| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "core/MediaTypeNames.h" |
| 6 #include "core/css/MediaValuesCached.h" |
| 7 #include "core/html/HTMLDocument.h" |
| 8 #include "core/html/parser/HTMLDocumentParser.h" |
| 9 #include "core/html/parser/ResourcePreloader.h" |
| 10 #include "core/html/parser/TextResourceDecoderForFuzzing.h" |
| 11 #include "platform/testing/BlinkFuzzerTestSupport.h" |
| 12 #include "platform/testing/FuzzedDataProvider.h" |
| 13 |
| 14 namespace blink { |
| 15 |
| 16 std::unique_ptr<CachedDocumentParameters> cachedDocumentParametersForFuzzing(Fuz
zedDataProvider& fuzzedData) |
| 17 { |
| 18 std::unique_ptr<CachedDocumentParameters> documentParameters = CachedDocumen
tParameters::create(); |
| 19 documentParameters->doHtmlPreloadScanning = fuzzedData.ConsumeBool(); |
| 20 documentParameters->doDocumentWritePreloadScanning = fuzzedData.ConsumeBool(
); |
| 21 // TODO(csharrison): How should this be fuzzed? |
| 22 documentParameters->defaultViewportMinWidth = Length(); |
| 23 documentParameters->viewportMetaZeroValuesQuirk = fuzzedData.ConsumeBool(); |
| 24 documentParameters->viewportMetaEnabled = fuzzedData.ConsumeBool(); |
| 25 return documentParameters; |
| 26 } |
| 27 |
| 28 class MockResourcePreloader : public ResourcePreloader { |
| 29 void preload(std::unique_ptr<PreloadRequest>, const NetworkHintsInterface&)
override |
| 30 { |
| 31 } |
| 32 }; |
| 33 |
| 34 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) |
| 35 { |
| 36 FuzzedDataProvider fuzzedData(data, size); |
| 37 |
| 38 HTMLParserOptions options; |
| 39 options.scriptEnabled = fuzzedData.ConsumeBool(); |
| 40 options.pluginsEnabled = fuzzedData.ConsumeBool(); |
| 41 |
| 42 std::unique_ptr<CachedDocumentParameters> documentParameters = cachedDocumen
tParametersForFuzzing(fuzzedData); |
| 43 |
| 44 KURL documentURL(ParsedURLString, "http://whatever.test/"); |
| 45 |
| 46 // Copied from HTMLPreloadScannerTest. May be worthwhile to fuzz. |
| 47 MediaValuesCached::MediaValuesCachedData mediaData; |
| 48 mediaData.viewportWidth = 500; |
| 49 mediaData.viewportHeight = 600; |
| 50 mediaData.deviceWidth = 700; |
| 51 mediaData.deviceHeight = 800; |
| 52 mediaData.devicePixelRatio = 2.0; |
| 53 mediaData.colorBitsPerComponent = 24; |
| 54 mediaData.monochromeBitsPerComponent = 0; |
| 55 mediaData.primaryPointerType = PointerTypeFine; |
| 56 mediaData.defaultFontSize = 16; |
| 57 mediaData.threeDEnabled = true; |
| 58 mediaData.mediaType = MediaTypeNames::screen; |
| 59 mediaData.strictMode = true; |
| 60 mediaData.displayMode = WebDisplayModeBrowser; |
| 61 |
| 62 MockResourcePreloader preloader; |
| 63 |
| 64 std::unique_ptr<HTMLPreloadScanner> scanner = HTMLPreloadScanner::create(opt
ions, documentURL, std::move(documentParameters), mediaData); |
| 65 |
| 66 TextResourceDecoderForFuzzing decoder(fuzzedData); |
| 67 CString bytes = fuzzedData.ConsumeRemainingBytes(); |
| 68 String decodedBytes = decoder.decode(bytes.data(), bytes.length()); |
| 69 scanner->appendToEnd(decodedBytes); |
| 70 scanner->scanAndPreload(&preloader, KURL(), nullptr); |
| 71 return 0; |
| 72 } |
| 73 |
| 74 } // namespace blink |
| 75 |
| 76 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) |
| 77 { |
| 78 return blink::LLVMFuzzerTestOneInput(data, size); |
| 79 } |
| 80 |
| 81 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) |
| 82 { |
| 83 blink::InitializeBlinkFuzzTest(argc, argv); |
| 84 return 0; |
| 85 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2261873002:
Add fuzzer for HTMLPreloadScanner (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master