Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(648)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/url_request/url_request_data_job_fuzzer.cc

Issue 1946793002: net: Add fuzzer for HostResolverImpl. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: merge, fix build Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/dns/host_resolver_impl_fuzzer.cc ('K') | « net/udp/fuzzed_datagram_client_socket.cc ('k') | tools/valgrind/memcheck/suppressions.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <memory> 5 #include <memory>
6 6
7 #include "base/memory/ptr_util.h" 7 #include "base/memory/ptr_util.h"
8 #include "base/memory/singleton.h" 8 #include "base/memory/singleton.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "net/base/fuzzed_data_provider.h" 10 #include "net/base/fuzzed_data_provider.h"
(...skipping 25 matching lines...) Expand all
36 36
37 static URLRequestDataJobFuzzerHarness* GetInstance() { 37 static URLRequestDataJobFuzzerHarness* GetInstance() {
38 return base::Singleton<URLRequestDataJobFuzzerHarness>::get(); 38 return base::Singleton<URLRequestDataJobFuzzerHarness>::get();
39 } 39 }
40 40
41 int CreateAndReadFromDataURLRequest(const uint8_t* data, size_t size) { 41 int CreateAndReadFromDataURLRequest(const uint8_t* data, size_t size) {
42 net::FuzzedDataProvider provider(data, size); 42 net::FuzzedDataProvider provider(data, size);
43 read_lengths_.clear(); 43 read_lengths_.clear();
44 44
45 // Allocate an IOBuffer with fuzzed size. 45 // Allocate an IOBuffer with fuzzed size.
46 uint32_t buf_size = provider.ConsumeValueInRange(1, 127); // 7 bits. 46 uint32_t buf_size = provider.ConsumeUint32InRange(1, 127); // 7 bits.
47 scoped_refptr<net::IOBuffer> buf( 47 scoped_refptr<net::IOBuffer> buf(
48 new net::IOBuffer(static_cast<size_t>(buf_size))); 48 new net::IOBuffer(static_cast<size_t>(buf_size)));
49 buf_.swap(buf); 49 buf_.swap(buf);
50 50
51 // Generate a range header, and a bool determining whether to use it. 51 // Generate a range header, and a bool determining whether to use it.
52 // Generate the header regardless of the bool value to keep the data URL and 52 // Generate the header regardless of the bool value to keep the data URL and
53 // header in consistent byte addresses so the fuzzer doesn't have to work as 53 // header in consistent byte addresses so the fuzzer doesn't have to work as
54 // hard. 54 // hard.
55 bool use_range = provider.ConsumeBool(); 55 bool use_range = provider.ConsumeBool();
56 base::StringPiece range(provider.ConsumeBytes(kMaxLengthForFuzzedRange)); 56 base::StringPiece range(provider.ConsumeBytes(kMaxLengthForFuzzedRange));
57 57
58 // Generate a sequence of reads sufficient to read the entire data URL. 58 // Generate a sequence of reads sufficient to read the entire data URL.
59 size_t simulated_bytes_read = 0; 59 size_t simulated_bytes_read = 0;
60 while (simulated_bytes_read < provider.remaining_bytes()) { 60 while (simulated_bytes_read < provider.remaining_bytes()) {
61 size_t read_length = provider.ConsumeValueInRange(1, buf_size); 61 size_t read_length = provider.ConsumeUint32InRange(1, buf_size);
62 read_lengths_.push_back(read_length); 62 read_lengths_.push_back(read_length);
63 simulated_bytes_read += read_length; 63 simulated_bytes_read += read_length;
64 } 64 }
65 65
66 // The data URL is the rest of the fuzzed data. If the URL is invalid just 66 // The data URL is the rest of the fuzzed data. If the URL is invalid just
67 // use a test variant, so the fuzzer has a chance to execute something. 67 // use a test variant, so the fuzzer has a chance to execute something.
68 base::StringPiece data_bytes(provider.ConsumeRemainingBytes()); 68 base::StringPiece data_bytes(provider.ConsumeRemainingBytes());
69 GURL data_url(data_bytes); 69 GURL data_url(data_bytes);
70 if (!data_url.is_valid()) 70 if (!data_url.is_valid())
71 data_url = GURL("data:text/html;charset=utf-8,<p>test</p>"); 71 data_url = GURL("data:text/html;charset=utf-8,<p>test</p>");
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after
162 base::RunLoop* read_loop_; 162 base::RunLoop* read_loop_;
163 163
164 DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness); 164 DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness);
165 }; 165 };
166 166
167 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 167 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
168 // Using a static singleton test harness lets the test run ~3-4x faster. 168 // Using a static singleton test harness lets the test run ~3-4x faster.
169 return URLRequestDataJobFuzzerHarness::GetInstance() 169 return URLRequestDataJobFuzzerHarness::GetInstance()
170 ->CreateAndReadFromDataURLRequest(data, size); 170 ->CreateAndReadFromDataURLRequest(data, size);
171 } 171 }
OLDNEW
« net/dns/host_resolver_impl_fuzzer.cc ('K') | « net/udp/fuzzed_datagram_client_socket.cc ('k') | tools/valgrind/memcheck/suppressions.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698