Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(122)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: breakpad/minidump_fuzzer.cc

Issue 2296893002: Add minidump fuzzer for breakpad. (Closed)
Patch Set: fix Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « breakpad/BUILD.gn ('k') | breakpad/minidump_fuzzer.dict » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stddef.h>
6 #include <stdint.h>
7 #include <string.h>
8
9 #include <streambuf>
10 #include <istream>
11 #include <memory>
12
13 #include "base/memory/free_deleter.h"
14 #include "google_breakpad/processor/basic_source_line_resolver.h"
15 #include "google_breakpad/processor/minidump.h"
16 #include "google_breakpad/processor/minidump_processor.h"
17 #include "google_breakpad/processor/process_state.h"
18 #include "processor/logging.h"
19 #include "processor/simple_symbol_supplier.h"
20 #include "processor/stackwalk_common.h"
21
22 namespace {
23
24 using google_breakpad::BasicSourceLineResolver;
25 using google_breakpad::Minidump;
26 using google_breakpad::MinidumpProcessor;
27 using google_breakpad::ProcessState;
28 using google_breakpad::SimpleSymbolSupplier;
29
30 struct membuf : std::streambuf {
31 membuf(char* begin, char* end) { setg(begin, begin, end); }
32
33 protected:
34 virtual pos_type seekoff(off_type off,
35 std::ios_base::seekdir dir,
36 std::ios_base::openmode which = std::ios_base::in) {
37 if (dir == std::ios_base::cur)
38 gbump(off);
39 return gptr() - eback();
40 }
41 };
42
43 bool PrintMinidumpProcess(const uint8_t* data,
44 size_t size,
45 const std::vector<string>& symbol_paths) {
46 std::unique_ptr<SimpleSymbolSupplier> symbol_supplier;
47 char* ptr = static_cast<char*>(malloc(size));
48 if (!ptr)
49 return false;
50
51 std::unique_ptr<char, base::FreeDeleter> buffer(ptr);
52 memcpy(buffer.get(), data, size);
53
54 membuf sbuf(buffer.get(), buffer.get() + size);
55 std::istream input(&sbuf);
56
57 if (!symbol_paths.empty()) {
58 symbol_supplier.reset(new SimpleSymbolSupplier(symbol_paths));
59 }
60
61 BasicSourceLineResolver resolver;
62 MinidumpProcessor minidump_processor(symbol_supplier.get(), &resolver);
63
64 // Process the minidump.
65 Minidump dump(input);
66 if (!dump.Read()) {
67 BPLOG(ERROR) << "Minidump " << dump.path() << " could not be read";
68 return false;
69 }
70 ProcessState process_state;
71 if (minidump_processor.Process(&dump, &process_state) !=
72 google_breakpad::PROCESS_OK) {
73 BPLOG(ERROR) << "MinidumpProcessor::Process failed";
aizatsky 2016/09/01 16:02:57 It's better for fuzzer not to log anything. Do you
74 return false;
75 }
76
77 PrintProcessStateMachineReadable(process_state);
78
79 return true;
80 }
81
82 } // namespace
83
84 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
85 // TODO(wfh): Somehow pull symbols in.
86 PrintMinidumpProcess(data, size, std::vector<string>());
87 return 0;
88 }
OLDNEW
« no previous file with comments | « breakpad/BUILD.gn ('k') | breakpad/minidump_fuzzer.dict » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698