Chromium Code Reviews Chromium Code Reviews
Issue 2469813002:
Add a URLRequest FTP fuzzer. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/test/fuzzed_data_provider.h" | 5 #include "base/test/fuzzed_data_provider.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <limits> | 8 #include <limits> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 47 offset += 8; | 47 offset += 8; |
| 48 } | 48 } |
| 49 | 49 |
| 50 // Avoid division by 0, in the case |range + 1| results in overflow. | 50 // Avoid division by 0, in the case |range + 1| results in overflow. |
| 51 if (range == std::numeric_limits<uint32_t>::max()) | 51 if (range == std::numeric_limits<uint32_t>::max()) |
| 52 return result; | 52 return result; |
| 53 | 53 |
| 54 return min + result % (range + 1); | 54 return min + result % (range + 1); |
| 55 } | 55 } |
| 56 | 56 |
| 57 std::string FuzzedDataProvider::ConsumeRandomLengthString(size_t max_length) { | |
| 58 // Reads bytes from start of |data|. Maps "\\" to "\", and maps "\" followed | |
|
eroman
2016/11/14 21:02:20
|data| --> |remaining_data_| ?
mmenke
2016/11/14 21:13:12
Done.
| |
| 59 // by anything else to the end of the string. As a result of this logic, a | |
| 60 // fuzzer can insert characters into the string, and the string will be | |
| 61 // lengthened to include those new characters, resulting in a more stable | |
| 62 // fuzzer than picking the length of a string independently from picking its | |
| 63 // contents. | |
| 64 std::string out; | |
| 65 for (size_t i = 0; i < max_length && !remaining_data_.empty(); ++i) { | |
| 66 char next = remaining_data_[0]; | |
| 67 remaining_data_.remove_prefix(1); | |
| 68 if (next == '\\' && !remaining_data_.empty()) { | |
| 69 next = remaining_data_[0]; | |
| 70 remaining_data_.remove_prefix(1); | |
| 71 if (next != '\\') | |
| 72 return out; | |
| 73 } | |
| 74 out += next; | |
| 75 } | |
| 76 return out; | |
| 77 } | |
| 78 | |
| 57 int FuzzedDataProvider::ConsumeInt32InRange(int min, int max) { | 79 int FuzzedDataProvider::ConsumeInt32InRange(int min, int max) { |
| 58 CHECK_LE(min, max); | 80 CHECK_LE(min, max); |
| 59 | 81 |
| 60 uint32_t range = max - min; | 82 uint32_t range = max - min; |
| 61 return min + ConsumeUint32InRange(0, range); | 83 return min + ConsumeUint32InRange(0, range); |
| 62 } | 84 } |
| 63 | 85 |
| 64 bool FuzzedDataProvider::ConsumeBool() { | 86 bool FuzzedDataProvider::ConsumeBool() { |
| 65 return (ConsumeUint8() & 0x01) == 0x01; | 87 return (ConsumeUint8() & 0x01) == 0x01; |
| 66 } | 88 } |
| 67 | 89 |
| 68 uint8_t FuzzedDataProvider::ConsumeUint8() { | 90 uint8_t FuzzedDataProvider::ConsumeUint8() { |
| 69 return ConsumeUint32InRange(0, 0xFF); | 91 return ConsumeUint32InRange(0, 0xFF); |
| 70 } | 92 } |
| 71 | 93 |
| 72 uint16_t FuzzedDataProvider::ConsumeUint16() { | 94 uint16_t FuzzedDataProvider::ConsumeUint16() { |
| 73 return ConsumeUint32InRange(0, 0xFFFF); | 95 return ConsumeUint32InRange(0, 0xFFFF); |
| 74 } | 96 } |
| 75 | 97 |
| 76 } // namespace base | 98 } // namespace base |
| OLD | NEW |
