From 96b75fa24527a1475525b4c12d30fe365b6f9650 Mon Sep 17 00:00:00 2001
From: Paul Wankadia <junyer@google.com>
Date: Mon, 25 Feb 2019 19:26:09 -0800
Subject: [PATCH] Make the fuzzer handle \p and \P specially.

Change-Id: I7390d0474e4e9fd8cfb86be49f3a308b6e2ccde6
Reviewed-on: https://code-review.googlesource.com/c/38570
Reviewed-by: Paul Wankadia <junyer@google.com>
---
 re2/fuzzing/re2_fuzzer.cc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/re2/fuzzing/re2_fuzzer.cc b/re2/fuzzing/re2_fuzzer.cc
index 83971a1bb..5e5d324ee 100644
--- a/re2/fuzzing/re2_fuzzer.cc
+++ b/re2/fuzzing/re2_fuzzer.cc
@@ -113,10 +113,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   // in timeouts nonetheless. The marginal cost is high - even more so when
   // counted repetition is involved - whereas the marginal benefit is zero.
   // TODO(junyer): Handle [:isalnum:] et al. when they start to cause pain.
-  int cc = 0;
+  int char_class = 0;
+  int backslash_p = 0;  // very expensive, so handle specially
   for (size_t i = 0; i < size; i++) {
     if (data[i] == '.')
-      cc++;
+      char_class++;
     if (data[i] != '\\')
       continue;
     i++;
@@ -126,9 +127,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
         data[i] == 'd' || data[i] == 'D' ||
         data[i] == 's' || data[i] == 'S' ||
         data[i] == 'w' || data[i] == 'W')
-      cc++;
+      char_class++;
+    if (data[i] == 'p' || data[i] == 'P')
+      backslash_p++;
   }
-  if (cc > 9)
+  if (char_class > 9)
+    return 0;
+  if (backslash_p > 1)
     return 0;
 
   // The one-at-a-time hash by Bob Jenkins.