A couple fixes to net_data_job_fuzzer.

net/url_request/url_request_data_job_fuzzer.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <memory>
+#include <string>
 
 #include "base/memory/ptr_util.h"
 #include "base/memory/singleton.h"
 #include "base/run_loop.h"
 #include "net/base/fuzzed_data_provider.h"
 #include "net/http/http_request_headers.h"
 #include "net/url_request/data_protocol_handler.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_test_util.h"
@@ skipping 40 matching lines @@
     base::StringPiece range(provider.ConsumeBytes(kMaxLengthForFuzzedRange));
 
     // Generate a sequence of reads sufficient to read the entire data URL.
     size_t simulated_bytes_read = 0;
     while (simulated_bytes_read < provider.remaining_bytes()) {
       size_t read_length = provider.ConsumeUint32InRange(1, buf_size);
       read_lengths_.push_back(read_length);
       simulated_bytes_read += read_length;
     }
 
-    // The data URL is the rest of the fuzzed data. If the URL is invalid just
+    // The data URL is the rest of the fuzzed data with "data:" prepended, to
+    // ensure that if it's a URL, it's a data URL. If the URL is invalid just
     // use a test variant, so the fuzzer has a chance to execute something.
-    base::StringPiece data_bytes(provider.ConsumeRemainingBytes());
-    GURL data_url(data_bytes);
+    std::string data_url_string =
+        std::string("data:") + provider.ConsumeRemainingBytes().as_string();
+    GURL data_url(data_url_string);
     if (!data_url.is_valid())
       data_url = GURL("data:text/html;charset=utf-8,<p>test</p>");
 
     // Create a URLRequest with the given data URL and start reading
     // from it.
     std::unique_ptr<net::URLRequest> request =
         context_.CreateRequest(data_url, net::DEFAULT_PRIORITY, this);
     if (use_range) {
       std::string range_str = range.as_string();
       if (!net::HttpUtil::IsValidHeaderValue(range_str))
@@ skipping 22 matching lines @@
       // be the last call to Read.
       bool using_populated_read = read_lengths_.size() > 0;
       size_t read_size = 1;
       if (using_populated_read) {
         read_size = read_lengths_.back();
         read_lengths_.pop_back();
       }
 
       int bytes_read = 0;
       sync = request->Read(buf_.get(), read_size, &bytes_read);
-      // No more populated reads implies !bytes_read.
-      DCHECK(using_populated_read || !bytes_read);
     } while (sync);
 
     if (!request->status().is_io_pending())
       QuitLoop();
   }
 
   // net::URLRequest::Delegate:
   void OnReceivedRedirect(net::URLRequest* request,
                           const net::RedirectInfo& redirect_info,
                           bool* defer_redirect) override {}
@@ skipping 37 matching lines @@
   base::RunLoop* read_loop_;
 
   DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness);
 };
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   // Using a static singleton test harness lets the test run ~3-4x faster.
   return URLRequestDataJobFuzzerHarness::GetInstance()
       ->CreateAndReadFromDataURLRequest(data, size);
 }