net/websockets/websocket_deflate_stream_fuzzer.cc - Issue 2292083002: Add a fuzzer for WebSocketDeflateStream::ReadFrames()

Side by Side Diff: net/websockets/websocket_deflate_stream_fuzzer.cc

Issue 2292083002: Add a fuzzer for WebSocketDeflateStream::ReadFrames() (Closed)

Patch Set: Set max_len to 512 for better coverage Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <stddef.h>

	6 #include <stdint.h>

	7

	8 #include <memory>

	9 #include <string>

	10 #include <vector>

	11

	12 #include "base/logging.h"

	13 #include "base/memory/ptr_util.h"

	14 #include "base/test/fuzzed_data_provider.h"

	15 #include "net/base/completion_callback.h"

	16 #include "net/base/io_buffer.h"

	17 #include "net/base/net_errors.h"

	18 #include "net/websockets/websocket_deflate_parameters.h"

	19 #include "net/websockets/websocket_deflate_predictor.h"

	20 #include "net/websockets/websocket_deflate_predictor_impl.h"

	21 #include "net/websockets/websocket_deflate_stream.h"

	22 #include "net/websockets/websocket_extension.h"

	23 #include "net/websockets/websocket_frame.h"

	24 #include "net/websockets/websocket_stream.h"

	25

	26 namespace net {

	27

	28 namespace {

	29 class WebSocketFuzzedStream : public WebSocketStream {
	yhirano 2016/08/31 05:30:04 final final Adam Rice 2016/08/31 06:02:59 Done. Show quoted text On 2016/08/31 05:30:04, yhirano wrote: > final Done.
	30 public:

	31 WebSocketFuzzedStream(const uint8_t* data, size_t size)

	32 : fuzzed_data_provider_(data, size) {}

	33

	34 int ReadFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,

	35 const CompletionCallback& callback) override {

	36 if (fuzzed_data_provider_.remaining_bytes() == 0)

	37 return ERR_CONNECTION_CLOSED;

	38 while (fuzzed_data_provider_.remaining_bytes() > 0)

	39 frames->push_back(CreateFrame());

	40 return OK;

	41 }

	42

	43 int WriteFrames(std::vector<std::unique_ptr<WebSocketFrame>>* frames,

	44 const CompletionCallback& callback) override {

	45 return ERR_FILE_NOT_FOUND;

	46 }

	47

	48 void Close() override {}

	49 std::string GetSubProtocol() const override { return std::string(); }

	50 std::string GetExtensions() const override { return std::string(); }

	51

	52 private:

	53 std::unique_ptr<WebSocketFrame> CreateFrame() {

	54 WebSocketFrameHeader::OpCode opcode =

	55 fuzzed_data_provider_.ConsumeInt32InRange(

	56 WebSocketFrameHeader::kOpCodeContinuation,

	57 WebSocketFrameHeader::kOpCodeControlUnused);

	58 auto frame = base::MakeUnique<WebSocketFrame>(opcode);

	59 // Bad news: ConsumeBool actually consumes a whole byte per call, so do

	60 // something hacky to conserve precious bits.

	61 uint8_t flags = fuzzed_data_provider_.ConsumeUint8();

	62 frame->header.final = flags & 0x1;

	63 frame->header.reserved1 = (flags >> 1) & 0x1;

	64 frame->header.reserved2 = (flags >> 2) & 0x1;

	65 frame->header.reserved3 = (flags >> 3) & 0x1;

	66 frame->header.masked = (flags >> 4) & 0x1;

	67 uint64_t payload_length = fuzzed_data_provider_.ConsumeInt32InRange(0, 64);

	68 base::StringPiece payload =

	69 fuzzed_data_provider_.ConsumeBytes(payload_length);

	70 frame->data = new WrappedIOBuffer(payload.data());

	71 frame->header.payload_length = payload.size();

	72 return frame;

	73 }

	74

	75 base::FuzzedDataProvider fuzzed_data_provider_;

	76 };

	77

	78 } // namespace

	79

	80 void WebSocketDeflateStreamFuzz(const uint8_t* data, size_t size) {
	yhirano 2016/08/31 05:30:04 Does it make sense to hide this function in an unn Does it make sense to hide this function in an unnamed namespace, or add "static" keyword? Adam Rice 2016/08/31 06:02:59 I moved it into an anonymous namespace. It looks w Show quoted text On 2016/08/31 05:30:04, yhirano wrote: > Does it make sense to hide this function in an unnamed namespace, or add > "static" keyword? I moved it into an anonymous namespace. It looks weird to call a function as net::WebSocketDeflateStreamFuzz() when it's actually in an anonymous namespace. But it seems to work.
	81 // WebSocketDeflateStream needs to be constructed on each call because it

	82 // has state.

	83 std::string failure_message;

	84 WebSocketDeflateParameters parameters;

	85 parameters.Initialize(WebSocketExtension("permessage-deflate"),

	86 &failure_message);

	87 WebSocketDeflateStream deflate_stream(

	88 base::MakeUnique<WebSocketFuzzedStream>(data, size), parameters,

	89 base::MakeUnique<WebSocketDeflatePredictorImpl>());

	90 std::vector<std::unique_ptr<net::WebSocketFrame>> frames;

	91 deflate_stream.ReadFrames(&frames, CompletionCallback());

	92 }

	93

	94 } // namespace net

	95

	96 // Entry point for LibFuzzer.

	97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

	98 net::WebSocketDeflateStreamFuzz(data, size);

	99

	100 return 0;

	101 }

OLD	NEW

« no previous file with comments | « net/BUILD.gn ('k') | no next file » | no next file with comments »