OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/fuzzing/hpack_fuzz_util.h" | 5 #include "net/spdy/fuzzing/hpack_fuzz_util.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <cmath> | 8 #include <cmath> |
9 | 9 |
10 #include "base/rand_util.h" | 10 #include "base/rand_util.h" |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
110 return std::min(static_cast<size_t>(-std::log(base::RandDouble()) * mean), | 110 return std::min(static_cast<size_t>(-std::log(base::RandDouble()) * mean), |
111 sanity_bound); | 111 sanity_bound); |
112 } | 112 } |
113 | 113 |
114 // static | 114 // static |
115 bool HpackFuzzUtil::NextHeaderBlock(Input* input, | 115 bool HpackFuzzUtil::NextHeaderBlock(Input* input, |
116 StringPiece* out) { | 116 StringPiece* out) { |
117 // ClusterFuzz may truncate input files if the fuzzer ran out of allocated | 117 // ClusterFuzz may truncate input files if the fuzzer ran out of allocated |
118 // disk space. Be tolerant of these. | 118 // disk space. Be tolerant of these. |
119 CHECK_LE(input->offset, input->input.size()); | 119 CHECK_LE(input->offset, input->input.size()); |
120 if (input->remaining() < sizeof(uint32)) { | 120 if (input->remaining() < sizeof(uint32_t)) { |
121 return false; | 121 return false; |
122 } | 122 } |
123 | 123 |
124 size_t length = | 124 size_t length = |
125 base::NetToHost32(*reinterpret_cast<const uint32*>(input->ptr())); | 125 base::NetToHost32(*reinterpret_cast<const uint32_t*>(input->ptr())); |
126 input->offset += sizeof(uint32); | 126 input->offset += sizeof(uint32_t); |
127 | 127 |
128 if (input->remaining() < length) { | 128 if (input->remaining() < length) { |
129 return false; | 129 return false; |
130 } | 130 } |
131 *out = StringPiece(input->ptr(), length); | 131 *out = StringPiece(input->ptr(), length); |
132 input->offset += length; | 132 input->offset += length; |
133 return true; | 133 return true; |
134 } | 134 } |
135 | 135 |
136 // static | 136 // static |
137 string HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) { | 137 string HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) { |
138 uint32 length = base::HostToNet32(static_cast<uint32>(block_size)); | 138 uint32_t length = base::HostToNet32(static_cast<uint32_t>(block_size)); |
139 return string(reinterpret_cast<char*>(&length), sizeof(uint32)); | 139 return string(reinterpret_cast<char*>(&length), sizeof(uint32_t)); |
140 } | 140 } |
141 | 141 |
142 // static | 142 // static |
143 void HpackFuzzUtil::InitializeFuzzerContext(FuzzerContext* context) { | 143 void HpackFuzzUtil::InitializeFuzzerContext(FuzzerContext* context) { |
144 context->first_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable())); | 144 context->first_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable())); |
145 context->second_stage.reset(new HpackEncoder(ObtainHpackHuffmanTable())); | 145 context->second_stage.reset(new HpackEncoder(ObtainHpackHuffmanTable())); |
146 context->third_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable())); | 146 context->third_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable())); |
147 } | 147 } |
148 | 148 |
149 // static | 149 // static |
(...skipping 19 matching lines...) Expand all Loading... |
169 second_stage_out.data(), second_stage_out.length())) { | 169 second_stage_out.data(), second_stage_out.length())) { |
170 return false; | 170 return false; |
171 } | 171 } |
172 if (!context->third_stage->HandleControlFrameHeadersComplete(nullptr)) { | 172 if (!context->third_stage->HandleControlFrameHeadersComplete(nullptr)) { |
173 return false; | 173 return false; |
174 } | 174 } |
175 return true; | 175 return true; |
176 } | 176 } |
177 | 177 |
178 // static | 178 // static |
179 void HpackFuzzUtil::FlipBits(uint8* buffer, size_t buffer_length, | 179 void HpackFuzzUtil::FlipBits(uint8_t* buffer, |
| 180 size_t buffer_length, |
180 size_t flip_per_thousand) { | 181 size_t flip_per_thousand) { |
181 uint64 buffer_bit_length = buffer_length * 8u; | 182 uint64_t buffer_bit_length = buffer_length * 8u; |
182 uint64 bits_to_flip = flip_per_thousand * (1 + buffer_bit_length / 1024); | 183 uint64_t bits_to_flip = flip_per_thousand * (1 + buffer_bit_length / 1024); |
183 | 184 |
184 // Iteratively identify & flip offsets in the buffer bit-sequence. | 185 // Iteratively identify & flip offsets in the buffer bit-sequence. |
185 for (uint64 i = 0; i != bits_to_flip; ++i) { | 186 for (uint64_t i = 0; i != bits_to_flip; ++i) { |
186 uint64 bit_offset = base::RandUint64() % buffer_bit_length; | 187 uint64_t bit_offset = base::RandUint64() % buffer_bit_length; |
187 buffer[bit_offset / 8u] ^= (1 << (bit_offset % 8u)); | 188 buffer[bit_offset / 8u] ^= (1 << (bit_offset % 8u)); |
188 } | 189 } |
189 } | 190 } |
190 | 191 |
191 } // namespace net | 192 } // namespace net |
OLD | NEW |