chrome/tools/ipclist/ipcfuzz.cc - Issue 12226045: Linux/ChromeOS Chromium style checker cleanup, chrome/ edition part 1.

Side by Side Diff: chrome/tools/ipclist/ipcfuzz.cc

Issue 12226045: Linux/ChromeOS Chromium style checker cleanup, chrome/ edition part 1. (Closed) Base URL: http://src.chromium.org/svn/trunk/src/

Patch Set: Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <algorithm>	5 #include <algorithm>

6 #include <ostream>	6 #include <ostream>

7 #include <set>	7 #include <set>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/command_line.h"	10 #include "base/command_line.h"

(...skipping 107 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
118	118

119 if ((env_var = getenv("CHROME_IPC_FUZZING_FREQUENCY"))) {	119 if ((env_var = getenv("CHROME_IPC_FUZZING_FREQUENCY"))) {

120 unsigned int new_frequency = atoi(env_var);	120 unsigned int new_frequency = atoi(env_var);

121 if (new_frequency)	121 if (new_frequency)

122 frequency_ = new_frequency;	122 frequency_ = new_frequency;

123 }	123 }

124 }	124 }

125	125

126 virtual ~DefaultFuzzer() {}	126 virtual ~DefaultFuzzer() {}

127	127

128 virtual bool FuzzThisMessage(const IPC::Message *msg) {	128 virtual bool FuzzThisMessage(const IPC::Message *msg) OVERRIDE {

129 return (message_set_.empty() \|\|	129 return (message_set_.empty() \|\|

130 std::find(message_set_.begin(),	130 std::find(message_set_.begin(),

131 message_set_.end(),	131 message_set_.end(),

132 msg->type()) != message_set_.end());	132 msg->type()) != message_set_.end());

133 }	133 }

134	134

135 virtual void FuzzBool(bool* value) {	135 virtual void FuzzBool(bool* value) OVERRIDE {

136 if (rand() % frequency_ == 0)	136 if (rand() % frequency_ == 0)

137 (value) = !(value);	137 (value) = !(value);

138 }	138 }

139	139

140 virtual void FuzzInt(int* value) {	140 virtual void FuzzInt(int* value) OVERRIDE {

141 FuzzIntegralType<int>(value, frequency_);	141 FuzzIntegralType<int>(value, frequency_);

142 }	142 }

143	143

144 virtual void FuzzLong(long* value) {	144 virtual void FuzzLong(long* value) OVERRIDE {

145 FuzzIntegralType<long>(value, frequency_);	145 FuzzIntegralType<long>(value, frequency_);

146 }	146 }

147	147

148 virtual void FuzzSize(size_t* value) {	148 virtual void FuzzSize(size_t* value) OVERRIDE {

149 FuzzIntegralType<size_t>(value, frequency_);	149 FuzzIntegralType<size_t>(value, frequency_);

150 }	150 }

151	151

152 virtual void FuzzUChar(unsigned char* value) {	152 virtual void FuzzUChar(unsigned char* value) OVERRIDE {

153 FuzzIntegralType<unsigned char>(value, frequency_);	153 FuzzIntegralType<unsigned char>(value, frequency_);

154 }	154 }

155	155

156 virtual void FuzzUInt16(uint16* value) {	156 virtual void FuzzUInt16(uint16* value) OVERRIDE {

157 FuzzIntegralType<uint16>(value, frequency_);	157 FuzzIntegralType<uint16>(value, frequency_);

158 }	158 }

159	159

160 virtual void FuzzUInt32(uint32* value) {	160 virtual void FuzzUInt32(uint32* value) OVERRIDE {

161 FuzzIntegralType<uint32>(value, frequency_);	161 FuzzIntegralType<uint32>(value, frequency_);

162 }	162 }

163	163

164 virtual void FuzzInt64(int64* value) {	164 virtual void FuzzInt64(int64* value) OVERRIDE {

165 FuzzIntegralType<int64>(value, frequency_);	165 FuzzIntegralType<int64>(value, frequency_);

166 }	166 }

167	167

168 virtual void FuzzUInt64(uint64* value) {	168 virtual void FuzzUInt64(uint64* value) OVERRIDE {

169 FuzzIntegralType<uint64>(value, frequency_);	169 FuzzIntegralType<uint64>(value, frequency_);

170 }	170 }

171	171

172 virtual void FuzzFloat(float* value) {	172 virtual void FuzzFloat(float* value) OVERRIDE {

