OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <iostream> | 5 #include <iostream> |
6 #include <set> | 6 #include <set> |
7 #include <string> | 7 #include <string> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
| 11 #include "base/macros.h" |
11 #include "base/strings/string_util.h" | 12 #include "base/strings/string_util.h" |
| 13 #include "build/build_config.h" |
12 #include "ipc/ipc_message.h" | 14 #include "ipc/ipc_message.h" |
13 #include "ipc/ipc_message_utils.h" | 15 #include "ipc/ipc_message_utils.h" |
14 #include "ipc/ipc_switches.h" | 16 #include "ipc/ipc_switches.h" |
15 #include "ipc/ipc_sync_channel.h" | 17 #include "ipc/ipc_sync_channel.h" |
16 #include "ipc/ipc_sync_message.h" | 18 #include "ipc/ipc_sync_message.h" |
17 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" | 19 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" |
18 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" | 20 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" |
19 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" | 21 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" |
20 #include "tools/ipc_fuzzer/message_lib/message_file.h" | 22 #include "tools/ipc_fuzzer/message_lib/message_file.h" |
21 | 23 |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
115 struct FuzzTraits<unsigned long> { | 117 struct FuzzTraits<unsigned long> { |
116 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) { | 118 static bool Fuzz(unsigned long* p, Fuzzer* fuzzer) { |
117 fuzzer->FuzzLong(reinterpret_cast<long*>(p)); | 119 fuzzer->FuzzLong(reinterpret_cast<long*>(p)); |
118 return true; | 120 return true; |
119 } | 121 } |
120 }; | 122 }; |
121 | 123 |
122 template <> | 124 template <> |
123 struct FuzzTraits<long long> { | 125 struct FuzzTraits<long long> { |
124 static bool Fuzz(long long* p, Fuzzer* fuzzer) { | 126 static bool Fuzz(long long* p, Fuzzer* fuzzer) { |
125 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p)); | 127 fuzzer->FuzzInt64(reinterpret_cast<int64_t*>(p)); |
126 return true; | 128 return true; |
127 } | 129 } |
128 }; | 130 }; |
129 | 131 |
130 template <> | 132 template <> |
131 struct FuzzTraits<unsigned long long> { | 133 struct FuzzTraits<unsigned long long> { |
132 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) { | 134 static bool Fuzz(unsigned long long* p, Fuzzer* fuzzer) { |
133 fuzzer->FuzzInt64(reinterpret_cast<int64*>(p)); | 135 fuzzer->FuzzInt64(reinterpret_cast<int64_t*>(p)); |
134 return true; | 136 return true; |
135 } | 137 } |
136 }; | 138 }; |
137 | 139 |
138 template <> | 140 template <> |
139 struct FuzzTraits<short> { | 141 struct FuzzTraits<short> { |
140 static bool Fuzz(short* p, Fuzzer* fuzzer) { | 142 static bool Fuzz(short* p, Fuzzer* fuzzer) { |
141 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p)); | 143 fuzzer->FuzzUInt16(reinterpret_cast<uint16_t*>(p)); |
142 return true; | 144 return true; |
143 } | 145 } |
144 }; | 146 }; |
145 | 147 |
146 template <> | 148 template <> |
147 struct FuzzTraits<unsigned short> { | 149 struct FuzzTraits<unsigned short> { |
148 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) { | 150 static bool Fuzz(unsigned short* p, Fuzzer* fuzzer) { |
149 fuzzer->FuzzUInt16(reinterpret_cast<uint16*>(p)); | 151 fuzzer->FuzzUInt16(reinterpret_cast<uint16_t*>(p)); |
150 return true; | 152 return true; |
151 } | 153 } |
152 }; | 154 }; |
153 | 155 |
154 template <> | 156 template <> |
