Move FuzzedDataProvider to //base and expose to blink

third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp

Index: third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
diff --git a/third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp b/third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..7bb309948be51fd61ea6cd797d6d7c786d1210ae
--- /dev/null
+++ b/third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
@@ -0,0 +1,55 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/html/parser/TextResourceDecoder.h"
+
+#include "platform/testing/FuzzedDataProvider.h"
+#include "platform/testing/TestingPlatformSupport.h"
+#include "wtf/text/WTFString.h"
+#include <algorithm>
+
+namespace blink {
+
+class TextResourceDecoderForFuzzing : public TextResourceDecoder {
+public:
+    TextResourceDecoderForFuzzing(FuzzedDataProvider& fuzzedData)
+        : TextResourceDecoder(String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)), String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 16)), FuzzedOption(fuzzedData))

[esprehn, 2016/08/17 20:42:13]

why 16?

[Charlie Harrison, 2016/08/17 21:22:14]

Pretty arbitrary. I'll fix this up and add comments. Comments for mimetype say:
// Per RFCs 3023 and 2045, an XML MIME type is of the form:
// ^[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+/[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+\+xml$

that's pretty flexible. Maybe we should give it some more bytes.

For charset, we can also get some big ones like "unicode-1-1-utf-8".

To be safe, I'm upping these to be in range 0,32.

+    {
+    }
+
+private:
+    static TextResourceDecoder::EncodingDetectionOption FuzzedOption(FuzzedDataProvider& fuzzedData)
+    {
+        // Don't use AlwaysUseUTF8ForText which requires knowing the mimeType
+        // ahead of time.
+        return fuzzedData.ConsumeBool() ? UseAllAutoDetection : UseContentAndBOMBasedDetection;
+    }
+};
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    FuzzedDataProvider fuzzedData(data, size);
+    TextResourceDecoderForFuzzing decoder(fuzzedData);
+    CString bytes = fuzzedData.ConsumeRemainingBytes();
+    decoder.decode(bytes.data(), bytes.length());
+    decoder.flush();
+    return 0;
+}
+
+} // namespace blink
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    return blink::LLVMFuzzerTestOneInput(data, size);
+}
+
+extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
+{
+    // Intentional leak - no need to do cleanup as explained in
+    // "Initialization/Cleanup" section of testing/libfuzzer/efficient_fuzzer.md
+    DEFINE_STATIC_LOCAL(blink::ScopedUnittestsEnvironmentSetup, testSetup, (*argc, *argv));
+    ALLOW_UNUSED_LOCAL(testSetup);
+
+    return 0;
+}