| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <iostream> | 5 #include <iostream> |
| 6 #include <set> | 6 #include <set> |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/macros.h" |
| 11 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "build/build_config.h" |
| 12 #include "ipc/ipc_message.h" | 14 #include "ipc/ipc_message.h" |
| 13 #include "ipc/ipc_message_utils.h" | 15 #include "ipc/ipc_message_utils.h" |
| 14 #include "ipc/ipc_switches.h" | 16 #include "ipc/ipc_switches.h" |
| 15 #include "ipc/ipc_sync_channel.h" | 17 #include "ipc/ipc_sync_channel.h" |
| 16 #include "ipc/ipc_sync_message.h" | 18 #include "ipc/ipc_sync_message.h" |
| 17 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" | 19 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" |
| 18 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" | 20 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" |
| 19 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" | 21 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" |
| 20 #include "tools/ipc_fuzzer/message_lib/message_file.h" | 22 #include "tools/ipc_fuzzer/message_lib/message_file.h" |
| 21 | 23 |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 struct FuzzTraits<unsigned long> { | 117 struct FuzzTraits<unsigned long> { |
| 116 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) { | 118 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) { |
| 117 fuzzer->FuzzLong(reinterpret_cast<long*>(p)); | 119 fuzzer->FuzzLong(reinterpret_cast<long*>(p)); |
| 118 return true; | 120 return true; |
| 119 } | 121 } |
| 120 }; | 122 }; |
| 121 | 123 |
| 122 template <> | 124 template <> |
| 123 struct FuzzTraits<long long> { | 125 struct FuzzTraits<long long> { |
| 124 static bool Fuzz(long long* p, Fuzzer* fuzzer) { | 126 static bool Fuzz(long long* p, Fuzzer* fuzzer) { |
| 125 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p)); | 127 fuzzer->FuzzInt64(reinterpret_cast<int64_t*>(p)); |
| 126 return true; | 128 return true; |
| 127 } | 129 } |
| 128 }; | 130 }; |
| 129 | 131 |
| 130 template <> | 132 template <> |
| 131 struct FuzzTraits<unsigned long long> { | 133 struct FuzzTraits<unsigned long long> { |
| 132 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) { | 134 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) { |
| 133 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p)); | 135 fuzzer->FuzzInt64(reinterpret_cast<int64_t*>(p)); |
| 134 return true; | 136 return true; |
| 135 } | 137 } |
| 136 }; | 138 }; |
| 137 | 139 |
| 138 template <> | 140 template <> |
| 139 struct FuzzTraits<short> { | 141 struct FuzzTraits<short> { |
| 140 static bool Fuzz(short* p, Fuzzer* fuzzer) { | 142 static bool Fuzz(short* p, Fuzzer* fuzzer) { |
| 141 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p)); | 143 fuzzer->FuzzUInt16(reinterpret_cast<uint16_t*>(p)); |
| 142 return true; | 144 return true; |
| 143 } | 145 } |
| 144 }; | 146 }; |
| 145 | 147 |
| 146 template <> | 148 template <> |
| 147 struct FuzzTraits<unsigned short> { | 149 struct FuzzTraits<unsigned short> { |
| 148 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) { | 150 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) { |
| 149 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p)); | 151 fuzzer->FuzzUInt16(reinterpret_cast<uint16_t*>(p)); |
| 150 return true; | 152 return true; |
| 151 } | 153 } |
| 152 }; | 154 }; |
| 153 | 155 |
| 154 template <> | 156 template <> |
| 155 struct FuzzTraits<char> { | 157 struct FuzzTraits<char> { |
