Add a fuzzer for TemplateURLParser/Open Search Descriptions.

testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc

Index: testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc
diff --git a/testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc b/testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..90f9338e2066b6f91c1d3247f3618114fcbcf406
--- /dev/null
+++ b/testing/libfuzzer/fuzzers/template_url_parser_fuzzer.cc
@@ -0,0 +1,36 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <random>
+#include <string>
+
+#include "components/search_engines/search_terms_data.h"
+#include "components/search_engines/template_url.h"
+#include "components/search_engines/template_url_parser.h"
+
+class PseudoRandomFilter : public TemplateURLParser::ParameterFilter {
+ public:
+  PseudoRandomFilter(uint32_t seed) : generator_(seed), pool_(0, 1) {}
+  ~PseudoRandomFilter() override = default;
+
+  bool KeepParameter(const std::string&, const std::string&) override {
+    return pool_(generator_);
+  }
+
+ private:
+  std::mt19937 generator_;
+  std::uniform_int_distribution<uint8_t> pool_;
+};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  const char* char_data = reinterpret_cast<const char*>(data);
+  std::size_t data_hash =

[aizatsky, 2017/03/20 20:14:04]

with this approach every input bit change would result in different seed =>
different parameters kept.

I suggest you use first 4 bytes of the data as seed and the rest as a string.

+      std::hash<std::string>()(std::string(char_data, size));
+  PseudoRandomFilter filter(static_cast<uint32_t>(data_hash));
+  TemplateURLParser::Parse(SearchTermsData(), char_data, size, &filter);
+  return 0;
+}