173 if (rand() % frequency_ == 0)	173 if (rand() % frequency_ == 0)

174 (value) = rand() / 1000000.0;	174 (value) = rand() / 1000000.0;

175 }	175 }

176	176

177 virtual void FuzzDouble(double* value) {	177 virtual void FuzzDouble(double* value) OVERRIDE {

178 if (rand() % frequency_ == 0)	178 if (rand() % frequency_ == 0)

179 (value) = rand() / 1000000.0;	179 (value) = rand() / 1000000.0;

180 }	180 }

181	181

182 virtual void FuzzString(std::string* value) {	182 virtual void FuzzString(std::string* value) OVERRIDE {

183 FuzzStringType<std::string>(value, frequency_, "BORKED", "");	183 FuzzStringType<std::string>(value, frequency_, "BORKED", "");

184 }	184 }

185	185

186 virtual void FuzzWString(std::wstring* value) {	186 virtual void FuzzWString(std::wstring* value) OVERRIDE {

187 FuzzStringType<std::wstring>(value, frequency_, L"BORKED", L"");	187 FuzzStringType<std::wstring>(value, frequency_, L"BORKED", L"");

188 }	188 }

189	189

190 virtual void FuzzString16(string16* value) {	190 virtual void FuzzString16(string16* value) OVERRIDE {

191 FuzzStringType<string16>(value, frequency_,	191 FuzzStringType<string16>(value, frequency_,

192 WideToUTF16(L"BORKED"),	192 WideToUTF16(L"BORKED"),

193 WideToUTF16(L""));	193 WideToUTF16(L""));

194 }	194 }

195	195

196 virtual void FuzzData(char* data, int length) {	196 virtual void FuzzData(char* data, int length) OVERRIDE {

197 if (rand() % frequency_ == 0) {	197 if (rand() % frequency_ == 0) {

198 for (int i = 0; i < length; ++i) {	198 for (int i = 0; i < length; ++i) {

199 FuzzIntegralType<char>(&data[i], frequency_);	199 FuzzIntegralType<char>(&data[i], frequency_);

200 }	200 }

201 }	201 }

202 }	202 }

203	203

204 virtual void FuzzBytes(void* data, int data_len) {	204 virtual void FuzzBytes(void* data, int data_len) OVERRIDE {

205 FuzzData(static_cast<char*>(data), data_len);	205 FuzzData(static_cast<char*>(data), data_len);

206 }	206 }

207	207

208 private:	208 private:

209 std::set<int> message_set_;	209 std::set<int> message_set_;

210 unsigned int frequency_;	210 unsigned int frequency_;

211 };	211 };

212	212

213	213

214 // No-op fuzzer. Rewrites each message unchanged to check if the message	214 // No-op fuzzer. Rewrites each message unchanged to check if the message

215 // re-assembly is legit.	215 // re-assembly is legit.

216 class NoOpFuzzer : public IPC::Fuzzer {	216 class NoOpFuzzer : public IPC::Fuzzer {

217 public:	217 public:

218 NoOpFuzzer() {}	218 NoOpFuzzer() {}

219 virtual ~NoOpFuzzer() {}	219 virtual ~NoOpFuzzer() {}

220	220

221 virtual bool FuzzThisMessage(const IPC::Message *msg) {	221 virtual bool FuzzThisMessage(const IPC::Message *msg) OVERRIDE {

222 return true;	222 return true;

223 }	223 }

224	224

225 virtual void FuzzBool(bool* value) {}	225 virtual void FuzzBool(bool* value) OVERRIDE {}

226 virtual void FuzzInt(int* value) {}	226 virtual void FuzzInt(int* value) OVERRIDE {}

227 virtual void FuzzLong(long* value) {}	227 virtual void FuzzLong(long* value) OVERRIDE {}

228 virtual void FuzzSize(size_t* value) {}	228 virtual void FuzzSize(size_t* value) OVERRIDE {}

229 virtual void FuzzUChar(unsigned char* value) {}	229 virtual void FuzzUChar(unsigned char* value) OVERRIDE {}

230 virtual void FuzzUInt16(uint16* value) {}	230 virtual void FuzzUInt16(uint16* value) OVERRIDE {}

231 virtual void FuzzUInt32(uint32* value) {}	231 virtual void FuzzUInt32(uint32* value) OVERRIDE {}

232 virtual void FuzzInt64(int64* value) {}	232 virtual void FuzzInt64(int64* value) OVERRIDE {}

