device/u2f/u2f_message_fuzzer.cc - Issue 2502103002: Add FIDO U2F message and packet classes

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: device/u2f/u2f_message_fuzzer.cc

Issue 2502103002: Add FIDO U2F message and packet classes (Closed)

Patch Set: Update fuzzer test to add continuation packets and fix other review comments Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include <stddef.h>

	6 #include <stdint.h>

	7 #include "u2f_message.h"

	8

	9 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

	10 size_t packet_size = 65;

	11 size_t remaining_buffer = size;

	12 uint8_t* start = const_cast<uint8_t*>(data);

	13

	14 scoped_refptr<net::IOBufferWithSize> buf(

	15 new net::IOBufferWithSize(packet_size));

	16 memcpy(buf->data(), start, std::min(packet_size, remaining_buffer));

	17 scoped_refptr<device::U2fMessage> msg =

	18 device::U2fMessage::CreateFromSerializedData(buf);

	19

	20 remaining_buffer -= std::min(remaining_buffer, packet_size);

	21

	22 while (remaining_buffer > packet_size) {
	Reilly Grant (use Gerrit) 2016/12/10 01:52:02 This means we never test a short packet. This means we never test a short packet. Casey Piper 2016/12/12 18:01:42 Updated to use a small packet at the end of the bu Show quoted text On 2016/12/10 01:52:02, Reilly Grant wrote: > This means we never test a short packet. Updated to use a small packet at the end of the buffer if given.
	23 start += packet_size;

	24 memcpy(buf->data(), start, packet_size);
	Reilly Grant (use Gerrit) 2016/12/10 01:52:02 Allocate a new buffer each time so that ASAN can c Allocate a new buffer each time so that ASAN can catch access to bytes beyond the end of packet (if the last one is shorter than 65 bytes). Casey Piper 2016/12/12 18:01:42 Done. Show quoted text On 2016/12/10 01:52:02, Reilly Grant wrote: > Allocate a new buffer each time so that ASAN can catch access to bytes beyond > the end of packet (if the last one is shorter than 65 bytes). Done.
	25 msg->AddContinuationPacket(buf);

	26 remaining_buffer -= std::min(remaining_buffer, packet_size);

	27 }

	28

	29 return 0;

	30 }

OLD	NEW

« no previous file with comments | « device/u2f/u2f_message.cc ('k') | device/u2f/u2f_message_unittest.cc » ('j') | no next file with comments »