Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(81)

Side by Side Diff: chrome/tools/ipclist/ipcfuzz.cc

Issue 12226045: Linux/ChromeOS Chromium style checker cleanup, chrome/ edition part 1. (Closed) Base URL: http://src.chromium.org/svn/trunk/src/
Patch Set: Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/test/security_tests/sandbox_browsertest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <algorithm> 5 #include <algorithm>
6 #include <ostream> 6 #include <ostream>
7 #include <set> 7 #include <set>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/command_line.h" 10 #include "base/command_line.h"
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
118 118
119 if ((env_var = getenv("CHROME_IPC_FUZZING_FREQUENCY"))) { 119 if ((env_var = getenv("CHROME_IPC_FUZZING_FREQUENCY"))) {
120 unsigned int new_frequency = atoi(env_var); 120 unsigned int new_frequency = atoi(env_var);
121 if (new_frequency) 121 if (new_frequency)
122 frequency_ = new_frequency; 122 frequency_ = new_frequency;
123 } 123 }
124 } 124 }
125 125
126 virtual ~DefaultFuzzer() {} 126 virtual ~DefaultFuzzer() {}
127 127
128 virtual bool FuzzThisMessage(const IPC::Message *msg) { 128 virtual bool FuzzThisMessage(const IPC::Message *msg) OVERRIDE {
129 return (message_set_.empty() || 129 return (message_set_.empty() ||
130 std::find(message_set_.begin(), 130 std::find(message_set_.begin(),
131 message_set_.end(), 131 message_set_.end(),
132 msg->type()) != message_set_.end()); 132 msg->type()) != message_set_.end());
133 } 133 }
134 134
135 virtual void FuzzBool(bool* value) { 135 virtual void FuzzBool(bool* value) OVERRIDE {
136 if (rand() % frequency_ == 0) 136 if (rand() % frequency_ == 0)
137 (*value) = !(*value); 137 (*value) = !(*value);
138 } 138 }
139 139
140 virtual void FuzzInt(int* value) { 140 virtual void FuzzInt(int* value) OVERRIDE {
141 FuzzIntegralType<int>(value, frequency_); 141 FuzzIntegralType<int>(value, frequency_);
142 } 142 }
143 143
144 virtual void FuzzLong(long* value) { 144 virtual void FuzzLong(long* value) OVERRIDE {
145 FuzzIntegralType<long>(value, frequency_); 145 FuzzIntegralType<long>(value, frequency_);
146 } 146 }
147 147
148 virtual void FuzzSize(size_t* value) { 148 virtual void FuzzSize(size_t* value) OVERRIDE {
149 FuzzIntegralType<size_t>(value, frequency_); 149 FuzzIntegralType<size_t>(value, frequency_);
150 } 150 }
151 151
152 virtual void FuzzUChar(unsigned char* value) { 152 virtual void FuzzUChar(unsigned char* value) OVERRIDE {
153 FuzzIntegralType<unsigned char>(value, frequency_); 153 FuzzIntegralType<unsigned char>(value, frequency_);
154 } 154 }
155 155
156 virtual void FuzzUInt16(uint16* value) { 156 virtual void FuzzUInt16(uint16* value) OVERRIDE {
157 FuzzIntegralType<uint16>(value, frequency_); 157 FuzzIntegralType<uint16>(value, frequency_);
158 } 158 }
159 159
160 virtual void FuzzUInt32(uint32* value) { 160 virtual void FuzzUInt32(uint32* value) OVERRIDE {
161 FuzzIntegralType<uint32>(value, frequency_); 161 FuzzIntegralType<uint32>(value, frequency_);
162 } 162 }
163 163
164 virtual void FuzzInt64(int64* value) { 164 virtual void FuzzInt64(int64* value) OVERRIDE {
165 FuzzIntegralType<int64>(value, frequency_); 165 FuzzIntegralType<int64>(value, frequency_);
166 } 166 }
167 167
168 virtual void FuzzUInt64(uint64* value) { 168 virtual void FuzzUInt64(uint64* value) OVERRIDE {
169 FuzzIntegralType<uint64>(value, frequency_); 169 FuzzIntegralType<uint64>(value, frequency_);
170 } 170 }
171 171
172 virtual void FuzzFloat(float* value) { 172 virtual void FuzzFloat(float* value) OVERRIDE {