233 virtual void FuzzUInt64(uint64* value) {}	233 virtual void FuzzUInt64(uint64* value) OVERRIDE {}

234 virtual void FuzzFloat(float* value) {}	234 virtual void FuzzFloat(float* value) OVERRIDE {}

235 virtual void FuzzDouble(double* value) {}	235 virtual void FuzzDouble(double* value) OVERRIDE {}

236 virtual void FuzzString(std::string* value) {}	236 virtual void FuzzString(std::string* value) OVERRIDE {}

237 virtual void FuzzWString(std::wstring* value) {}	237 virtual void FuzzWString(std::wstring* value) OVERRIDE {}

238 virtual void FuzzString16(string16* value) {}	238 virtual void FuzzString16(string16* value) OVERRIDE {}

239 virtual void FuzzData(char* data, int length) {}	239 virtual void FuzzData(char* data, int length) OVERRIDE {}

240 virtual void FuzzBytes(void* data, int data_len) {}	240 virtual void FuzzBytes(void* data, int data_len) OVERRIDE {}

241 };	241 };

242	242

243 class FuzzerFactory {	243 class FuzzerFactory {

244 public:	244 public:

245 static IPC::Fuzzer *NewFuzzer(const std::string& name) {	245 static IPC::Fuzzer *NewFuzzer(const std::string& name) {

246 if (name == "no-op")	246 if (name == "no-op")

247 return new NoOpFuzzer();	247 return new NoOpFuzzer();

248 else	248 else

249 return new DefaultFuzzer();	249 return new DefaultFuzzer();

250 }	250 }

(...skipping 403 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
654 }	654 }

655	655

656 class ipcfuzz : public IPC::ChannelProxy::OutgoingMessageFilter {	656 class ipcfuzz : public IPC::ChannelProxy::OutgoingMessageFilter {

657 public:	657 public:

658 ipcfuzz() {	658 ipcfuzz() {

659 const char* env_var = getenv("CHROME_IPC_FUZZING_KIND");	659 const char* env_var = getenv("CHROME_IPC_FUZZING_KIND");

660 fuzzer_ = FuzzerFactory::NewFuzzer(env_var ? env_var : "");	660 fuzzer_ = FuzzerFactory::NewFuzzer(env_var ? env_var : "");

661 PopulateFuzzFunctionMap(&fuzz_function_map_);	661 PopulateFuzzFunctionMap(&fuzz_function_map_);

662 }	662 }

663	663

664 IPC::Message* Rewrite(IPC::Message* message) {	664 virtual IPC::Message* Rewrite(IPC::Message* message) OVERRIDE {

665 if (fuzzer_ && fuzzer_->FuzzThisMessage(message)) {	665 if (fuzzer_ && fuzzer_->FuzzThisMessage(message)) {

666 FuzzFunctionMap::iterator it = fuzz_function_map_.find(message->type());	666 FuzzFunctionMap::iterator it = fuzz_function_map_.find(message->type());

667 if (it != fuzz_function_map_.end()) {	667 if (it != fuzz_function_map_.end()) {

668 IPC::Message* fuzzed_message = (*it->second)(message, fuzzer_);	668 IPC::Message* fuzzed_message = (*it->second)(message, fuzzer_);

669 if (fuzzed_message) {	669 if (fuzzed_message) {

670 delete message;	670 delete message;

671 message = fuzzed_message;	671 message = fuzzed_message;

672 }	672 }

673 }	673 }

674 }	674 }

675 return message;	675 return message;

676 }	676 }

677	677

678 private:	678 private:

679 IPC::Fuzzer* fuzzer_;	679 IPC::Fuzzer* fuzzer_;

680 FuzzFunctionMap fuzz_function_map_;	680 FuzzFunctionMap fuzz_function_map_;

681 };	681 };

682	682

683 ipcfuzz g_ipcfuzz;	683 ipcfuzz g_ipcfuzz;

684	684

685 // Entry point avoiding mangled names.	685 // Entry point avoiding mangled names.

686 extern "C" {	686 extern "C" {

687 __attribute__((visibility("default")))	687 __attribute__((visibility("default")))

688 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void);	688 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void);

689 }	689 }

690	690

691 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void) {	691 IPC::ChannelProxy::OutgoingMessageFilter* GetFilter(void) {

692 return &g_ipcfuzz;	692 return &g_ipcfuzz;

693 }	693 }

OLD	NEW

« no previous file with comments | « chrome/test/security_tests/sandbox_browsertest.cc ('k') | no next file » | no next file with comments »