Add fuzzer for locale module

AdamKorcz · AdamKorcz · commit a3394d3fe23a · 2026-04-22T21:50:46.000+01:00
Fuzzes the CPython _locale C module (Modules/_localemodule.c) through
its two Unicode-consuming entry points. Dispatches per input to either
locale.strxfrm() — the locale-aware string-to-transform-key conversion
that exercises the underlying wcsxfrm() wrapper and its wchar_t
encode/decode boundaries — or locale.strcoll(), which compares two
fuzzed Unicode strings via wcscoll() to drive the locale-aware
collation path. Inputs are Unicode text drawn from the fuzzed byte
stream, so multibyte, surrogate-range, and astral-plane code points
all reach the C conversion layer.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-all : fuzzer-html fuzzer-email fuzzer-httpclient fuzzer-json fuzzer-difflib fuzzer-csv fuzzer-decode fuzzer-ast fuzzer-tarfile fuzzer-tarfile-hypothesis fuzzer-zipfile fuzzer-zipfile-hypothesis fuzzer-re fuzzer-configparser fuzzer-tomllib fuzzer-plistlib fuzzer-xml fuzzer-zoneinfo fuzzer-binascii
+all : fuzzer-html fuzzer-email fuzzer-httpclient fuzzer-json fuzzer-difflib fuzzer-csv fuzzer-decode fuzzer-ast fuzzer-tarfile fuzzer-tarfile-hypothesis fuzzer-zipfile fuzzer-zipfile-hypothesis fuzzer-re fuzzer-configparser fuzzer-tomllib fuzzer-plistlib fuzzer-xml fuzzer-zoneinfo fuzzer-binascii fuzzer-locale
 
 PYTHON_CONFIG_PATH=$(CPYTHON_INSTALL_PATH)/bin/python3-config
 CXXFLAGS += $(shell $(PYTHON_CONFIG_PATH) --cflags)
@@ -43,3 +43,6 @@ fuzzer-zoneinfo:
 
 fuzzer-binascii:
 	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"binascii.py\"" -ldl $(LDFLAGS) -o fuzzer-binascii
+
+fuzzer-locale:
+	clang++ $(CXXFLAGS) $(LIB_FUZZING_ENGINE) -std=c++17 fuzzer.cpp -DPYTHON_HARNESS_PATH="\"locale.py\"" -ldl $(LDFLAGS) -o fuzzer-locale
diff --git a/fuzz_targets.txt b/fuzz_targets.txt
@@ -8,6 +8,7 @@ email email.py
 html html.py
 httpclient httpclient.py
 json json.py
+locale locale.py
 plistlib plist.py
 re re.py
 tarfile tarfile.py
diff --git a/locale.py b/locale.py
@@ -0,0 +1,37 @@
+from fuzzeddataprovider import FuzzedDataProvider
+import locale
+
+OP_STRXFRM = 0
+OP_STRCOLL = 1
+
+
+# Fuzzes the _locale C module (Modules/_localemodule.c).
+# Exercises locale.strxfrm() for locale-aware string transformation
+# and locale.strcoll() for locale-aware string comparison, both with
+# fuzz-generated Unicode input.
+def FuzzerRunOne(FuzzerInput):
+    if len(FuzzerInput) < 1 or len(FuzzerInput) > 0x10000:
+        return
+    fdp = FuzzedDataProvider(FuzzerInput)
+    target = fdp.ConsumeIntInRange(OP_STRXFRM, OP_STRCOLL)
+    n = (
+        fdp.ConsumeIntInRange(1, min(fdp.remaining_bytes(), 10000))
+        if fdp.remaining_bytes() > 0
+        else 0
+    )
+    if n == 0:
+        return
+    s = fdp.ConsumeUnicode(n)
+    try:
+        if target == OP_STRXFRM:
+            locale.strxfrm(s)
+        elif target == OP_STRCOLL:
+            n2 = (
+                fdp.ConsumeIntInRange(1, min(fdp.remaining_bytes(), 10000))
+                if fdp.remaining_bytes() > 0
+                else 0
+            )
+            s2 = fdp.ConsumeUnicode(n2) if n2 > 0 else ""
+            locale.strcoll(s, s2)
+    except Exception:
+        pass