173 if (rand() % frequency_ == 0) 173 if (rand() % frequency_ == 0)
174 (*value) *= rand() / 1000000.0; 174 (*value) *= rand() / 1000000.0;
175 } 175 }
176 176
177 virtual void FuzzDouble(double* value) { 177 virtual void FuzzDouble(double* value) OVERRIDE {
178 if (rand() % frequency_ == 0) 178 if (rand() % frequency_ == 0)
179 (*value) *= rand() / 1000000.0; 179 (*value) *= rand() / 1000000.0;
180 } 180 }
181 181
182 virtual void FuzzString(std::string* value) { 182 virtual void FuzzString(std::string* value) OVERRIDE {
183 FuzzStringType<std::string>(value, frequency_, "BORKED", ""); 183 FuzzStringType<std::string>(value, frequency_, "BORKED", "");
184 } 184 }
185 185
186 virtual void FuzzWString(std::wstring* value) { 186 virtual void FuzzWString(std::wstring* value) OVERRIDE {
187 FuzzStringType<std::wstring>(value, frequency_, L"BORKED", L""); 187 FuzzStringType<std::wstring>(value, frequency_, L"BORKED", L"");
188 } 188 }
189 189
190 virtual void FuzzString16(string16* value) { 190 virtual void FuzzString16(string16* value) OVERRIDE {
191 FuzzStringType<string16>(value, frequency_, 191 FuzzStringType<string16>(value, frequency_,
192 WideToUTF16(L"BORKED"), 192 WideToUTF16(L"BORKED"),
193 WideToUTF16(L"")); 193 WideToUTF16(L""));
194 } 194 }
195 195
196 virtual void FuzzData(char* data, int length) { 196 virtual void FuzzData(char* data, int length) OVERRIDE {
197 if (rand() % frequency_ == 0) { 197 if (rand() % frequency_ == 0) {
198 for (int i = 0; i < length; ++i) { 198 for (int i = 0; i < length; ++i) {
199 FuzzIntegralType<char>(&data[i], frequency_); 199 FuzzIntegralType<char>(&data[i], frequency_);
200 } 200 }
201 } 201 }
202 } 202 }
203 203
204 virtual void FuzzBytes(void* data, int data_len) { 204 virtual void FuzzBytes(void* data, int data_len) OVERRIDE {
205 FuzzData(static_cast<char*>(data), data_len); 205 FuzzData(static_cast<char*>(data), data_len);
206 } 206 }
207 207
208 private: 208 private:
209 std::set<int> message_set_; 209 std::set<int> message_set_;
210 unsigned int frequency_; 210 unsigned int frequency_;
211 }; 211 };
212 212
213 213
214 // No-op fuzzer. Rewrites each message unchanged to check if the message 214 // No-op fuzzer. Rewrites each message unchanged to check if the message
215 // re-assembly is legit. 215 // re-assembly is legit.
216 class NoOpFuzzer : public IPC::Fuzzer { 216 class NoOpFuzzer : public IPC::Fuzzer {
217 public: 217 public:
218 NoOpFuzzer() {} 218 NoOpFuzzer() {}
219 virtual ~NoOpFuzzer() {} 219 virtual ~NoOpFuzzer() {}
220 220
221 virtual bool FuzzThisMessage(const IPC::Message *msg) { 221 virtual bool FuzzThisMessage(const IPC::Message *msg) OVERRIDE {
222 return true; 222 return true;
223 } 223 }
224 224
225 virtual void FuzzBool(bool* value) {} 225 virtual void FuzzBool(bool* value) OVERRIDE {}
226 virtual void FuzzInt(int* value) {} 226 virtual void FuzzInt(int* value) OVERRIDE {}
227 virtual void FuzzLong(long* value) {} 227 virtual void FuzzLong(long* value) OVERRIDE {}
228 virtual void FuzzSize(size_t* value) {} 228 virtual void FuzzSize(size_t* value) OVERRIDE {}
229 virtual void FuzzUChar(unsigned char* value) {} 229 virtual void FuzzUChar(unsigned char* value) OVERRIDE {}
230 virtual void FuzzUInt16(uint16* value) {} 230 virtual void FuzzUInt16(uint16* value) OVERRIDE {}
231 virtual void FuzzUInt32(uint32* value) {} 231 virtual void FuzzUInt32(uint32* value) OVERRIDE {}
232 virtual void FuzzInt64(int64* value) {} 232 virtual void FuzzInt64(int64* value) OVERRIDE {}
233 virtual void FuzzUInt64(uint64* value) {} 233 virtual void FuzzUInt64(uint64* value) OVERRIDE {}
