net/base/fuzzed_data_provider.h - Issue 1917503002: URLRequest fuzzer.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/fuzzed_data_provider.h

Issue 1917503002: URLRequest fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@fuzz

Patch Set: Response to comments Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/fuzzed_data_provider.h

diff --git a/net/base/fuzzed_data_provider.h b/net/base/fuzzed_data_provider.h

new file mode 100644

index 0000000000000000000000000000000000000000..1e99864af11f46d17f620527c01d24276a50348f

--- /dev/null

+++ b/net/base/fuzzed_data_provider.h

@@ -0,0 +1,53 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#ifndef NET_BASE_FUZZED_DATA_PROVIDER_H

+#define NET_BASE_FUZZED_DATA_PROVIDER_H

+#include <stdint.h>

+#include "base/macros.h"

+#include "base/strings/string_piece.h"

+namespace net {

+// Utility class to break up fuzzer input for multiple consumers. Whenever run

+// on the same input, provides the same output, as long as its methods are

+// called in the same order, with the same arguments.

+class FuzzedDataProvider {

+ public:

+ // |data| is an array of length |size| that the FuzzedDataProvider slices to

+ // provide more granular access to. |data| must outlive the

+ // FuzzedDataProvider.

+ FuzzedDataProvider(const uint8_t* data, size_t size);

+ ~FuzzedDataProvider();

+ // Tries to copy the first |bytes| remaining bytes from the input data to

+ // |dest|. If fewer than that many bytes of data remain, writes all the

+ // data that's left. Returns number of bytes written, which may be 0.

+ size_t ConsumeBytes(char* dest, size_t bytes);

+ // Returns a value with the specified number of bits of data. Returns 0 if

+ // there's no input data left. Pulls data from the end of the array. Despit

+ // its name, always consumes bits in multiples of 8, just throws away anything

+ // left over, to try and be more friendly to the mutations the fuzzer applies.

+ // |num_bits| must be less than 32.

+ uint32_t ConsumeBits(size_t num_bits);

+ // Same as ConsumeBits(1), but returns a bool.

+ bool ConsumeBool();

+ // Creates a value in the specified range, consuming only as much data is

+ // needed. Value may not uniformly distributed in that range.

+ uint32_t ConsumeValueInRange(uint32_t min, uint32_t max);

+ private:

+ base::StringPiece remaining_data_;

+ DISALLOW_COPY_AND_ASSIGN(FuzzedDataProvider);

+};

+} // namespace net

+#endif // NET_BASE_FUZZED_DATA_PROVIDER_H

« no previous file with comments | « net/BUILD.gn ('k') | net/base/fuzzed_data_provider.cc » ('j') | net/base/fuzzed_data_provider.cc » ('J')