OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <stdint.h> | |
5 #include <stdio.h> | 6 #include <stdio.h> |
7 #include <sstream> | |
Tom Sepez
2015/09/03 19:53:09
nit: ditto
tfarina
2015/09/04 14:01:14
Done.
| |
6 #include <string> | 8 #include <string> |
7 #include <sstream> | |
8 | 9 |
9 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
10 #include "base/strings/string16.h" | 11 #include "base/strings/string16.h" |
11 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
12 #include "base/threading/platform_thread.h" | 13 #include "base/threading/platform_thread.h" |
13 #include "ipc/ipc_test_base.h" | 14 #include "ipc/ipc_test_base.h" |
14 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
15 | 16 |
16 // IPC messages for testing ---------------------------------------------------- | 17 // IPC messages for testing ---------------------------------------------------- |
17 | 18 |
(...skipping 13 matching lines...) Expand all Loading... | |
31 | 32 |
32 // Used to generate an ID for a message that should not exist. | 33 // Used to generate an ID for a message that should not exist. |
33 IPC_MESSAGE_CONTROL0(MsgUnhandled) | 34 IPC_MESSAGE_CONTROL0(MsgUnhandled) |
34 | 35 |
35 // ----------------------------------------------------------------------------- | 36 // ----------------------------------------------------------------------------- |
36 | 37 |
37 namespace { | 38 namespace { |
38 | 39 |
39 TEST(IPCMessageIntegrity, ReadBeyondBufferStr) { | 40 TEST(IPCMessageIntegrity, ReadBeyondBufferStr) { |
40 // This was BUG 984408. | 41 // This was BUG 984408. |
41 uint32 v1 = kuint32max - 1; | 42 uint32_t v1 = kuint32max - 1; |
42 int v2 = 666; | 43 int v2 = 666; |
43 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); | 44 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); |
44 EXPECT_TRUE(m.WriteInt(v1)); | 45 EXPECT_TRUE(m.WriteInt(v1)); |
45 EXPECT_TRUE(m.WriteInt(v2)); | 46 EXPECT_TRUE(m.WriteInt(v2)); |
46 | 47 |
47 base::PickleIterator iter(m); | 48 base::PickleIterator iter(m); |
48 std::string vs; | 49 std::string vs; |
49 EXPECT_FALSE(iter.ReadString(&vs)); | 50 EXPECT_FALSE(iter.ReadString(&vs)); |
50 } | 51 } |
51 | 52 |
52 TEST(IPCMessageIntegrity, ReadBeyondBufferStr16) { | 53 TEST(IPCMessageIntegrity, ReadBeyondBufferStr16) { |
53 // This was BUG 984408. | 54 // This was BUG 984408. |
54 uint32 v1 = kuint32max - 1; | 55 uint32_t v1 = kuint32max - 1; |
55 int v2 = 777; | 56 int v2 = 777; |
56 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); | 57 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); |
57 EXPECT_TRUE(m.WriteInt(v1)); | 58 EXPECT_TRUE(m.WriteInt(v1)); |
58 EXPECT_TRUE(m.WriteInt(v2)); | 59 EXPECT_TRUE(m.WriteInt(v2)); |
59 | 60 |
60 base::PickleIterator iter(m); | 61 base::PickleIterator iter(m); |
61 base::string16 vs; | 62 base::string16 vs; |
62 EXPECT_FALSE(iter.ReadString16(&vs)); | 63 EXPECT_FALSE(iter.ReadString16(&vs)); |
63 } | 64 } |
64 | 65 |
(...skipping 29 matching lines...) Expand all Loading... | |
94 #define MAYBE_ReadVectorTooLarge1 ReadVectorTooLarge1 | 95 #define MAYBE_ReadVectorTooLarge1 ReadVectorTooLarge1 |
95 #endif | 96 #endif |
96 TEST(IPCMessageIntegrity, MAYBE_ReadVectorTooLarge1) { | 97 TEST(IPCMessageIntegrity, MAYBE_ReadVectorTooLarge1) { |
97 // This was BUG 1006367. This is the large but positive length case. Again | 98 // This was BUG 1006367. This is the large but positive length case. Again |
98 // we try to hit the non-specialized case vector<P>. | 99 // we try to hit the non-specialized case vector<P>. |
99 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); | 100 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); |
100 EXPECT_TRUE(m.WriteInt(0x21000003)); // This is the count of elements. | 101 EXPECT_TRUE(m.WriteInt(0x21000003)); // This is the count of elements. |
101 EXPECT_TRUE(m.WriteInt64(1)); | 102 EXPECT_TRUE(m.WriteInt64(1)); |
