libFuzzer for blink::MHTMLParser

third_party/WebKit/Source/platform/mhtml/MHTMLParser.cpp

 /*
  * Copyright (C) 2011 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 85 matching lines @@
 static KeyValueMap retrieveKeyValuePairs(SharedBufferChunkReader* buffer)
 {
     KeyValueMap keyValuePairs;
     String line;
     String key;
     StringBuilder value;
     while (!(line = buffer->nextChunkAsUTF8StringWithLatin1Fallback()).isNull()) {
         if (line.isEmpty())
             break; // Empty line means end of key/value section.
         if (line[0] == '\t') {
-            ASSERT(!key.isEmpty());
             value.append(line.substring(1));
             continue;
         }
         // New key/value, store the previous one if any.
         if (!key.isEmpty()) {
             if (keyValuePairs.find(key) != keyValuePairs.end())
-                DLOG(ERROR) << "Key duplicate found in MIME header. Key is '" << key << "', previous value replaced.";
+                DVLOG(1) << "Key duplicate found in MIME header. Key is '" << key << "', previous value replaced.";

[esprehn, 2016/08/04 04:37:53]

Why did you need to change these?

[Łukasz Anforowicz, 2016/08/04 17:37:30]

To make debugging of libFuzzer functionality easier - without this change, the
output from libFuzzer is drowned in the output from the DLOG(ERROR) statements.

I think this is an okay change to make:

1) these were debug-only logging statements, so the change has no impact on the
product

2) dev impact is minimal - it is easy to selectively turn these logging
statements back on.  hmmm... I thought that something like
--vmodule=MHTMLFuzzer=1 would work, but it doesn't (I've never used this for
Blink side of things - not sure how logging infrastructure extracts the name of
a module in case of blink...).

WDYT?  I can turn these back into DLOG(ERROR)-s if you feel strongly about it.

             keyValuePairs.add(key, value.toString().stripWhiteSpace());
             key = String();
             value.clear();
         }
         size_t semiColonIndex = line.find(':');
         if (semiColonIndex == kNotFound) {
             // This is not a key value pair, ignore.
             continue;
         }
         key = line.substring(0, semiColonIndex).lower().stripWhiteSpace();
@@ skipping 12 matching lines @@
     KeyValueMap::iterator mimeParametersIterator = keyValuePairs.find("content-type");
     if (mimeParametersIterator != keyValuePairs.end()) {
         ParsedContentType parsedContentType(mimeParametersIterator->value);
         mimeHeader->m_contentType = parsedContentType.mimeType();
         if (!mimeHeader->isMultipart()) {
             mimeHeader->m_charset = parsedContentType.charset().stripWhiteSpace();
         } else {
             mimeHeader->m_multipartType = parsedContentType.parameterValueForName("type");
             mimeHeader->m_endOfPartBoundary = parsedContentType.parameterValueForName("boundary");
             if (mimeHeader->m_endOfPartBoundary.isNull()) {
-                DLOG(ERROR) << "No boundary found in multipart MIME header.";
+                DVLOG(1) << "No boundary found in multipart MIME header.";
                 return nullptr;
             }
             mimeHeader->m_endOfPartBoundary.insert("--", 0);
             mimeHeader->m_endOfDocumentBoundary = mimeHeader->m_endOfPartBoundary;
             mimeHeader->m_endOfDocumentBoundary.append("--");
         }
     }
 
     mimeParametersIterator = keyValuePairs.find("content-transfer-encoding");
     if (mimeParametersIterator != keyValuePairs.end())
@@ skipping 17 matching lines @@
     if (encoding == "base64")
         return Base64;
     if (encoding == "quoted-printable")
         return QuotedPrintable;
     if (encoding == "8bit")
         return EightBit;
     if (encoding == "7bit")
         return SevenBit;
     if (encoding == "binary")
         return Binary;
-    DLOG(ERROR) << "Unknown encoding '" << text << "' found in MIME header.";
+    DVLOG(1) << "Unknown encoding '" << text << "' found in MIME header.";
     return Unknown;
 }
 
