net/spdy/fuzzing/hpack_fuzz_util.cc - Issue 1568423002: Implement better HPACK Huffman code decoder.

Side by Side Diff: net/spdy/fuzzing/hpack_fuzz_util.cc

Issue 1568423002: Implement better HPACK Huffman code decoder. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Do not use binary literals. Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/spdy/fuzzing/hpack_fuzz_util.h"	5 #include "net/spdy/fuzzing/hpack_fuzz_util.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <cmath>	8 #include <cmath>

9	9

10 #include "base/rand_util.h"	10 #include "base/rand_util.h"

(...skipping 123 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
134 }	134 }

135	135

136 // static	136 // static

137 string HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) {	137 string HpackFuzzUtil::HeaderBlockPrefix(size_t block_size) {

138 uint32_t length = base::HostToNet32(static_cast<uint32_t>(block_size));	138 uint32_t length = base::HostToNet32(static_cast<uint32_t>(block_size));

139 return string(reinterpret_cast<char*>(&length), sizeof(uint32_t));	139 return string(reinterpret_cast<char*>(&length), sizeof(uint32_t));

140 }	140 }

141	141

142 // static	142 // static

143 void HpackFuzzUtil::InitializeFuzzerContext(FuzzerContext* context) {	143 void HpackFuzzUtil::InitializeFuzzerContext(FuzzerContext* context) {

144 context->first_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable()));	144 context->first_stage.reset(new HpackDecoder());

145 context->second_stage.reset(new HpackEncoder(ObtainHpackHuffmanTable()));	145 context->second_stage.reset(new HpackEncoder(ObtainHpackHuffmanTable()));

146 context->third_stage.reset(new HpackDecoder(ObtainHpackHuffmanTable()));	146 context->third_stage.reset(new HpackDecoder());

147 }	147 }

148	148

149 // static	149 // static

150 bool HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(FuzzerContext* context,	150 bool HpackFuzzUtil::RunHeaderBlockThroughFuzzerStages(FuzzerContext* context,

151 StringPiece input_block) {	151 StringPiece input_block) {

152 // First stage: Decode the input header block. This may fail on invalid input.	152 // First stage: Decode the input header block. This may fail on invalid input.

153 if (!context->first_stage->HandleControlFrameHeadersData(	153 if (!context->first_stage->HandleControlFrameHeadersData(

154 input_block.data(), input_block.size())) {	154 input_block.data(), input_block.size())) {

155 return false;	155 return false;

156 }	156 }

(...skipping 26 matching lines...) Expand all Loading...
183 uint64_t bits_to_flip = flip_per_thousand * (1 + buffer_bit_length / 1024);	183 uint64_t bits_to_flip = flip_per_thousand * (1 + buffer_bit_length / 1024);

184	184

185 // Iteratively identify & flip offsets in the buffer bit-sequence.	185 // Iteratively identify & flip offsets in the buffer bit-sequence.

186 for (uint64_t i = 0; i != bits_to_flip; ++i) {	186 for (uint64_t i = 0; i != bits_to_flip; ++i) {

187 uint64_t bit_offset = base::RandUint64() % buffer_bit_length;	187 uint64_t bit_offset = base::RandUint64() % buffer_bit_length;

188 buffer[bit_offset / 8u] ^= (1 << (bit_offset % 8u));	188 buffer[bit_offset / 8u] ^= (1 << (bit_offset % 8u));

189 }	189 }

190 }	190 }

191	191

192 } // namespace net	192 } // namespace net

OLD	NEW

« no previous file with comments | « net/net.gypi ('k') | net/spdy/hpack/hpack_decoder.h » ('j') | no next file with comments »