102 EXPECT_TRUE(m.WriteInt64(2)); | 103 EXPECT_TRUE(m.WriteInt64(2)); |
103 | 104 |
104 std::vector<int64> vec; | 105 std::vector<int64_t> vec; |
105 base::PickleIterator iter(m); | 106 base::PickleIterator iter(m); |
106 EXPECT_FALSE(ReadParam(&m, &iter, &vec)); | 107 EXPECT_FALSE(ReadParam(&m, &iter, &vec)); |
107 } | 108 } |
108 | 109 |
109 TEST(IPCMessageIntegrity, ReadVectorTooLarge2) { | 110 TEST(IPCMessageIntegrity, ReadVectorTooLarge2) { |
110 // This was BUG 1006367. This is the large but positive with an additional | 111 // This was BUG 1006367. This is the large but positive with an additional |
111 // integer overflow when computing the actual byte size. Again we try to hit | 112 // integer overflow when computing the actual byte size. Again we try to hit |
112 // the non-specialized case vector<P>. | 113 // the non-specialized case vector<P>. |
113 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); | 114 IPC::Message m(0, 1, IPC::Message::PRIORITY_NORMAL); |
114 EXPECT_TRUE(m.WriteInt(0x71000000)); // This is the count of elements. | 115 EXPECT_TRUE(m.WriteInt(0x71000000)); // This is the count of elements. |
115 EXPECT_TRUE(m.WriteInt64(1)); | 116 EXPECT_TRUE(m.WriteInt64(1)); |
116 EXPECT_TRUE(m.WriteInt64(2)); | 117 EXPECT_TRUE(m.WriteInt64(2)); |
117 | 118 |
118 std::vector<int64> vec; | 119 std::vector<int64_t> vec; |
119 base::PickleIterator iter(m); | 120 base::PickleIterator iter(m); |
120 EXPECT_FALSE(ReadParam(&m, &iter, &vec)); | 121 EXPECT_FALSE(ReadParam(&m, &iter, &vec)); |
121 } | 122 } |
122 | 123 |
123 class SimpleListener : public IPC::Listener { | 124 class SimpleListener : public IPC::Listener { |
124 public: | 125 public: |
125 SimpleListener() : other_(NULL) { | 126 SimpleListener() : other_(NULL) { |
126 } | 127 } |
127 void Init(IPC::Sender* s) { | 128 void Init(IPC::Sender* s) { |
128 other_ = s; | 129 other_ = s; |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
163 RoundtripAckReply(FUZZER_ROUTING_ID, MsgClassIS::ID, value); | 164 RoundtripAckReply(FUZZER_ROUTING_ID, MsgClassIS::ID, value); |
164 Cleanup(); | 165 Cleanup(); |
165 } | 166 } |
166 | 167 |
167 void OnMsgClassSIMessage(const base::string16& text, int value) { | 168 void OnMsgClassSIMessage(const base::string16& text, int value) { |
168 UseData(MsgClassSI::ID, value, text); | 169 UseData(MsgClassSI::ID, value, text); |
169 RoundtripAckReply(FUZZER_ROUTING_ID, MsgClassSI::ID, value); | 170 RoundtripAckReply(FUZZER_ROUTING_ID, MsgClassSI::ID, value); |
170 Cleanup(); | 171 Cleanup(); |
171 } | 172 } |
172 | 173 |
173 bool RoundtripAckReply(int routing, uint32 type_id, int reply) { | 174 bool RoundtripAckReply(int routing, uint32_t type_id, int reply) { |
174 IPC::Message* message = new IPC::Message(routing, type_id, | 175 IPC::Message* message = new IPC::Message(routing, type_id, |
175 IPC::Message::PRIORITY_NORMAL); | 176 IPC::Message::PRIORITY_NORMAL); |
176 message->WriteInt(reply + 1); | 177 message->WriteInt(reply + 1); |
177 message->WriteInt(reply); | 178 message->WriteInt(reply); |
178 return other_->Send(message); | 179 return other_->Send(message); |
179 } | 180 } |
180 | 181 |
181 void Cleanup() { | 182 void Cleanup() { |
182 --message_count_; | 183 --message_count_; |
183 --pending_messages_; | 184 --pending_messages_; |
184 if (0 == message_count_) | 185 if (0 == message_count_) |
185 base::MessageLoop::current()->Quit(); | 186 base::MessageLoop::current()->Quit(); |
186 } | 187 } |
187 | 188 |
188 void ReplyMsgNotHandled(uint32 type_id) { | 189 void ReplyMsgNotHandled(uint32_t type_id) { |
189 RoundtripAckReply(FUZZER_ROUTING_ID, MsgUnhandled::ID, type_id); | 190 RoundtripAckReply(FUZZER_ROUTING_ID, MsgUnhandled::ID, type_id); |
190 Cleanup(); | 191 Cleanup(); |
191 } | 192 } |
192 | 193 |
193 void UseData(int caller, int value, const base::string16& text) { | 194 void UseData(int caller, int value, const base::string16& text) { |
