Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(62)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/fuzzed_data_provider.cc

Issue 1919013003: Add fuzzer to test Fuzz URLRequestDataJob (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@url_request_fuzzer
Patch Set: Encapsulated logic in a singleton class. Rebased / updated for FuzzedDataProvider. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/fuzzed_data_provider.h ('k') | net/url_request/url_request_data_job_fuzzer.cc » ('j') | net/url_request/url_request_data_job_fuzzer.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/fuzzed_data_provider.h" 5 #include "net/base/fuzzed_data_provider.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 11
12 namespace net { 12 namespace net {
13 13
14 FuzzedDataProvider::FuzzedDataProvider(const uint8_t* data, size_t size) 14 FuzzedDataProvider::FuzzedDataProvider(const uint8_t* data, size_t size)
15 : remaining_data_(reinterpret_cast<const char*>(data), size) {} 15 : remaining_data_(reinterpret_cast<const char*>(data), size) {}
16 16
17 FuzzedDataProvider::~FuzzedDataProvider() {} 17 FuzzedDataProvider::~FuzzedDataProvider() {}
18 18
19 size_t FuzzedDataProvider::ConsumeBytes(char* dest, size_t bytes) { 19 size_t FuzzedDataProvider::ConsumeBytes(char* dest, size_t bytes) {
20 size_t bytes_to_write = std::min(bytes, remaining_data_.length()); 20 size_t bytes_to_write = std::min(bytes, remaining_data_.length());
21 memcpy(dest, remaining_data_.data(), bytes_to_write); 21 memcpy(dest, remaining_data_.data(), bytes_to_write);
22 remaining_data_ = remaining_data_.substr(bytes_to_write); 22 remaining_data_ = remaining_data_.substr(bytes_to_write);
23 return bytes_to_write; 23 return bytes_to_write;
24 } 24 }
25 25
26 size_t FuzzedDataProvider::ConsumeRemainingBytes(char* dest) {
Charlie Harrison 2016/04/26 12:58:40 This is wrong, because we could buffer overflow de
27 return ConsumeBytes(dest, remaining_bytes());
28 }
29
26 uint32_t FuzzedDataProvider::ConsumeBits(size_t num_bits) { 30 uint32_t FuzzedDataProvider::ConsumeBits(size_t num_bits) {
27 CHECK_NE(0u, num_bits); 31 CHECK_NE(0u, num_bits);
28 CHECK_LE(num_bits, 32u); 32 CHECK_LE(num_bits, 32u);
29 uint32_t out = 0; 33 uint32_t out = 0;
30 while (num_bits > 0) { 34 while (num_bits > 0) {
31 uint8_t new_bits = 0; 35 uint8_t new_bits = 0;
32 if (!remaining_data_.empty()) { 36 if (!remaining_data_.empty()) {
33 new_bits = remaining_data_.data()[remaining_data_.length() - 1]; 37 new_bits = remaining_data_.data()[remaining_data_.length() - 1];
34 remaining_data_ = remaining_data_.substr(0, remaining_data_.length() - 1); 38 remaining_data_ = remaining_data_.substr(0, remaining_data_.length() - 1);
35 } 39 }
36 size_t bits_to_add = 8; 40 size_t bits_to_add = 8;
37 if (num_bits > 8) 41 if (num_bits > 8)
38 bits_to_add = num_bits; 42 bits_to_add = num_bits;
39 new_bits &= new_bits & ((1 << bits_to_add) - 1); 43 new_bits &= new_bits & ((1 << bits_to_add) - 1);
40 out = (out << bits_to_add) | new_bits; 44 out = (out << bits_to_add) | new_bits;
41 num_bits -= bits_to_add; 45 num_bits = num_bits > bits_to_add ? num_bits - bits_to_add : 0;
Charlie Harrison 2016/04/26 12:58:40 Temporary fix.
42 } 46 }
43 47
44 return out; 48 return out;
45 } 49 }
46 50
47 bool FuzzedDataProvider::ConsumeBool() { 51 bool FuzzedDataProvider::ConsumeBool() {
48 return !ConsumeBits(1); 52 return !ConsumeBits(1);
49 } 53 }
50 54
51 uint32_t FuzzedDataProvider::ConsumeValueInRange(uint32_t min, uint32_t max) { 55 uint32_t FuzzedDataProvider::ConsumeValueInRange(uint32_t min, uint32_t max) {
(...skipping 11 matching lines...) Expand all
63 } 67 }
64 68
65 // Allow an empty range, unlike ConsumeBits. 69 // Allow an empty range, unlike ConsumeBits.
66 if (needed_bits == 0) 70 if (needed_bits == 0)
67 return min; 71 return min;
68 72
69 return min + ConsumeBits(needed_bits) % (max - min); 73 return min + ConsumeBits(needed_bits) % (max - min);
70 } 74 }
71 75
72 } // namespace net 76 } // namespace net
OLDNEW
« no previous file with comments | « net/base/fuzzed_data_provider.h ('k') | net/url_request/url_request_data_job_fuzzer.cc » ('j') | net/url_request/url_request_data_job_fuzzer.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698