/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */

#include <iostream>

#include "FuzzingInterface.h"
#include "nsComponentManagerUtils.h"
#include "nsCOMPtr.h"
#include "nsIZipReader.h"
#include "nsNetUtil.h"
#include "nsNetCID.h"
#include "nsPrintfCString.h"
#include "nsString.h"
#include "mozilla/Span.h"
#include "mozilla/Unused.h"
#include "nsIInputStream.h"
#include "nsIStringEnumerator.h"

enum FuzzMethodType {
  eTest = 0,
  eGetEntry,
  eHasEntry,
  eFindEntries,
  eInputStream,
  eOpenInner,
  eLastMethod,
};
static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);

template <typename T>
T jar_get_num(char** buf, size_t* size) {
  if (sizeof(T) > *size) {
    return 0;
  }

  T* iptr = reinterpret_cast<T*>(*buf);
  *buf += sizeof(T);
  *size -= sizeof(T);
  return *iptr;
}

nsAutoCString jar_get_string(char** buf, size_t* size) {
  uint8_t len = jar_get_num<uint8_t>(buf, size);
  if (len > *size) {
    len = static_cast<uint8_t>(*size);
  }
  nsAutoCString str(*buf, len);

  *buf += len;
  *size -= len;
  return str;
}

nsresult FuzzEntries(char** buf, size_t* size, nsIZipReader* aReader,
                     const nsACString& aName) {
  uint8_t iters = jar_get_num<uint8_t>(buf, size);
  nsresult rv;
  for (uint8_t i = 0; i < iters; ++i) {
    nsAutoCString out;
    uint64_t written;
    nsCOMPtr<nsIZipEntry> entry;
    nsCOMPtr<nsIInputStream> stream;

    switch (jar_get_num<uint8_t>(buf, size) % eLastMethod) {
      case eTest: {
        rv = aReader->Test(aName);
        NS_ENSURE_SUCCESS(rv, rv);
        break;
      }
      case eGetEntry: {
        rv = aReader->GetEntry(aName, getter_AddRefs(entry));
        NS_ENSURE_SUCCESS(rv, rv);
        break;
      }
      case eHasEntry: {
        bool has = false;
        rv = aReader->HasEntry(aName, &has);
        NS_ENSURE_SUCCESS(rv, rv);
        break;
      }
      case eInputStream:
        rv = aReader->GetInputStream(aName, getter_AddRefs(stream));
        NS_ENSURE_SUCCESS(rv, rv);
        if (NS_FAILED(rv)) {
          break;
        }
        rv = NS_ReadInputStreamToString(stream, out, -1, &written);
        NS_ENSURE_SUCCESS(rv, rv);
        break;
      default:
        break;
    }
  }
  return NS_OK;
}

nsresult FuzzReader(char** buf, size_t* size, nsIZipReader* aReader) {
  nsresult rv;
  nsAutoCString name;
  nsCOMPtr<nsIZipEntry> entry;
  bool has = false;
  nsAutoCString pattern;
  nsCOMPtr<nsIUTF8StringEnumerator> enumerator;
  nsCOMPtr<nsIInputStream> stream;
  bool hasMore;
  nsAutoCString out;
  uint64_t written;
  nsCOMPtr<nsIZipReader> newReader = do_CreateInstance(kZipReaderCID, &rv);
  switch (jar_get_num<uint8_t>(buf, size) % eLastMethod) {
    case eTest:
      rv = aReader->Test(""_ns);
      NS_ENSURE_SUCCESS(rv, rv);
      break;
    case eGetEntry:
      name = jar_get_string(buf, size);
      rv = aReader->GetEntry(name, getter_AddRefs(entry));
      NS_ENSURE_SUCCESS(rv, rv);
      break;
    case eHasEntry:
      name = jar_get_string(buf, size);
      rv = aReader->HasEntry(name, &has);
      NS_ENSURE_SUCCESS(rv, rv);
      break;
    case eFindEntries:
      pattern = jar_get_string(buf, size);
      rv = aReader->FindEntries(pattern, getter_AddRefs(enumerator));
      NS_ENSURE_SUCCESS(rv, rv);
      while (NS_SUCCEEDED(enumerator->HasMore(&hasMore)) && hasMore) {
        if (NS_FAILED(enumerator->GetNext(name))) {
          break;
        }
        rv = FuzzEntries(buf, size, aReader, name);
        NS_ENSURE_SUCCESS(rv, rv);
      }

      break;
    case eInputStream:
      name = jar_get_string(buf, size);
      rv = aReader->GetInputStream(name, getter_AddRefs(stream));
      NS_ENSURE_SUCCESS(rv, rv);
      rv = NS_ReadInputStreamToString(stream, out, -1, &written);
      NS_ENSURE_SUCCESS(rv, rv);
      break;
    case eOpenInner:
      name = jar_get_string(buf, size);
      rv = newReader->OpenInner(aReader, name);
      NS_ENSURE_SUCCESS(rv, rv);
      rv = FuzzReader(buf, size, newReader);
      NS_ENSURE_SUCCESS(rv, rv);
      break;
    default:
      break;
  }
  return rv;
}

static int FuzzingRunJARParser(const uint8_t* data, size_t size) {
  char* buf = (char*)data;
  nsresult rv;

  nsCOMPtr<nsIURI> uri;
  nsAutoCString jardata = jar_get_string(&buf, &size);

  nsCOMPtr<nsIZipReader> reader = do_CreateInstance(kZipReaderCID, &rv);
  rv = reader->OpenMemory((void*)jardata.get(), jardata.Length());
  NS_ENSURE_SUCCESS(rv, 0);

#if 0
  // For easily exporting the last test case that triggered a crash.
  FILE * f = fopen("/tmp/input.jar", "wb");
  fwrite((void*)jardata.get(), 1, jardata.Length(), f);
  fclose(f);
#endif

  uint8_t iters = jar_get_num<uint8_t>(&buf, &size);
  for (uint8_t i = 0; i < iters; ++i) {
    rv = FuzzReader(&buf, &size, reader);
    NS_ENSURE_SUCCESS(rv, 0);
  }

  return 0;
}

MOZ_FUZZING_INTERFACE_RAW(nullptr, FuzzingRunJARParser, JARParser);