Index: testing/libfuzzer/fuzzers/nss/asn1_boolean_fuzzer.cc |
diff --git a/testing/libfuzzer/fuzzers/nss/asn1_boolean_fuzzer.cc b/testing/libfuzzer/fuzzers/nss/asn1_boolean_fuzzer.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..9001f11d79e092ef8cb7b719384fe5ef77e33474 |
--- /dev/null |
+++ b/testing/libfuzzer/fuzzers/nss/asn1_boolean_fuzzer.cc |
@@ -0,0 +1,44 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include <stddef.h> |
+#include <stdint.h> |
+ |
+#include <nss.h> |
+#include <nspr.h> |
+#include <secasn1.h> |
+#include <secder.h> |
+#include <secport.h> |
+ |
+// Entry point for LibFuzzer. |
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
+ const SEC_ASN1Template* the_template = SEC_ASN1_GET(SEC_BooleanTemplate); |
+ SECItem quick_dest = {siBuffer, nullptr, 0}; |
+ SECItem legacy_dest = {siBuffer, nullptr, 0}; |
+ |
+ // Attempt the QuickDER path. |
+ PLArenaPool* quick_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
+ if (!quick_arena) |
+ return 0; |
+ |
+ SECItem quick_src = {siBuffer, const_cast<unsigned char*>( |
+ static_cast<const unsigned char*>(data)), |
+ static_cast<unsigned int>(size)}; |
+ SEC_QuickDERDecodeItem(quick_arena, &quick_dest, the_template, &quick_src); |
+ PORT_FreeArena(quick_arena, PR_FALSE); |
+ |
+ // Attempt the Legacy path. |
+ PLArenaPool* legacy_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
+ if (!legacy_arena) |
+ return 0; |
+ |
+ SECItem legacy_src = {siBuffer, const_cast<unsigned char*>( |
+ static_cast<const unsigned char*>(data)), |
+ static_cast<unsigned int>(size)}; |
+ |
+ SEC_ASN1DecodeItem(legacy_arena, &legacy_dest, the_template, &legacy_src); |
+ PORT_FreeArena(legacy_arena, PR_FALSE); |
+ |
+ return 0; |
+} |