Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(802)

Unified Diff: net/base/fuzzed_data_provider.cc

Issue 1919013003: Add fuzzer to test Fuzz URLRequestDataJob (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@url_request_fuzzer
Patch Set: Encapsulated logic in a singleton class. Rebased / updated for FuzzedDataProvider. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/base/fuzzed_data_provider.cc
diff --git a/net/base/fuzzed_data_provider.cc b/net/base/fuzzed_data_provider.cc
index 6278ff2ff9a1363aa2922763e5b485c8f59c2cfa..4d13e6f1f70993dd50f32de2077fc9bb7d970290 100644
--- a/net/base/fuzzed_data_provider.cc
+++ b/net/base/fuzzed_data_provider.cc
@@ -23,6 +23,10 @@ size_t FuzzedDataProvider::ConsumeBytes(char* dest, size_t bytes) {
return bytes_to_write;
}
+size_t FuzzedDataProvider::ConsumeRemainingBytes(char* dest) {
Charlie Harrison 2016/04/26 12:58:40 This is wrong, because we could buffer overflow de
+ return ConsumeBytes(dest, remaining_bytes());
+}
+
uint32_t FuzzedDataProvider::ConsumeBits(size_t num_bits) {
CHECK_NE(0u, num_bits);
CHECK_LE(num_bits, 32u);
@@ -38,7 +42,7 @@ uint32_t FuzzedDataProvider::ConsumeBits(size_t num_bits) {
bits_to_add = num_bits;
new_bits &= new_bits & ((1 << bits_to_add) - 1);
out = (out << bits_to_add) | new_bits;
- num_bits -= bits_to_add;
+ num_bits = num_bits > bits_to_add ? num_bits - bits_to_add : 0;
Charlie Harrison 2016/04/26 12:58:40 Temporary fix.
}
return out;

Powered by Google App Engine
This is Rietveld 408576698