Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(924)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/test/renderer_fuzzer.cc

Issue 2029323005: [libfuzzer] content/renderer fuzzer. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: nits Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/test/BUILD.gn ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Fuzzer for content/renderer
6
7 #include <stddef.h>
8 #include <stdint.h>
9 #include <memory>
10
11 #include "base/feature_list.h"
12 #include "content/common/navigation_params.h"
13 #include "content/public/test/render_view_test.h"
14 #include "content/renderer/render_view_impl.h"
15 #include "content/test/test_render_frame.h"
16 #include "gin/v8_initializer.h"
17 #include "third_party/WebKit/public/web/WebRuntimeFeatures.h"
18
19 using namespace content;
sky 2016/06/02 21:57:13 Why not put this in the content namespace?
aizatsky 2016/06/02 22:07:05 Done.
aizatsky 2016/06/02 22:07:05 Done.
20
21 class FuzzerRenderTest : public RenderViewTest {
22 public:
23 void TestBody() override {}
24
25 void SetUp() override { RenderViewTest::SetUp(); }
26
27 RenderViewImpl* view() { return static_cast<RenderViewImpl*>(view_); }
sky 2016/06/02 21:57:13 Can you use the public types?
aizatsky 2016/06/02 22:07:05 Done.
28
29 TestRenderFrame* frame() {
30 return static_cast<TestRenderFrame*>(view()->GetMainRenderFrame());
31 }
32 };
sky 2016/06/02 21:57:13 private: DISALLOW.. (here and below).
aizatsky 2016/06/02 22:07:05 Done.
33
34 struct Env {
35 Env() {
36 base::CommandLine::Init(0, nullptr);
37 base::FeatureList::InitializeInstance(std::string(), std::string());
38
39 blink::WebRuntimeFeatures::enableExperimentalFeatures(true);
40 blink::WebRuntimeFeatures::enableTestOnlyFeatures(true);
41 gin::V8Initializer::LoadV8Snapshot();
42 gin::V8Initializer::LoadV8Natives();
43
44 test_.reset(new FuzzerRenderTest());
45 test_->SetUp();
46 }
47
48 TestRenderFrame* frame() { return test_->frame(); }
49
50 std::unique_ptr<FuzzerRenderTest> test_;
sky 2016/06/02 21:57:13 structs don't use '_' in the name.
aizatsky 2016/06/02 22:07:05 Done
51 };
52
53 static Env* env = new Env();
sky 2016/06/02 21:57:13 Is there no setup/tear down type equivalent?
aizatsky 2016/06/02 22:07:05 No. Fuzzers do not do teardowns. There's only impl
54
55 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
56 std::string input(reinterpret_cast<const char*>(data), size);
57
58 CommonNavigationParams common_params;
59 common_params.navigation_type = FrameMsg_Navigate_Type::NORMAL;
60 common_params.url = GURL("data:text/html," + input);
61 env->frame()->Navigate(common_params, StartNavigationParams(),
62 RequestNavigationParams());
63
64 return 0;
65 }
OLDNEW
« no previous file with comments | « content/test/BUILD.gn ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698