Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(70)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp

Issue 2261873002: Add fuzzer for HTMLPreloadScanner (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add include Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/html/parser/TextResourceDecoderForFuzzing.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "core/html/parser/TextResourceDecoder.h" 5 #include "core/html/parser/TextResourceDecoderForFuzzing.h"
6 6
7 #include "platform/testing/FuzzedDataProvider.h" 7 #include "platform/testing/FuzzedDataProvider.h"
8 #include "platform/testing/TestingPlatformSupport.h" 8 #include "platform/testing/TestingPlatformSupport.h"
9 #include "wtf/text/WTFString.h"
10 #include <algorithm> 9 #include <algorithm>
11 10
12 namespace blink { 11 namespace blink {
13 12
14 class TextResourceDecoderForFuzzing : public TextResourceDecoder {
15 public:
16 // Note: mimeTypes can be quite long and still valid for XML. See the
17 // comment in DOMImplementation.cpp which says:
18 // Per RFCs 3023 and 2045, an XML MIME type is of the form:
19 // ^[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+/[0-9a-zA-Z_\\-+~!$\\^{}|.%'`#&*]+\+xml $
20 //
21 // Similarly, charsets can be long too (see the various encodings in
22 // wtf/text). For instance: "unicode-1-1-utf-8". To ensure good coverage,
23 // set a generous max limit for these sizes (32 bytes should be good).
24 TextResourceDecoderForFuzzing(FuzzedDataProvider& fuzzedData)
25 : TextResourceDecoder(String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 32)), String::fromUTF8(fuzzedData.ConsumeBytesInRange(0, 32)), FuzzedOption(fuz zedData))
26 {
27 }
28
29 private:
30 static TextResourceDecoder::EncodingDetectionOption FuzzedOption(FuzzedDataP rovider& fuzzedData)
31 {
32 // Don't use AlwaysUseUTF8ForText which requires knowing the mimeType
33 // ahead of time.
34 return fuzzedData.ConsumeBool() ? UseAllAutoDetection : UseContentAndBOM BasedDetection;
35 }
36 };
37
38 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 13 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
39 { 14 {
40 FuzzedDataProvider fuzzedData(data, size); 15 FuzzedDataProvider fuzzedData(data, size);
41 TextResourceDecoderForFuzzing decoder(fuzzedData); 16 TextResourceDecoderForFuzzing decoder(fuzzedData);
42 CString bytes = fuzzedData.ConsumeRemainingBytes(); 17 CString bytes = fuzzedData.ConsumeRemainingBytes();
43 decoder.decode(bytes.data(), bytes.length()); 18 decoder.decode(bytes.data(), bytes.length());
44 decoder.flush(); 19 decoder.flush();
45 return 0; 20 return 0;
46 } 21 }
47 22
48 } // namespace blink 23 } // namespace blink
49 24
50 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
51 { 26 {
52 return blink::LLVMFuzzerTestOneInput(data, size); 27 return blink::LLVMFuzzerTestOneInput(data, size);
53 } 28 }
54 29
55 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) 30 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv)
56 { 31 {
57 // Intentional leak - no need to do cleanup as explained in 32 // Intentional leak - no need to do cleanup as explained in
58 // "Initialization/Cleanup" section of testing/libfuzzer/efficient_fuzzer.md 33 // "Initialization/Cleanup" section of testing/libfuzzer/efficient_fuzzer.md
59 DEFINE_STATIC_LOCAL(blink::ScopedUnittestsEnvironmentSetup, testSetup, (*arg c, *argv)); 34 DEFINE_STATIC_LOCAL(blink::ScopedUnittestsEnvironmentSetup, testSetup, (*arg c, *argv));
60 ALLOW_UNUSED_LOCAL(testSetup); 35 ALLOW_UNUSED_LOCAL(testSetup);
61 36
62 return 0; 37 return 0;
63 } 38 }
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/html/parser/TextResourceDecoderForFuzzing.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698