| 156 static bool Fuzz(char* p, Fuzzer* fuzzer) { | 158 static bool Fuzz(char* p, Fuzzer* fuzzer) { |
| 157 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p)); | 159 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p)); |
| 158 return true; | 160 return true; |
| 159 } | 161 } |
| (...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 446 if (!FuzzParam(&is_null, fuzzer)) | 448 if (!FuzzParam(&is_null, fuzzer)) |
| 447 return false; | 449 return false; |
| 448 *p = base::NullableString16(string, is_null); | 450 *p = base::NullableString16(string, is_null); |
| 449 return true; | 451 return true; |
| 450 } | 452 } |
| 451 }; | 453 }; |
| 452 | 454 |
| 453 template <> | 455 template <> |
| 454 struct FuzzTraits<base::Time> { | 456 struct FuzzTraits<base::Time> { |
| 455 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) { | 457 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) { |
| 456 int64 internal_value = p->ToInternalValue(); | 458 int64_t internal_value = p->ToInternalValue(); |
| 457 if (!FuzzParam(&internal_value, fuzzer)) | 459 if (!FuzzParam(&internal_value, fuzzer)) |
| 458 return false; | 460 return false; |
| 459 *p = base::Time::FromInternalValue(internal_value); | 461 *p = base::Time::FromInternalValue(internal_value); |
| 460 return true; | 462 return true; |
| 461 } | 463 } |
| 462 }; | 464 }; |
| 463 | 465 |
| 464 template <> | 466 template <> |
| 465 struct FuzzTraits<base::TimeDelta> { | 467 struct FuzzTraits<base::TimeDelta> { |
| 466 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) { | 468 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) { |
| 467 int64 internal_value = p->ToInternalValue(); | 469 int64_t internal_value = p->ToInternalValue(); |
| 468 if (!FuzzParam(&internal_value, fuzzer)) | 470 if (!FuzzParam(&internal_value, fuzzer)) |
| 469 return false; | 471 return false; |
| 470 *p = base::TimeDelta::FromInternalValue(internal_value); | 472 *p = base::TimeDelta::FromInternalValue(internal_value); |
| 471 return true; | 473 return true; |
| 472 } | 474 } |
| 473 }; | 475 }; |
| 474 | 476 |
| 475 template <> | 477 template <> |
| 476 struct FuzzTraits<base::TimeTicks> { | 478 struct FuzzTraits<base::TimeTicks> { |
| 477 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) { | 479 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) { |
| 478 int64 internal_value = p->ToInternalValue(); | 480 int64_t internal_value = p->ToInternalValue(); |
| 479 if (!FuzzParam(&internal_value, fuzzer)) | 481 if (!FuzzParam(&internal_value, fuzzer)) |
| 480 return false; | 482 return false; |
| 481 *p = base::TimeTicks::FromInternalValue(internal_value); | 483 *p = base::TimeTicks::FromInternalValue(internal_value); |
| 482 return true; | 484 return true; |
| 483 } | 485 } |
| 484 }; | 486 }; |
| 485 | 487 |
| 486 template <> | 488 template <> |
| 487 struct FuzzTraits<base::ListValue> { | 489 struct FuzzTraits<base::ListValue> { |
| 488 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) { | 490 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) { |
| (...skipping 944 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1433 FuzzParam(&p->send_start, fuzzer) && | 1435 FuzzParam(&p->send_start, fuzzer) && |
| 1434 FuzzParam(&p->send_end, fuzzer) && | 1436 FuzzParam(&p->send_end, fuzzer) && |
| 1435 FuzzParam(&p->receive_headers_end, fuzzer); | 1437 FuzzParam(&p->receive_headers_end, fuzzer); |
| 1436 } | 1438 } |
| 1437 }; | 1439 }; |
| 1438 | 1440 |
| 1439 template <> | 1441 template <> |
| 1440 struct FuzzTraits<net::HostPortPair> { | 1442 struct FuzzTraits<net::HostPortPair> { |
