Add a URLRequest FTP fuzzer.

base/test/fuzzed_data_provider.cc

Index: base/test/fuzzed_data_provider.cc
diff --git a/base/test/fuzzed_data_provider.cc b/base/test/fuzzed_data_provider.cc
index 3045e693a75f9eee407538809731a00eee9d160f..0218eba5a2370f709f858d760531f0f05a4afe98 100644
--- a/base/test/fuzzed_data_provider.cc
+++ b/base/test/fuzzed_data_provider.cc
@@ -54,6 +54,28 @@ uint32_t FuzzedDataProvider::ConsumeUint32InRange(uint32_t min, uint32_t max) {
   return min + result % (range + 1);
 }
 
+std::string FuzzedDataProvider::ConsumeRandomLengthString(size_t max_length) {
+  // Reads bytes from start of |data|. Maps "\\" to "\", and maps "\" followed

[eroman, 2016/11/14 21:02:20]

|data| --> |remaining_data_| ?

[mmenke, 2016/11/14 21:13:12]

Done.

+  // by anything else to the end of the string. As a result of this logic, a
+  // fuzzer can insert characters into the string, and the string will be
+  // lengthened to include those new characters, resulting in a more stable
+  // fuzzer than picking the length of a string independently from picking its
+  // contents.
+  std::string out;
+  for (size_t i = 0; i < max_length && !remaining_data_.empty(); ++i) {
+    char next = remaining_data_[0];
+    remaining_data_.remove_prefix(1);
+    if (next == '\\' && !remaining_data_.empty()) {
+      next = remaining_data_[0];
+      remaining_data_.remove_prefix(1);
+      if (next != '\\')
+        return out;
+    }
+    out += next;
+  }
+  return out;
+}
+
 int FuzzedDataProvider::ConsumeInt32InRange(int min, int max) {
   CHECK_LE(min, max);