Add fuzzer for HTMLPreloadScanner

third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerFuzzer.cpp

Index: third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerFuzzer.cpp
diff --git a/third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp b/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerFuzzer.cpp
similarity index 52%
copy from third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
copy to third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerFuzzer.cpp
index e19011319fa1df5c8461662d7fcb9db30b769cce..d487e1bd80853679a2f70f27a2723ff0d031c9e4 100644
--- a/third_party/WebKit/Source/core/html/parser/TextResourceDecoderFuzzer.cpp
+++ b/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerFuzzer.cpp
@@ -2,10 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "core/MediaTypeNames.h"
+#include "core/css/MediaValuesCached.h"
+#include "core/frame/Settings.h"
+#include "core/html/HTMLDocument.h"
+#include "core/html/parser/HTMLDocumentParser.h"
 #include "core/html/parser/TextResourceDecoder.h"
-
+#include "core/loader/TextResourceDecoderBuilder.h"
+#include "core/testing/DummyPageHolder.h"
 #include "platform/testing/FuzzedDataProvider.h"
 #include "platform/testing/TestingPlatformSupport.h"
+#include "wtf/PtrUtil.h"
 #include "wtf/text/WTFString.h"
 #include <algorithm>
 
@@ -35,13 +42,57 @@ private:
     }
 };
 
+struct CachedDocumentParametersForFuzzing : public CachedDocumentParameters {
+    CachedDocumentParametersForFuzzing(FuzzedDataProvider& fuzzedData)
+    {

[kouhei (in TOK), 2016/08/22 05:48:28]

maybe simply
unique_ptr<CachedDocumentParameters> createCachedDocumentParametersForFuzzing()
{
  ...
}?

Also, please initialize the other fields.

+        doHtmlPreloadScanning = fuzzedData.ConsumeBool();
+        doDocumentWritePreloadScanning = fuzzedData.ConsumeBool();
+    }
+};
+
+class MockResourcePreloader : public ResourcePreloader {
+    void preload(std::unique_ptr<PreloadRequest>, const NetworkHintsInterface&) override
+    {
+    }
+};
+
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
     FuzzedDataProvider fuzzedData(data, size);
+
+    HTMLParserOptions options;
+    options.scriptEnabled = fuzzedData.ConsumeBool();
+    options.pluginsEnabled = fuzzedData.ConsumeBool();
+
+    CachedDocumentParametersForFuzzing* documentParameters = new CachedDocumentParametersForFuzzing(fuzzedData);
+
+    KURL documentURL(ParsedURLString, "http://whatever.test/");
+
+    // Copied from HTMLPreloadScannerTest. May be worthwhile to fuzz.
+    MediaValuesCached::MediaValuesCachedData mediaData;
+    mediaData.viewportWidth = 500;
+    mediaData.viewportHeight = 600;
+    mediaData.deviceWidth = 700;
+    mediaData.deviceHeight = 800;
+    mediaData.devicePixelRatio = 2.0;
+    mediaData.colorBitsPerComponent = 24;
+    mediaData.monochromeBitsPerComponent = 0;
+    mediaData.primaryPointerType = PointerTypeFine;
+    mediaData.defaultFontSize = 16;
+    mediaData.threeDEnabled = true;
+    mediaData.mediaType = MediaTypeNames::screen;
+    mediaData.strictMode = true;
+    mediaData.displayMode = WebDisplayModeBrowser;
+
+    MockResourcePreloader preloader;
+
+    std::unique_ptr<HTMLPreloadScanner> scanner = HTMLPreloadScanner::create(options, documentURL, wrapUnique(documentParameters), mediaData);
+
     TextResourceDecoderForFuzzing decoder(fuzzedData);
     CString bytes = fuzzedData.ConsumeRemainingBytes();
-    decoder.decode(bytes.data(), bytes.length());
-    decoder.flush();
+    String decodedBytes = decoder.decode(bytes.data(), bytes.length());
+    scanner->appendToEnd(decodedBytes);
+    scanner->scanAndPreload(&preloader, KURL(), nullptr);
     return 0;
 }