| 1441 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) { | 1443 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) { |
| 1442 std::string host = p->host(); | 1444 std::string host = p->host(); |
| 1443 uint16 port = p->port(); | 1445 uint16_t port = p->port(); |
| 1444 if (!FuzzParam(&host, fuzzer)) | 1446 if (!FuzzParam(&host, fuzzer)) |
| 1445 return false; | 1447 return false; |
| 1446 if (!FuzzParam(&port, fuzzer)) | 1448 if (!FuzzParam(&port, fuzzer)) |
| 1447 return false; | 1449 return false; |
| 1448 p->set_host(host); | 1450 p->set_host(host); |
| 1449 p->set_port(port); | 1451 p->set_port(port); |
| 1450 return true; | 1452 return true; |
| 1451 } | 1453 } |
| 1452 }; | 1454 }; |
| 1453 | 1455 |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1647 return false; | 1649 return false; |
| 1648 *p = ppapi::PpapiPermissions(bits); | 1650 *p = ppapi::PpapiPermissions(bits); |
| 1649 return true; | 1651 return true; |
| 1650 } | 1652 } |
| 1651 }; | 1653 }; |
| 1652 | 1654 |
| 1653 template <> | 1655 template <> |
| 1654 struct FuzzTraits<ppapi::SocketOptionData> { | 1656 struct FuzzTraits<ppapi::SocketOptionData> { |
| 1655 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) { | 1657 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) { |
| 1656 // TODO(mbarbella): This can be improved. | 1658 // TODO(mbarbella): This can be improved. |
| 1657 int32 tmp; | 1659 int32_t tmp; |
| 1658 p->GetInt32(&tmp); | 1660 p->GetInt32(&tmp); |
| 1659 if (!FuzzParam(&tmp, fuzzer)) | 1661 if (!FuzzParam(&tmp, fuzzer)) |
| 1660 return false; | 1662 return false; |
| 1661 p->SetInt32(tmp); | 1663 p->SetInt32(tmp); |
| 1662 return true; | 1664 return true; |
| 1663 } | 1665 } |
| 1664 }; | 1666 }; |
| 1665 | 1667 |
| 1666 template <> | 1668 template <> |
| 1667 struct FuzzTraits<printing::PdfRenderSettings> { | 1669 struct FuzzTraits<printing::PdfRenderSettings> { |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1716 } else { | 1718 } else { |
| 1717 char data[256]; | 1719 char data[256]; |
| 1718 int data_len = RandInRange(sizeof(data)); | 1720 int data_len = RandInRange(sizeof(data)); |
| 1719 fuzzer->FuzzBytes(&data[0], data_len); | 1721 fuzzer->FuzzBytes(&data[0], data_len); |
| 1720 p->SetToBytes(&data[0], data_len); | 1722 p->SetToBytes(&data[0], data_len); |
| 1721 } | 1723 } |
| 1722 return true; | 1724 return true; |
| 1723 } | 1725 } |
| 1724 case storage::DataElement::Type::TYPE_FILE: { | 1726 case storage::DataElement::Type::TYPE_FILE: { |
| 1725 base::FilePath path; | 1727 base::FilePath path; |
| 1726 uint64 offset; | 1728 uint64_t offset; |
| 1727 uint64 length; | 1729 uint64_t length; |
| 1728 base::Time modification_time; | 1730 base::Time modification_time; |
| 1729 if (!FuzzParam(&path, fuzzer)) | 1731 if (!FuzzParam(&path, fuzzer)) |
| 1730 return false; | 1732 return false; |
| 1731 if (!FuzzParam(&offset, fuzzer)) | 1733 if (!FuzzParam(&offset, fuzzer)) |
| 1732 return false; | 1734 return false; |
| 1733 if (!FuzzParam(&length, fuzzer)) | 1735 if (!FuzzParam(&length, fuzzer)) |
| 1734 return false; | 1736 return false; |
| 1735 if (!FuzzParam(&modification_time, fuzzer)) | 1737 if (!FuzzParam(&modification_time, fuzzer)) |
| 1736 return false; | 1738 return false; |
| 1737 p->SetToFilePathRange(path, offset, length, modification_time); | 1739 p->SetToFilePathRange(path, offset, length, modification_time); |
| 1738 return true; | 1740 return true; |
| 1739 } | 1741 } |
| 1740 case storage::DataElement::Type::TYPE_BLOB: { | 1742 case storage::DataElement::Type::TYPE_BLOB: { |