194 std::ostringstream os; | 195 std::ostringstream os; |
195 os << "IPC fuzzer:" << caller << " [" << value << " " | 196 os << "IPC fuzzer:" << caller << " [" << value << " " |
196 << base::UTF16ToUTF8(text) << "]\n"; | 197 << base::UTF16ToUTF8(text) << "]\n"; |
197 std::string output = os.str(); | 198 std::string output = os.str(); |
198 LOG(WARNING) << output; | 199 LOG(WARNING) << output; |
199 } | 200 } |
200 | 201 |
201 int message_count_; | 202 int message_count_; |
202 int pending_messages_; | 203 int pending_messages_; |
203 }; | 204 }; |
204 | 205 |
205 class FuzzerClientListener : public SimpleListener { | 206 class FuzzerClientListener : public SimpleListener { |
206 public: | 207 public: |
207 FuzzerClientListener() : last_msg_(NULL) { | 208 FuzzerClientListener() : last_msg_(NULL) { |
208 } | 209 } |
209 | 210 |
210 bool OnMessageReceived(const IPC::Message& msg) override { | 211 bool OnMessageReceived(const IPC::Message& msg) override { |
211 last_msg_ = new IPC::Message(msg); | 212 last_msg_ = new IPC::Message(msg); |
212 base::MessageLoop::current()->Quit(); | 213 base::MessageLoop::current()->Quit(); |
213 return true; | 214 return true; |
214 } | 215 } |
215 | 216 |
216 bool ExpectMessage(int value, uint32 type_id) { | 217 bool ExpectMessage(int value, uint32_t type_id) { |
217 if (!MsgHandlerInternal(type_id)) | 218 if (!MsgHandlerInternal(type_id)) |
218 return false; | 219 return false; |
219 int msg_value1 = 0; | 220 int msg_value1 = 0; |
220 int msg_value2 = 0; | 221 int msg_value2 = 0; |
221 base::PickleIterator iter(*last_msg_); | 222 base::PickleIterator iter(*last_msg_); |
222 if (!iter.ReadInt(&msg_value1)) | 223 if (!iter.ReadInt(&msg_value1)) |
223 return false; | 224 return false; |
224 if (!iter.ReadInt(&msg_value2)) | 225 if (!iter.ReadInt(&msg_value2)) |
225 return false; | 226 return false; |
226 if ((msg_value2 + 1) != msg_value1) | 227 if ((msg_value2 + 1) != msg_value1) |
227 return false; | 228 return false; |
228 if (msg_value2 != value) | 229 if (msg_value2 != value) |
229 return false; | 230 return false; |
230 | 231 |
231 delete last_msg_; | 232 delete last_msg_; |
232 last_msg_ = NULL; | 233 last_msg_ = NULL; |
233 return true; | 234 return true; |
234 } | 235 } |
235 | 236 |
236 bool ExpectMsgNotHandled(uint32 type_id) { | 237 bool ExpectMsgNotHandled(uint32_t type_id) { |
237 return ExpectMessage(type_id, MsgUnhandled::ID); | 238 return ExpectMessage(type_id, MsgUnhandled::ID); |
238 } | 239 } |
239 | 240 |
240 private: | 241 private: |
241 bool MsgHandlerInternal(uint32 type_id) { | 242 bool MsgHandlerInternal(uint32_t type_id) { |
242 base::MessageLoop::current()->Run(); | 243 base::MessageLoop::current()->Run(); |
243 if (NULL == last_msg_) | 244 if (NULL == last_msg_) |
244 return false; | 245 return false; |
245 if (FUZZER_ROUTING_ID != last_msg_->routing_id()) | 246 if (FUZZER_ROUTING_ID != last_msg_->routing_id()) |
246 return false; | 247 return false; |
247 return (type_id == last_msg_->type()); | 248 return (type_id == last_msg_->type()); |
248 } | 249 } |
249 | 250 |
250 IPC::Message* last_msg_; | 251 IPC::Message* last_msg_; |
251 }; | 252 }; |
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
361 // thrown out of sync by the extra argument. | 362 // thrown out of sync by the extra argument. |
362 msg = new MsgClassIS(3, base::ASCIIToUTF16("expect three")); | 363 msg = new MsgClassIS(3, base::ASCIIToUTF16("expect three")); |
363 sender()->Send(msg); | 364 sender()->Send(msg); |
364 EXPECT_TRUE(listener.ExpectMessage(3, MsgClassIS::ID)); | 365 EXPECT_TRUE(listener.ExpectMessage(3, MsgClassIS::ID)); |
365 | 366 |
366 EXPECT_TRUE(WaitForClientShutdown()); | 367 EXPECT_TRUE(WaitForClientShutdown()); |
367 DestroyChannel(); | 368 DestroyChannel(); |
368 } | 369 } |
369 | 370 |
370 } // namespace | 371 } // namespace |
OLD | NEW |