| Index: chrome/ipc_fuzzer/ipc_fuzzer_main.cc
|
| diff --git a/chrome/ipc_fuzzer/ipc_fuzzer_main.cc b/chrome/ipc_fuzzer/ipc_fuzzer_main.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..72ef6655d9594827e07a10798455d202e7ca1642
|
| --- /dev/null
|
| +++ b/chrome/ipc_fuzzer/ipc_fuzzer_main.cc
|
| @@ -0,0 +1,166 @@
|
| +// Copyright 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <limits.h>
|
| +#include <stdio.h>
|
| +#include <vector>
|
| +
|
| +#include "base/bind.h"
|
| +#include "base/command_line.h"
|
| +#include "base/files/memory_mapped_file.h"
|
| +#include "base/logging.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "base/message_loop.h"
|
| +#include "base/synchronization/waitable_event.h"
|
| +#include "base/threading/thread.h"
|
| +#include "base/timer/timer.h"
|
| +#include "chrome/common/ipc_fuzzer_messages.h"
|
| +#include "content/public/common/main_function_params.h"
|
| +#include "ipc/ipc_channel_proxy.h"
|
| +#include "ipc/ipc_listener.h"
|
| +#include "ipc/ipc_message.h"
|
| +#include "ipc/ipc_platform_file.h"
|
| +#include "ipc/ipc_switches.h"
|
| +
|
| +class IpcTestcaseRunner : public IPC::Listener {
|
| + public:
|
| + IpcTestcaseRunner();
|
| + void OpenChannel();
|
| +
|
| + virtual bool OnMessageReceived(const IPC::Message& message) OVERRIDE;
|
| + virtual void OnChannelError() OVERRIDE;
|
| +
|
| + private:
|
| + void ExtractMessages(const char *data, size_t len);
|
| + void OnRunTestcase(IPC::PlatformFileForTransit);
|
| + void StartSendingMessages();
|
| + IPC::Message* GetNextMessage();
|
| + void SendNextMessage();
|
| +
|
| + scoped_ptr<IPC::ChannelProxy> channel_;
|
| + base::MessageLoop main_loop_;
|
| + base::Thread io_thread_;
|
| + base::WaitableEvent shutdown_event_;
|
| + scoped_ptr<base::Timer> timer_;
|
| + scoped_ptr<base::MemoryMappedFile> testcase_map_;
|
| + std::vector<scoped_ptr<IPC::Message>> messages_;
|
| + size_t current_message_;
|
| +};
|
| +
|
| +IpcTestcaseRunner::IpcTestcaseRunner()
|
| + : main_loop_(base::MessageLoop::TYPE_DEFAULT),
|
| + io_thread_("Chrome_ChildIOThread"),
|
| + shutdown_event_(true, false),
|
| + current_message_(0) {
|
| +}
|
| +
|
| +void IpcTestcaseRunner::OpenChannel() {
|
| + io_thread_.StartWithOptions(
|
| + base::Thread::Options(base::MessageLoop::TYPE_IO, 0));
|
| +
|
| + std::string channel_name =
|
| + CommandLine::ForCurrentProcess()->GetSwitchValueASCII(
|
| + switches::kProcessChannelID);
|
| +
|
| + channel_.reset(
|
| + new IPC::ChannelProxy(channel_name,
|
| + IPC::Channel::MODE_CLIENT,
|
| + this,
|
| + io_thread_.message_loop_proxy()));
|
| +}
|
| +
|
| +void IpcTestcaseRunner::ExtractMessages(const char *data, size_t len) {
|
| + const char* end = data + len;
|
| +
|
| + while (data < end) {
|
| + const char* message_tail = IPC::Message::FindNext(data, end);
|
| + if (!message_tail)
|
| + break;
|
| +
|
| + size_t len = message_tail - data;
|
| + if (len > INT_MAX)
|
| + break;
|
| +
|
| + IPC::Message* message = new IPC::Message(data, len);
|
| + data = message_tail;
|
| +
|
| + messages_.resize(messages_.size() + 1);
|
| + messages_.back().reset(message);
|
| + }
|
| +
|
| + if (data < end) {
|
| + unsigned long left = end - data;
|
| + LOG(ERROR) << left << " bytes left while extracting messages";
|
| + }
|
| +}
|
| +
|
| +void IpcTestcaseRunner::OnRunTestcase(
|
| + IPC::PlatformFileForTransit testcase_file) {
|
| + base::PlatformFile file =
|
| + IPC::PlatformFileForTransitToPlatformFile(testcase_file);
|
| +
|
| + testcase_map_.reset(new base::MemoryMappedFile());
|
| + if (!testcase_map_->Initialize(file)) {
|
| + LOG(ERROR) << "Failed to map IPC fuzzer testcase";
|
| + return;
|
| + }
|
| +
|
| + const char* data = reinterpret_cast<const char *>(testcase_map_->data());
|
| + size_t len = testcase_map_->length();
|
| +
|
| + ExtractMessages(data, len);
|
| + StartSendingMessages();
|
| +}
|
| +
|
| +IPC::Message* IpcTestcaseRunner::GetNextMessage() {
|
| + if (current_message_ == messages_.size())
|
| + return NULL;
|
| +
|
| + printf("Sending message %lu/%lu\n", current_message_, messages_.size());
|
| +
|
| + IPC::Message* const_message = messages_[current_message_].get();
|
| + IPC::Message* message = new IPC::Message(*const_message);
|
| + current_message_++;
|
| +
|
| + return message;
|
| +}
|
| +
|
| +void IpcTestcaseRunner::SendNextMessage() {
|
| + IPC::Message* message = GetNextMessage();
|
| + if (!message) {
|
| + base::MessageLoop::current()->Quit();
|
| + return;
|
| + }
|
| +
|
| + channel_->Send(message);
|
| +}
|
| +
|
| +void IpcTestcaseRunner::StartSendingMessages() {
|
| + timer_.reset(new base::Timer(false, true));
|
| + timer_->Start(FROM_HERE,
|
| + base::TimeDelta::FromMilliseconds(1),
|
| + base::Bind(&IpcTestcaseRunner::SendNextMessage,
|
| + base::Unretained(this)));
|
| +}
|
| +
|
| +bool IpcTestcaseRunner::OnMessageReceived(const IPC::Message& msg) {
|
| + IPC_BEGIN_MESSAGE_MAP(IpcTestcaseRunner, msg)
|
| + IPC_MESSAGE_HANDLER(IpcFuzzerMsg_RunTestcase, OnRunTestcase)
|
| + IPC_END_MESSAGE_MAP()
|
| +
|
| + return true;
|
| +}
|
| +
|
| +void IpcTestcaseRunner::OnChannelError() {
|
| + LOG(INFO) << "Channel error, quitting";
|
| + base::MessageLoop::current()->Quit();
|
| +}
|
| +
|
| +int IpcFuzzerMain(const content::MainFunctionParams& parameters) {
|
| + IpcTestcaseRunner runner;
|
| + runner.OpenChannel();
|
| +
|
| + base::MessageLoop::current()->Run();
|
| + return 0;
|
| +}
|
|
|
Chromium Code Reviews
Issue 18254010:
IPC fuzzer child process component (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src