| 1741 std::string uuid; | 1743 std::string uuid; |
| 1742 uint64 offset; | 1744 uint64_t offset; |
| 1743 uint64 length; | 1745 uint64_t length; |
| 1744 if (!FuzzParam(&uuid, fuzzer)) | 1746 if (!FuzzParam(&uuid, fuzzer)) |
| 1745 return false; | 1747 return false; |
| 1746 if (!FuzzParam(&offset, fuzzer)) | 1748 if (!FuzzParam(&offset, fuzzer)) |
| 1747 return false; | 1749 return false; |
| 1748 if (!FuzzParam(&length, fuzzer)) | 1750 if (!FuzzParam(&length, fuzzer)) |
| 1749 return false; | 1751 return false; |
| 1750 p->SetToBlobRange(uuid, offset, length); | 1752 p->SetToBlobRange(uuid, offset, length); |
| 1751 return true; | 1753 return true; |
| 1752 } | 1754 } |
| 1753 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: { | 1755 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: { |
| 1754 GURL url; | 1756 GURL url; |
| 1755 uint64 offset; | 1757 uint64_t offset; |
| 1756 uint64 length; | 1758 uint64_t length; |
| 1757 base::Time modification_time; | 1759 base::Time modification_time; |
| 1758 if (!FuzzParam(&url, fuzzer)) | 1760 if (!FuzzParam(&url, fuzzer)) |
| 1759 return false; | 1761 return false; |
| 1760 if (!FuzzParam(&offset, fuzzer)) | 1762 if (!FuzzParam(&offset, fuzzer)) |
| 1761 return false; | 1763 return false; |
| 1762 if (!FuzzParam(&length, fuzzer)) | 1764 if (!FuzzParam(&length, fuzzer)) |
| 1763 return false; | 1765 return false; |
| 1764 if (!FuzzParam(&modification_time, fuzzer)) | 1766 if (!FuzzParam(&modification_time, fuzzer)) |
| 1765 return false; | 1767 return false; |
| 1766 p->SetToFileSystemUrlRange(url, offset, length, modification_time); | 1768 p->SetToFileSystemUrlRange(url, offset, length, modification_time); |
| 1767 return true; | 1769 return true; |
| 1768 } | 1770 } |
| 1769 default: { | 1771 default: { |
| 1770 NOTREACHED(); | 1772 NOTREACHED(); |
| 1771 return false; | 1773 return false; |
| 1772 } | 1774 } |
| 1773 } | 1775 } |
| 1774 } | 1776 } |
| 1775 }; | 1777 }; |
| 1776 | 1778 |
| 1777 template <> | 1779 template <> |
| 1778 struct FuzzTraits<ui::LatencyInfo> { | 1780 struct FuzzTraits<ui::LatencyInfo> { |
| 1779 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) { | 1781 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) { |
| 1780 // TODO(inferno): Add param traits for |latency_components|. | 1782 // TODO(inferno): Add param traits for |latency_components|. |
| 1781 int64 trace_id = p->trace_id(); | 1783 int64_t trace_id = p->trace_id(); |
| 1782 bool terminated = p->terminated(); | 1784 bool terminated = p->terminated(); |
| 1783 uint32 input_coordinates_size = static_cast<uint32>( | 1785 uint32_t input_coordinates_size = static_cast<uint32_t>( |
| 1784 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1)); | 1786 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1)); |
| 1785 ui::LatencyInfo::InputCoordinate | 1787 ui::LatencyInfo::InputCoordinate |
| 1786 input_coordinates[ui::LatencyInfo::kMaxInputCoordinates]; | 1788 input_coordinates[ui::LatencyInfo::kMaxInputCoordinates]; |
| 1787 uint32 event_timestamps_size = static_cast<uint32>( | 1789 uint32_t event_timestamps_size = static_cast<uint32_t>( |
| 1788 RandInRange(ui::LatencyInfo::kMaxCoalescedEventTimestamps + 1)); | 1790 RandInRange(ui::LatencyInfo::kMaxCoalescedEventTimestamps + 1)); |
| 1789 double event_timestamps[ui::LatencyInfo::kMaxCoalescedEventTimestamps]; | 1791 double event_timestamps[ui::LatencyInfo::kMaxCoalescedEventTimestamps]; |
| 1790 if (!FuzzParamArray( | 1792 if (!FuzzParamArray( |