155 struct FuzzTraits<char> { | 157 struct FuzzTraits<char> { |
156 static bool Fuzz(char* p, Fuzzer* fuzzer) { | 158 static bool Fuzz(char* p, Fuzzer* fuzzer) { |
157 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p)); | 159 fuzzer->FuzzUChar(reinterpret_cast<unsigned char*>(p)); |
158 return true; | 160 return true; |
159 } | 161 } |
(...skipping 286 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
446 if (!FuzzParam(&is_null, fuzzer)) | 448 if (!FuzzParam(&is_null, fuzzer)) |
447 return false; | 449 return false; |
448 *p = base::NullableString16(string, is_null); | 450 *p = base::NullableString16(string, is_null); |
449 return true; | 451 return true; |
450 } | 452 } |
451 }; | 453 }; |
452 | 454 |
453 template <> | 455 template <> |
454 struct FuzzTraits<base::Time> { | 456 struct FuzzTraits<base::Time> { |
455 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) { | 457 static bool Fuzz(base::Time* p, Fuzzer* fuzzer) { |
456 int64 internal_value = p->ToInternalValue(); | 458 int64_t internal_value = p->ToInternalValue(); |
457 if (!FuzzParam(&internal_value, fuzzer)) | 459 if (!FuzzParam(&internal_value, fuzzer)) |
458 return false; | 460 return false; |
459 *p = base::Time::FromInternalValue(internal_value); | 461 *p = base::Time::FromInternalValue(internal_value); |
460 return true; | 462 return true; |
461 } | 463 } |
462 }; | 464 }; |
463 | 465 |
464 template <> | 466 template <> |
465 struct FuzzTraits<base::TimeDelta> { | 467 struct FuzzTraits<base::TimeDelta> { |
466 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) { | 468 static bool Fuzz(base::TimeDelta* p, Fuzzer* fuzzer) { |
467 int64 internal_value = p->ToInternalValue(); | 469 int64_t internal_value = p->ToInternalValue(); |
468 if (!FuzzParam(&internal_value, fuzzer)) | 470 if (!FuzzParam(&internal_value, fuzzer)) |
469 return false; | 471 return false; |
470 *p = base::TimeDelta::FromInternalValue(internal_value); | 472 *p = base::TimeDelta::FromInternalValue(internal_value); |
471 return true; | 473 return true; |
472 } | 474 } |
473 }; | 475 }; |
474 | 476 |
475 template <> | 477 template <> |
476 struct FuzzTraits<base::TimeTicks> { | 478 struct FuzzTraits<base::TimeTicks> { |
477 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) { | 479 static bool Fuzz(base::TimeTicks* p, Fuzzer* fuzzer) { |
478 int64 internal_value = p->ToInternalValue(); | 480 int64_t internal_value = p->ToInternalValue(); |
479 if (!FuzzParam(&internal_value, fuzzer)) | 481 if (!FuzzParam(&internal_value, fuzzer)) |
480 return false; | 482 return false; |
481 *p = base::TimeTicks::FromInternalValue(internal_value); | 483 *p = base::TimeTicks::FromInternalValue(internal_value); |
482 return true; | 484 return true; |
483 } | 485 } |
484 }; | 486 }; |
485 | 487 |
486 template <> | 488 template <> |
487 struct FuzzTraits<base::ListValue> { | 489 struct FuzzTraits<base::ListValue> { |
488 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) { | 490 static bool Fuzz(base::ListValue* p, Fuzzer* fuzzer) { |
(...skipping 944 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1433 FuzzParam(&p->send_start, fuzzer) && | 1435 FuzzParam(&p->send_start, fuzzer) && |
1434 FuzzParam(&p->send_end, fuzzer) && | 1436 FuzzParam(&p->send_end, fuzzer) && |
1435 FuzzParam(&p->receive_headers_end, fuzzer); | 1437 FuzzParam(&p->receive_headers_end, fuzzer); |
1436 } | 1438 } |
1437 }; | 1439 }; |
1438 | 1440 |
