Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: ui/accessibility/ax_tree_fuzzer.cc

Issue 2323103002: Add fuzzer for AXTree and fix a couple of bugs it found. (Closed)
Patch Set: Fix additional leak Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « ui/accessibility/ax_tree.cc ('k') | ui/accessibility/ax_tree_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: ui/accessibility/ax_tree_fuzzer.cc
diff --git a/ui/accessibility/ax_tree_fuzzer.cc b/ui/accessibility/ax_tree_fuzzer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..eed34445ac2b704561b057ec70ce70078861fc39
--- /dev/null
+++ b/ui/accessibility/ax_tree_fuzzer.cc
@@ -0,0 +1,52 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "ui/accessibility/ax_tree.h"
+
+class EmptyAXTreeDelegate : public ui::AXTreeDelegate {
+ public:
+ EmptyAXTreeDelegate() {}
+
+ void OnNodeDataWillChange(ui::AXTree* tree,
+ const ui::AXNodeData& old_node_data,
+ const ui::AXNodeData& new_node_data) override {}
+ void OnTreeDataChanged(ui::AXTree* tree) override {}
+ void OnNodeWillBeDeleted(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnSubtreeWillBeDeleted(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnNodeWillBeReparented(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnSubtreeWillBeReparented(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnNodeCreated(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnNodeReparented(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnNodeChanged(ui::AXTree* tree, ui::AXNode* node) override {}
+ void OnAtomicUpdateFinished(ui::AXTree* tree,
+ bool root_changed,
+ const std::vector<Change>& changes) override {}
+};
+
+// Entry point for LibFuzzer.
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char* data, size_t size) {
+ ui::AXTreeUpdate initial_state;
+ size_t i = 0;
+ while (i < size) {
+ ui::AXNodeData node;
+ node.id = data[i++];
+ node.state = 0;
+ if (i < size) {
+ size_t child_count = data[i++];
+ for (size_t j = 0; j < child_count && i < size; j++)
+ node.child_ids.push_back(data[i++]);
+ }
+ initial_state.nodes.push_back(node);
+ }
+
+ // Run with --v=1 to aid in debugging a specific crash.
+ VLOG(1) << "Input accessibility tree:\n" << initial_state.ToString();
+
+ ui::AXTree tree;
+ EmptyAXTreeDelegate delegate;
+ tree.SetDelegate(&delegate);
+ tree.Unserialize(initial_state);
+
+ return 0;
+}
« no previous file with comments | « ui/accessibility/ax_tree.cc ('k') | ui/accessibility/ax_tree_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698