| 1791 input_coordinates, input_coordinates_size, fuzzer)) | 1793 input_coordinates, input_coordinates_size, fuzzer)) |
| 1792 return false; | 1794 return false; |
| 1793 if (!FuzzParamArray(event_timestamps, event_timestamps_size, fuzzer)) | 1795 if (!FuzzParamArray(event_timestamps, event_timestamps_size, fuzzer)) |
| 1794 return false; | 1796 return false; |
| 1795 if (!FuzzParam(&trace_id, fuzzer)) | 1797 if (!FuzzParam(&trace_id, fuzzer)) |
| 1796 return false; | 1798 return false; |
| 1797 if (!FuzzParam(&terminated, fuzzer)) | 1799 if (!FuzzParam(&terminated, fuzzer)) |
| (...skipping 22 matching lines...) Expand all Loading... |
| 1820 return false; | 1822 return false; |
| 1821 return true; | 1823 return true; |
| 1822 } | 1824 } |
| 1823 }; | 1825 }; |
| 1824 | 1826 |
| 1825 template <> | 1827 template <> |
| 1826 struct FuzzTraits<url::Origin> { | 1828 struct FuzzTraits<url::Origin> { |
| 1827 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) { | 1829 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) { |
| 1828 std::string scheme = p->scheme(); | 1830 std::string scheme = p->scheme(); |
| 1829 std::string host = p->host(); | 1831 std::string host = p->host(); |
| 1830 uint16 port = p->port(); | 1832 uint16_t port = p->port(); |
| 1831 if (!FuzzParam(&scheme, fuzzer)) | 1833 if (!FuzzParam(&scheme, fuzzer)) |
| 1832 return false; | 1834 return false; |
| 1833 if (!FuzzParam(&host, fuzzer)) | 1835 if (!FuzzParam(&host, fuzzer)) |
| 1834 return false; | 1836 return false; |
| 1835 if (!FuzzParam(&port, fuzzer)) | 1837 if (!FuzzParam(&port, fuzzer)) |
| 1836 return false; | 1838 return false; |
| 1837 *p = url::Origin::UnsafelyCreateOriginWithoutNormalization(scheme, host, | 1839 *p = url::Origin::UnsafelyCreateOriginWithoutNormalization(scheme, host, |
| 1838 port); | 1840 port); |
| 1839 | 1841 |
| 1840 // Force a unique origin 1% of the time: | 1842 // Force a unique origin 1% of the time: |
| (...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2120 #undef IPC_MESSAGE_DECL | 2122 #undef IPC_MESSAGE_DECL |
| 2121 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ | 2123 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ |
| 2122 function_vector->push_back(fuzzer_for_##name); | 2124 function_vector->push_back(fuzzer_for_##name); |
| 2123 #include "tools/ipc_fuzzer/message_lib/all_messages.h" | 2125 #include "tools/ipc_fuzzer/message_lib/all_messages.h" |
| 2124 } | 2126 } |
| 2125 | 2127 |
| 2126 // Redefine macros to register fuzzing functions into map. | 2128 // Redefine macros to register fuzzing functions into map. |
| 2127 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" | 2129 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" |
| 2128 #undef IPC_MESSAGE_DECL | 2130 #undef IPC_MESSAGE_DECL |
| 2129 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ | 2131 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ |
| 2130 (*map)[static_cast<uint32>(name::ID)] = fuzzer_for_##name; | 2132 (*map)[static_cast<uint32_t>(name::ID)] = fuzzer_for_##name; |
| 2131 | 2133 |
| 2132 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { | 2134 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { |
| 2133 #include "tools/ipc_fuzzer/message_lib/all_messages.h" | 2135 #include "tools/ipc_fuzzer/message_lib/all_messages.h" |
| 2134 } | 2136 } |
| 2135 | 2137 |
| 2136 } // namespace ipc_fuzzer | 2138 } // namespace ipc_fuzzer |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1549203002:
Switch to standard integer types in tools/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master