Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(552)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/fuzzed_socket.h

Issue 1917503002: URLRequest fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz
Patch Set: Add missing include Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/fuzzed_data_provider.h ('K') | « net/http/http_stream_parser_fuzzer.cc ('k') | net/socket/fuzzed_socket.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/fuzzed_socket.h
diff --git a/net/socket/fuzzed_socket.h b/net/socket/fuzzed_socket.h
index 441300f9cd38338e89f4b809924cc13d23bf0181..dd57f2e9f05a270ccacb541982e7fbd4190ed3ed 100644
--- a/net/socket/fuzzed_socket.h
+++ b/net/socket/fuzzed_socket.h
@@ -11,20 +11,23 @@
#include "base/memory/weak_ptr.h"
#include "base/strings/string_piece.h"
#include "net/base/completion_callback.h"
+#include "net/base/ip_endpoint.h"
#include "net/base/net_errors.h"
#include "net/log/net_log.h"
#include "net/socket/stream_socket.h"
namespace net {
+class FuzzedDataProvider;
+class IPEndPoint;
class IOBuffer;
-// A StreamSocket that uses a single block of data to generate responses for use
-// with fuzzers. Writes can succeed synchronously or asynchronously, can write
-// some or all of the provided data, and can fail with several different errors.
-// Reads can do the same, but the read data is also generated from the initial
-// input data. The number of bytes written/read from a single call is currently
-// capped at 127 bytes.
+// A StreamSocket that uses a FuzzedDataProvider to generate responses. Writes
+// can succeed synchronously or asynchronously, can write some or all of the
+// provided data, and can fail with several different errors. Reads can do the
+// same, but the read data is also generated from the FuzzedDataProvider. The
+// number of bytes written/read from a single call is currently capped at 255
+// bytes.
//
// Reads and writes are executed independently of one another, so to guarantee
// the fuzzer behaves the same across repeated runs with the same input, the
@@ -33,14 +36,23 @@ class IOBuffer;
// data.
class FuzzedSocket : public StreamSocket {
public:
- // |data| must be of length |data_size| and is used as to determine behavior
- // of the FuzzedSocket. It must remain valid until the FuzzedSocket is
- // destroyed.
- FuzzedSocket(const uint8_t* data,
- size_t data_size,
- const BoundNetLog& bound_net_log);
+ // |data_provider| is used as to determine behavior of the FuzzedSocket. It
+ // must remain valid until after the FuzzedSocket is destroyed.
+ FuzzedSocket(FuzzedDataProvider* data_provider, net::NetLog* net_log);
~FuzzedSocket() override;
+ // If set to true, the socket will fuzz the result of the Connect() call.
+ // It can fail or succeed, and return synchronously or asynchronously. If
+ // false, Connect() succeeds synchronously. Defaults to false.
+ void set_fuzz_connect_result(bool fuzz_connect_result) {
+ fuzz_connect_result_ = fuzz_connect_result;
+ }
+
+ // Sets the remote address the socket claims to be using.
+ void set_remote_address(const IPEndPoint& remote_address) {
+ remote_address_ = remote_address;
+ }
+
// Socket implementation:
int Read(IOBuffer* buf,
int buf_len,
@@ -72,22 +84,22 @@ class FuzzedSocket : public StreamSocket {
int64_t GetTotalReceivedBytes() const override;
private:
- // Returns a uint8_t removed from the back of |data_|. Bytes read from the
- // socket are taken from the front of the stream, so this will keep read bytes
- // more consistent between test runs. If no data is left, returns 0.
- uint8_t ConsumeUint8FromData();
-
// Returns a net::Error that can be returned by a read or a write. Reads and
// writes return basically the same set of errors, at the TCP socket layer.
- // Which error is determined by a call to ConsumeUint8FromData().
Error ConsumeReadWriteErrorFromData();
void OnReadComplete(const CompletionCallback& callback, int result);
void OnWriteComplete(const CompletionCallback& callback, int result);
+ void OnConnectComplete(const CompletionCallback& callback, int result);
- // The unconsumed portion of the input data that |this| was created with.
- base::StringPiece data_;
+ FuzzedDataProvider* data_provider_;
+ // If true, the result of the Connect() call is fuzzed - it can succeed or
+ // fail with a variety of connection errors, and it can complete synchronously
+ // or asynchronously.
+ bool fuzz_connect_result_ = false;
+
+ bool connect_pending_ = false;
bool read_pending_ = false;
bool write_pending_ = false;
@@ -105,6 +117,8 @@ class FuzzedSocket : public StreamSocket {
BoundNetLog bound_net_log_;
+ IPEndPoint remote_address_;
+
base::WeakPtrFactory<FuzzedSocket> weak_factory_;
DISALLOW_COPY_AND_ASSIGN(FuzzedSocket);
« net/base/fuzzed_data_provider.h ('K') | « net/http/http_stream_parser_fuzzer.cc ('k') | net/socket/fuzzed_socket.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698