1439 template <> | 1441 template <> |
1440 struct FuzzTraits<net::HostPortPair> { | 1442 struct FuzzTraits<net::HostPortPair> { |
1441 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) { | 1443 static bool Fuzz(net::HostPortPair* p, Fuzzer* fuzzer) { |
1442 std::string host = p->host(); | 1444 std::string host = p->host(); |
1443 uint16 port = p->port(); | 1445 uint16_t port = p->port(); |
1444 if (!FuzzParam(&host, fuzzer)) | 1446 if (!FuzzParam(&host, fuzzer)) |
1445 return false; | 1447 return false; |
1446 if (!FuzzParam(&port, fuzzer)) | 1448 if (!FuzzParam(&port, fuzzer)) |
1447 return false; | 1449 return false; |
1448 p->set_host(host); | 1450 p->set_host(host); |
1449 p->set_port(port); | 1451 p->set_port(port); |
1450 return true; | 1452 return true; |
1451 } | 1453 } |
1452 }; | 1454 }; |
1453 | 1455 |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1647 return false; | 1649 return false; |
1648 *p = ppapi::PpapiPermissions(bits); | 1650 *p = ppapi::PpapiPermissions(bits); |
1649 return true; | 1651 return true; |
1650 } | 1652 } |
1651 }; | 1653 }; |
1652 | 1654 |
1653 template <> | 1655 template <> |
1654 struct FuzzTraits<ppapi::SocketOptionData> { | 1656 struct FuzzTraits<ppapi::SocketOptionData> { |
1655 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) { | 1657 static bool Fuzz(ppapi::SocketOptionData* p, Fuzzer* fuzzer) { |
1656 // TODO(mbarbella): This can be improved. | 1658 // TODO(mbarbella): This can be improved. |
1657 int32 tmp; | 1659 int32_t tmp; |
1658 p->GetInt32(&tmp); | 1660 p->GetInt32(&tmp); |
1659 if (!FuzzParam(&tmp, fuzzer)) | 1661 if (!FuzzParam(&tmp, fuzzer)) |
1660 return false; | 1662 return false; |
1661 p->SetInt32(tmp); | 1663 p->SetInt32(tmp); |
1662 return true; | 1664 return true; |
1663 } | 1665 } |
1664 }; | 1666 }; |
1665 | 1667 |
1666 template <> | 1668 template <> |
1667 struct FuzzTraits<printing::PdfRenderSettings> { | 1669 struct FuzzTraits<printing::PdfRenderSettings> { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1716 } else { | 1718 } else { |
1717 char data[256]; | 1719 char data[256]; |
1718 int data_len = RandInRange(sizeof(data)); | 1720 int data_len = RandInRange(sizeof(data)); |
1719 fuzzer->FuzzBytes(&data[0], data_len); | 1721 fuzzer->FuzzBytes(&data[0], data_len); |
1720 p->SetToBytes(&data[0], data_len); | 1722 p->SetToBytes(&data[0], data_len); |
1721 } | 1723 } |
1722 return true; | 1724 return true; |
1723 } | 1725 } |
1724 case storage::DataElement::Type::TYPE_FILE: { | 1726 case storage::DataElement::Type::TYPE_FILE: { |
1725 base::FilePath path; | 1727 base::FilePath path; |
1726 uint64 offset; | 1728 uint64_t offset; |
1727 uint64 length; | 1729 uint64_t length; |
1728 base::Time modification_time; | 1730 base::Time modification_time; |
1729 if (!FuzzParam(&path, fuzzer)) | 1731 if (!FuzzParam(&path, fuzzer)) |
1730 return false; | 1732 return false; |
1731 if (!FuzzParam(&offset, fuzzer)) | 1733 if (!FuzzParam(&offset, fuzzer)) |
1732 return false; | 1734 return false; |
1733 if (!FuzzParam(&length, fuzzer)) | 1735 if (!FuzzParam(&length, fuzzer)) |
1734 return false; | 1736 return false; |
1735 if (!FuzzParam(&modification_time, fuzzer)) | 1737 if (!FuzzParam(&modification_time, fuzzer)) |
1736 return false; | 1738 return false; |
1737 p->SetToFilePathRange(path, offset, length, modification_time); | 1739 p->SetToFilePathRange(path, offset, length, modification_time); |
1738 return true; | 1740 return true; |
