 2);
+  options.set_longest_match(hash & 4);
+  options.set_literal(hash & 8);
+  options.set_never_nl(hash & 16);
+  options.set_dot_nl(hash & 32);
+  options.set_never_capture(hash & 64);
+  options.set_case_sensitive(hash & 128);
+  options.set_perl_classes(hash & 256);
+  options.set_word_boundary(hash & 512);
+  options.set_one_line(hash & 1024);
 
-  size_t options_randomizer = 0;
-  for (size_t i = 0; i < size; i++)
-    options_randomizer += data[i];
+  const char* ptr = reinterpret_cast<const char*>(data);
+  int len = static_cast<int>(size);
 
-  if (options_randomizer & 1)
-    options.set_encoding(RE2::Options::EncodingLatin1);
+  StringPiece pattern(ptr, len);
+  StringPiece text(ptr, len);
+  Test(pattern, options, text);
 
-  options.set_posix_syntax(options_randomizer & 2);
-  options.set_longest_match(options_randomizer & 4);
-  options.set_literal(options_randomizer & 8);
-  options.set_never_nl(options_randomizer & 16);
-  options.set_dot_nl(options_randomizer & 32);
-  options.set_never_capture(options_randomizer & 64);
-  options.set_case_sensitive(options_randomizer & 128);
-  options.set_perl_classes(options_randomizer & 256);
-  options.set_word_boundary(options_randomizer & 512);
-  options.set_one_line(options_randomizer & 1024);
+  for (int i = 2; i <= 4; i++) {
+    if (len < i)
+      break;
 
-  options.set_log_errors(false);
-
-  const char* data_input = reinterpret_cast<const char*>(data);
-  {
-    string pattern(data_input, size);
-    string buffer(data_input, size);
-    Test(buffer, pattern, options);
-  }
-
-  if (size >= 3) {
-    string pattern(data_input, size / 3);
-    string buffer(data_input + size / 3, size - size / 3);
-    Test(buffer, pattern, options);
+    int frac = len / i;
+    pattern = StringPiece(ptr, frac);
+    text = StringPiece(ptr + frac, len - frac);
+    Test(pattern, options, text);
   }
 
   return 0;
 }