234 virtual void FuzzFloat(float* value) {} 234 virtual void FuzzFloat(float* value) OVERRIDE {}
235 virtual void FuzzDouble(double* value) {} 235 virtual void FuzzDouble(double* value) OVERRIDE {}
236 virtual void FuzzString(std::string* value) {} 236 virtual void FuzzString(std::string* value) OVERRIDE {}
237 virtual void FuzzWString(std::wstring* value) {} 237 virtual void FuzzWString(std::wstring* value) OVERRIDE {}
238 virtual void FuzzString16(string16* value) {} 238 virtual void FuzzString16(string16* value) OVERRIDE {}
239 virtual void FuzzData(char* data, int length) {} 239 virtual void FuzzData(char* data, int length) OVERRIDE {}
240 virtual void FuzzBytes(void* data, int data_len) {} 240 virtual void FuzzBytes(void* data, int data_len) OVERRIDE {}
241 }; 241 };
242 242
243 class FuzzerFactory { 243 class FuzzerFactory {
244 public: 244 public:
245 static IPC::Fuzzer *NewFuzzer(const std::string& name) { 245 static IPC::Fuzzer *NewFuzzer(const std::string& name) {
246 if (name == "no-op") 246 if (name == "no-op")
247 return new NoOpFuzzer(); 247 return new NoOpFuzzer();
248 else 248 else
249 return new DefaultFuzzer(); 249 return new DefaultFuzzer();
250 } 250 }
(...skipping 403 matching lines...) Expand 10 before | Expand all | Expand 10 after
654 } 654 }
655 655
656 class ipcfuzz : public IPC::ChannelProxy::OutgoingMessageFilter { 656 class ipcfuzz : public IPC::ChannelProxy::OutgoingMessageFilter {
657 public: 657 public:
658 ipcfuzz() { 658 ipcfuzz() {
659 const char* env_var = getenv("CHROME_IPC_FUZZING_KIND"); 659 const char* env_var = getenv("CHROME_IPC_FUZZING_KIND");
660 fuzzer_ = FuzzerFactory::NewFuzzer(env_var ? env_var : ""); 660 fuzzer_ = FuzzerFactory::NewFuzzer(env_var ? env_var : "");
661 PopulateFuzzFunctionMap(&fuzz_function_map_); 661 PopulateFuzzFunctionMap(&fuzz_function_map_);
662 } 662 }
663 663
664 IPC::Message* Rewrite(IPC::Message* message) { 664 virtual IPC::Message* Rewrite(IPC::Message* message) OVERRIDE {
665 if (fuzzer_ && fuzzer_->FuzzThisMessage(message)) { 665 if (fuzzer_ && fuzzer_->FuzzThisMessage(message)) {
666 FuzzFunctionMap::iterator it = fuzz_function_map_.find(message->type()); 666 FuzzFunctionMap::iterator it = fuzz_function_map_.find(message->type());
667 if (it != fuzz_function_map_.end()) { 667 if (it != fuzz_function_map_.end()) {
668 IPC::Message* fuzzed_message = (*it->second)(message, fuzzer_); 668 IPC::Message* fuzzed_message = (*it->second)(message, fuzzer_);
669 if (fuzzed_message) { 669 if (fuzzed_message) {
670 delete message; 670 delete message;
671 message = fuzzed_message; 671 message = fuzzed_message;
672 } 672 }
673 } 673 }
674 } 674 }
675 return message; 675 return message;
676 } 676 }
677 677
678 private: 678 private:
679 IPC::Fuzzer* fuzzer_; 679 IPC::Fuzzer* fuzzer_;
680 FuzzFunctionMap fuzz_function_map_; 680 FuzzFunctionMap fuzz_function_map_;
681 }; 681 };
682 682
683 ipcfuzz g_ipcfuzz; 683 ipcfuzz g_ipcfuzz;
684 684
685 // Entry point avoiding mangled names. 685 // Entry point avoiding mangled names.
686 extern "C" { 686 extern "C" {
687 __attribute__((visibility("default"))) 687 __attribute__((visibility("default")))
688 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void); 688 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void);
689 } 689 }
690 690
691 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void) { 691 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void) {
692 return &g_ipcfuzz; 692 return &g_ipcfuzz;
693 } 693 }
OLDNEW
« no previous file with comments | « chrome/test/security_tests/sandbox_browsertest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698