net/base/fuzzed_data_provider.cc - Issue 1917503002: URLRequest fuzzer.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/base/fuzzed_data_provider.cc

Issue 1917503002: URLRequest fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz

Patch Set: Add missing include Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/base/fuzzed_data_provider.h"

	6

	7 #include <algorithm>

	8 #include <limits>

	9

	10 #include "base/logging.h"

	11

	12 namespace net {

	13

	14 FuzzedDataProvider::FuzzedDataProvider(const uint8_t* data, size_t size)

	15 : remaining_data_(reinterpret_cast<const char*>(data), size) {}

	16

	17 FuzzedDataProvider::~FuzzedDataProvider() {}

	18

	19 base::StringPiece FuzzedDataProvider::ConsumeBytes(size_t length) {

	20 length = std::min(length, remaining_data_.length());

	21 base::StringPiece result(remaining_data_.data(), length);

	22 remaining_data_ = remaining_data_.substr(length);

	23 return result;

	24 }

	25

	26 uint32_t FuzzedDataProvider::ConsumeValueInRange(uint32_t min, uint32_t max) {

	27 CHECK_LE(min, max);

	28

	29 uint32_t range = max - min;

	30 uint32_t offset = 0;

	31 uint32_t result = 0;

	32

	33 while ((range >> offset) > 0 && !remaining_data_.empty()) {

	34 // Pull bytes off the end of the seed data. Experimentally, this seems to

	35 // allow the fuzzer to more easily explore the input space. This makes

	36 // sense, since it works by modifying inputs that caused new code to run,

	37 // and this data is often used to encode length of data read by

	38 // ConsumeBytes. Separating out read lengths makes it easier modify the

	39 // contents of the data that is actually read.

	40 uint8_t next_byte = remaining_data_.data()[remaining_data_.length() - 1];

	41 result = (result << 8) \| next_byte;

	42 remaining_data_ = remaining_data_.substr(0, remaining_data_.length() - 1);

	43 offset += 8;

	44 }

	45

	46 // Avoid division by 0, in the case \|range + 1\| results in overflow.

	47 if (range == std::numeric_limits<uint32_t>::max())

	48 return result;

	49

	50 return min + result % (range + 1);

	51 }

	52

	53 uint32_t FuzzedDataProvider::ConsumeBits(size_t num_bits) {

	54 CHECK_NE(0u, num_bits);

	55 CHECK_LE(num_bits, 32u);

	56

	57 if (num_bits == 32)

	58 return ConsumeValueInRange(0, std::numeric_limits<uint32_t>::max());

	59 return ConsumeValueInRange(0, (1 << num_bits) - 1);

	60 }

	61

	62 bool FuzzedDataProvider::ConsumeBool() {

	63 // Double negation so this returns false once there's no more data.

	64 return !!ConsumeBits(1);

	65 }

	66

	67 } // namespace net

OLD	NEW

« net/base/fuzzed_data_provider.h ('K') | « net/base/fuzzed_data_provider.h ('k') | net/data/http/http.dict » ('j') | no next file with comments »