1739 } | 1741 } |
1740 case storage::DataElement::Type::TYPE_BLOB: { | 1742 case storage::DataElement::Type::TYPE_BLOB: { |
1741 std::string uuid; | 1743 std::string uuid; |
1742 uint64 offset; | 1744 uint64_t offset; |
1743 uint64 length; | 1745 uint64_t length; |
1744 if (!FuzzParam(&uuid, fuzzer)) | 1746 if (!FuzzParam(&uuid, fuzzer)) |
1745 return false; | 1747 return false; |
1746 if (!FuzzParam(&offset, fuzzer)) | 1748 if (!FuzzParam(&offset, fuzzer)) |
1747 return false; | 1749 return false; |
1748 if (!FuzzParam(&length, fuzzer)) | 1750 if (!FuzzParam(&length, fuzzer)) |
1749 return false; | 1751 return false; |
1750 p->SetToBlobRange(uuid, offset, length); | 1752 p->SetToBlobRange(uuid, offset, length); |
1751 return true; | 1753 return true; |
1752 } | 1754 } |
1753 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: { | 1755 case storage::DataElement::Type::TYPE_FILE_FILESYSTEM: { |
1754 GURL url; | 1756 GURL url; |
1755 uint64 offset; | 1757 uint64_t offset; |
1756 uint64 length; | 1758 uint64_t length; |
1757 base::Time modification_time; | 1759 base::Time modification_time; |
1758 if (!FuzzParam(&url, fuzzer)) | 1760 if (!FuzzParam(&url, fuzzer)) |
1759 return false; | 1761 return false; |
1760 if (!FuzzParam(&offset, fuzzer)) | 1762 if (!FuzzParam(&offset, fuzzer)) |
1761 return false; | 1763 return false; |
1762 if (!FuzzParam(&length, fuzzer)) | 1764 if (!FuzzParam(&length, fuzzer)) |
1763 return false; | 1765 return false; |
1764 if (!FuzzParam(&modification_time, fuzzer)) | 1766 if (!FuzzParam(&modification_time, fuzzer)) |
1765 return false; | 1767 return false; |
1766 p->SetToFileSystemUrlRange(url, offset, length, modification_time); | 1768 p->SetToFileSystemUrlRange(url, offset, length, modification_time); |
1767 return true; | 1769 return true; |
1768 } | 1770 } |
1769 default: { | 1771 default: { |
1770 NOTREACHED(); | 1772 NOTREACHED(); |
1771 return false; | 1773 return false; |
1772 } | 1774 } |
1773 } | 1775 } |
1774 } | 1776 } |
1775 }; | 1777 }; |
1776 | 1778 |
1777 template <> | 1779 template <> |
1778 struct FuzzTraits<ui::LatencyInfo> { | 1780 struct FuzzTraits<ui::LatencyInfo> { |
1779 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) { | 1781 static bool Fuzz(ui::LatencyInfo* p, Fuzzer* fuzzer) { |
1780 // TODO(inferno): Add param traits for |latency_components|. | 1782 // TODO(inferno): Add param traits for |latency_components|. |
1781 int64 trace_id = p->trace_id(); | 1783 int64_t trace_id = p->trace_id(); |
1782 bool terminated = p->terminated(); | 1784 bool terminated = p->terminated(); |
1783 uint32 input_coordinates_size = static_cast<uint32>( | 1785 uint32_t input_coordinates_size = static_cast<uint32_t>( |
1784 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1)); | 1786 RandInRange(ui::LatencyInfo::kMaxInputCoordinates + 1)); |
1785 ui::LatencyInfo::InputCoordinate | 1787 ui::LatencyInfo::InputCoordinate |
1786 input_coordinates[ui::LatencyInfo::kMaxInputCoordinates]; | 1788 input_coordinates[ui::LatencyInfo::kMaxInputCoordinates]; |
1787 uint32 event_timestamps_size = static_cast<uint32>( | 1789 uint32_t event_timestamps_size = static_cast<uint32_t>( |
1788 RandInRange(ui::LatencyInfo::kMaxCoalescedEventTimestamps + 1)); | 1790 RandInRange(ui::LatencyInfo::kMaxCoalescedEventTimestamps + 1)); |
1789 double event_timestamps[ui::LatencyInfo::kMaxCoalescedEventTimestamps]; | 1791 double event_timestamps[ui::LatencyInfo::kMaxCoalescedEventTimestamps]; |