 MIMEHeader::MIMEHeader()
     : m_contentTransferEncoding(Unknown)
 {
 }
 
 static bool skipLinesUntilBoundaryFound(SharedBufferChunkReader& lineReader, const String& boundary)
 {
@@ skipping 15 matching lines @@
     MIMEHeader* header = MIMEHeader::parseHeader(&m_lineReader);
     HeapVector<Member<ArchiveResource>> resources;
     if (!parseArchiveWithHeader(header, resources))
         resources.clear();
     return resources;
 }
 
 bool MHTMLParser::parseArchiveWithHeader(MIMEHeader* header, HeapVector<Member<ArchiveResource>>& resources)
 {
     if (!header) {
-        DLOG(ERROR) << "Failed to parse MHTML part: no header.";
+        DVLOG(1) << "Failed to parse MHTML part: no header.";
         return false;
     }
 
     if (!header->isMultipart()) {
         // With IE a page with no resource is not multi-part.
         bool endOfArchiveReached = false;
         ArchiveResource* resource = parseNextPart(*header, String(), String(), endOfArchiveReached);
         if (!resource)
             return false;
         resources.append(resource);
         return true;
     }
 
     // Skip the message content (it's a generic browser specific message).
     skipLinesUntilBoundaryFound(m_lineReader, header->endOfPartBoundary());
 
     bool endOfArchive = false;
     while (!endOfArchive) {
         MIMEHeader* resourceHeader = MIMEHeader::parseHeader(&m_lineReader);
         if (!resourceHeader) {
-            DLOG(ERROR) << "Failed to parse MHTML, invalid MIME header.";
+            DVLOG(1) << "Failed to parse MHTML, invalid MIME header.";
             return false;
         }
         if (resourceHeader->contentType() == "multipart/alternative") {
             // Ignore IE nesting which makes little sense (IE seems to nest only some of the frames).
             if (!parseArchiveWithHeader(resourceHeader, resources)) {
-                DLOG(ERROR) << "Failed to parse MHTML subframe.";
+                DVLOG(1) << "Failed to parse MHTML subframe.";
                 return false;
             }
-            bool endOfPartReached = skipLinesUntilBoundaryFound(m_lineReader, header->endOfPartBoundary());
-            ASSERT_UNUSED(endOfPartReached, endOfPartReached);
+            skipLinesUntilBoundaryFound(m_lineReader, header->endOfPartBoundary());
             continue;
         }
 
         ArchiveResource* resource = parseNextPart(*resourceHeader, header->endOfPartBoundary(), header->endOfDocumentBoundary(), endOfArchive);
         if (!resource) {
-            DLOG(ERROR) << "Failed to parse MHTML part.";
+            DVLOG(1) << "Failed to parse MHTML part.";
             return false;
         }
         resources.append(resource);
     }
     return true;
 }
 
 
 ArchiveResource* MHTMLParser::parseNextPart(const MIMEHeader& mimeHeader, const String& endOfPartBoundary, const String& endOfDocumentBoundary, bool& endOfArchiveReached)
 {
     ASSERT(endOfPartBoundary.isEmpty() == endOfDocumentBoundary.isEmpty());
 
     // If no content transfer encoding is specified, default to binary encoding.
     MIMEHeader::Encoding contentTransferEncoding = mimeHeader.contentTransferEncoding();
     if (contentTransferEncoding == MIMEHeader::Unknown)
         contentTransferEncoding = MIMEHeader::Binary;
 
     RefPtr<SharedBuffer> content = SharedBuffer::create();
     const bool checkBoundary = !endOfPartBoundary.isEmpty();
     bool endOfPartReached = false;
     if (contentTransferEncoding == MIMEHeader::Binary) {
         if (!checkBoundary) {
-            DLOG(ERROR) << "Binary contents requires end of part";
+            DVLOG(1) << "Binary contents requires end of part";
             return nullptr;
         }
         m_lineReader.setSeparator(endOfPartBoundary.utf8().data());
         Vector<char> part;
         if (!m_lineReader.nextChunk(part)) {
-            DLOG(ERROR) << "Binary contents requires end of part";
+            DVLOG(1) << "Binary contents requires end of part";
             return nullptr;
         }
         content->append(part);
         m_lineReader.setSeparator("\r\n");
         Vector<char> nextChars;
         if (m_lineReader.peek(nextChars, 2) != 2) {
-            DLOG(ERROR) << "Invalid seperator.";
+            DVLOG(1) << "Invalid seperator.";
             return nullptr;
         }
         endOfPartReached = true;
         ASSERT(nextChars.size() == 2);
         endOfArchiveReached = (nextChars[0] == '-' && nextChars[1] == '-');
         if (!endOfArchiveReached) {
             String line = m_lineReader.nextChunkAsUTF8StringWithLatin1Fallback();
             if (!line.isEmpty()) {
-                DLOG(ERROR) << "No CRLF at end of binary section.";
+                DVLOG(1) << "No CRLF at end of binary section.";
                 return nullptr;
             }
         }
     } else {
         String line;
         while (!(line = m_lineReader.nextChunkAsUTF8StringWithLatin1Fallback()).isNull()) {
             endOfArchiveReached = (line == endOfDocumentBoundary);
             if (checkBoundary && (line == endOfPartBoundary || endOfArchiveReached)) {
                 endOfPartReached = true;
                 break;
             }
             // Note that we use line.utf8() and not line.ascii() as ascii turns special characters (such as tab, line-feed...) into '?'.
             content->append(line.utf8().data(), line.length());
             if (contentTransferEncoding == MIMEHeader::QuotedPrintable) {
                 // The line reader removes the \r\n, but we need them for the content in this case as the QuotedPrintable decoder expects CR-LF terminated lines.
                 content->append("\r\n", 2u);
             }
         }
     }
     if (!endOfPartReached && checkBoundary) {
-        DLOG(ERROR) << "No bounday found for MHTML part.";
+        DVLOG(1) << "No boundary found for MHTML part.";
         return nullptr;
     }
 
     Vector<char> data;
     switch (contentTransferEncoding) {
     case MIMEHeader::Base64:
         if (!base64Decode(content->data(), content->size(), data)) {
-            DLOG(ERROR) << "Invalid base64 content for MHTML part.";
+            DVLOG(1) << "Invalid base64 content for MHTML part.";
             return nullptr;
         }
         break;
     case MIMEHeader::QuotedPrintable:
         quotedPrintableDecode(content->data(), content->size(), data);
         break;
     case MIMEHeader::EightBit:
     case MIMEHeader::SevenBit:
     case MIMEHeader::Binary:
         data.append(content->data(), content->size());
         break;
     default:
-        DLOG(ERROR) << "Invalid encoding for MHTML part.";
+        DVLOG(1) << "Invalid encoding for MHTML part.";
         return nullptr;
     }
     RefPtr<SharedBuffer> contentBuffer = SharedBuffer::adoptVector(data);
     // FIXME: the URL in the MIME header could be relative, we should resolve it if it is.
     // The specs mentions 5 ways to resolve a URL: http://tools.ietf.org/html/rfc2557#section-5
     // IE and Firefox (UNMht) seem to generate only absolute URLs.
     KURL location = KURL(KURL(), mimeHeader.contentLocation());
     return ArchiveResource::create(
         contentBuffer, location, mimeHeader.contentID(), AtomicString(mimeHeader.contentType()), AtomicString(mimeHeader.charset()));
 }
@@ skipping 14 matching lines @@
     if (!contentID.startsWith('<') || !contentID.endsWith('>'))
         return KURL();
 
     StringBuilder uriBuilder;
     uriBuilder.append("cid:");
     uriBuilder.append(contentID, 1, contentID.length() - 2);
     return KURL(KURL(), uriBuilder.toString());
 }
 
 } // namespace blink