1790 if (!FuzzParamArray( | 1792 if (!FuzzParamArray( |
1791 input_coordinates, input_coordinates_size, fuzzer)) | 1793 input_coordinates, input_coordinates_size, fuzzer)) |
1792 return false; | 1794 return false; |
1793 if (!FuzzParamArray(event_timestamps, event_timestamps_size, fuzzer)) | 1795 if (!FuzzParamArray(event_timestamps, event_timestamps_size, fuzzer)) |
1794 return false; | 1796 return false; |
1795 if (!FuzzParam(&trace_id, fuzzer)) | 1797 if (!FuzzParam(&trace_id, fuzzer)) |
1796 return false; | 1798 return false; |
1797 if (!FuzzParam(&terminated, fuzzer)) | 1799 if (!FuzzParam(&terminated, fuzzer)) |
(...skipping 22 matching lines...) Expand all Loading... |
1820 return false; | 1822 return false; |
1821 return true; | 1823 return true; |
1822 } | 1824 } |
1823 }; | 1825 }; |
1824 | 1826 |
1825 template <> | 1827 template <> |
1826 struct FuzzTraits<url::Origin> { | 1828 struct FuzzTraits<url::Origin> { |
1827 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) { | 1829 static bool Fuzz(url::Origin* p, Fuzzer* fuzzer) { |
1828 std::string scheme = p->scheme(); | 1830 std::string scheme = p->scheme(); |
1829 std::string host = p->host(); | 1831 std::string host = p->host(); |
1830 uint16 port = p->port(); | 1832 uint16_t port = p->port(); |
1831 if (!FuzzParam(&scheme, fuzzer)) | 1833 if (!FuzzParam(&scheme, fuzzer)) |
1832 return false; | 1834 return false; |
1833 if (!FuzzParam(&host, fuzzer)) | 1835 if (!FuzzParam(&host, fuzzer)) |
1834 return false; | 1836 return false; |
1835 if (!FuzzParam(&port, fuzzer)) | 1837 if (!FuzzParam(&port, fuzzer)) |
1836 return false; | 1838 return false; |
1837 *p = url::Origin::UnsafelyCreateOriginWithoutNormalization(scheme, host, | 1839 *p = url::Origin::UnsafelyCreateOriginWithoutNormalization(scheme, host, |
1838 port); | 1840 port); |
1839 | 1841 |
1840 // Force a unique origin 1% of the time: | 1842 // Force a unique origin 1% of the time: |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2120 #undef IPC_MESSAGE_DECL | 2122 #undef IPC_MESSAGE_DECL |
2121 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ | 2123 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ |
2122 function_vector->push_back(fuzzer_for_##name); | 2124 function_vector->push_back(fuzzer_for_##name); |
2123 #include "tools/ipc_fuzzer/message_lib/all_messages.h" | 2125 #include "tools/ipc_fuzzer/message_lib/all_messages.h" |
2124 } | 2126 } |
2125 | 2127 |
2126 // Redefine macros to register fuzzing functions into map. | 2128 // Redefine macros to register fuzzing functions into map. |
2127 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" | 2129 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" |
2128 #undef IPC_MESSAGE_DECL | 2130 #undef IPC_MESSAGE_DECL |
2129 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ | 2131 #define IPC_MESSAGE_DECL(kind, type, name, in, out, ilist, olist) \ |
2130 (*map)[static_cast<uint32>(name::ID)] = fuzzer_for_##name; | 2132 (*map)[static_cast<uint32_t>(name::ID)] = fuzzer_for_##name; |
2131 | 2133 |
2132 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { | 2134 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { |
2133 #include "tools/ipc_fuzzer/message_lib/all_messages.h" | 2135 #include "tools/ipc_fuzzer/message_lib/all_messages.h" |
2134 } | 2136 } |
2135 | 2137 |
2136 } // namespace ipc_fuzzer | 2138 } // namespace ipc_fuzzer |
OLD | NEW |