Fuzzer for TextCodecs

third_party/WebKit/Source/platform/TextCodecFuzzer.cpp

Index: third_party/WebKit/Source/platform/TextCodecFuzzer.cpp
diff --git a/third_party/WebKit/Source/platform/TextCodecFuzzer.cpp b/third_party/WebKit/Source/platform/TextCodecFuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..4f10990c9db9ecaa7e2a3e8db87a2de80af203cc
--- /dev/null
+++ b/third_party/WebKit/Source/platform/TextCodecFuzzer.cpp
@@ -0,0 +1,71 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "wtf/text/TextCodec.h"
+
+#include "platform/testing/BlinkFuzzerTestSupport.h"
+#include "wtf/Vector.h"
+#include "wtf/text/CString.h"
+#include "wtf/text/TextEncoding.h"
+#include "wtf/text/TextEncodingRegistry.h"
+#include "wtf/text/WTFString.h"
+
+using namespace blink;
+
+// TODO(jsbell): This fuzzes code in wtf/ but has dependencies on platform/,
+// so it must live in the latter directory. Once wtf/ moves into platform/wtf
+// this should move there as well.
+
+extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
+  InitializeBlinkFuzzTest(argc, argv);
+  return 0;
+}
+
+// Fuzzer for WTF::TextCodec.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  Vector<String> encodings = WTF::getEncodingNamesForTesting();

[Charlie Harrison, 2016/12/07 16:07:15]

Can you make all these Vectors static? It is inefficient to populate them for
every run of the fuzzer.\

Another technique is to have a test harness class with these values using
something like base::Singleton.

+
+  Vector<WTF::FlushBehavior> flushOptions;
+  flushOptions.append(WTF::DoNotFlush);
+  flushOptions.append(WTF::FetchEOF);
+  flushOptions.append(WTF::DataEOF);
+
+  Vector<bool> stopOnErrorOptions;
+  stopOnErrorOptions.append(false);
+  stopOnErrorOptions.append(true);
+
+  Vector<WTF::UnencodableHandling> unencodableHandlingOptions;
+  unencodableHandlingOptions.append(WTF::QuestionMarksForUnencodables);
+  unencodableHandlingOptions.append(WTF::EntitiesForUnencodables);
+  unencodableHandlingOptions.append(WTF::URLEncodedEntitiesForUnencodables);
+  unencodableHandlingOptions.append(WTF::CSSEncodedEntitiesForUnencodables);
+
+  for (const auto& encodingName : encodings) {
+    WTF::TextEncoding encoding(encodingName);

[Charlie Harrison, 2016/12/07 16:07:15]

Maybe have a Vector of TextEncodings instead of names, as it looks like the
constructor is not trivial.

+
+    for (const auto& flush : flushOptions) {
+      for (const auto& stopOnError : stopOnErrorOptions) {
+        std::unique_ptr<TextCodec> codec = newTextCodec(encoding);

[Charlie Harrison, 2016/12/07 16:07:15]

It would be good to avoid all the allocations of TextCodecs. I can't see an easy
way to do that though, as it looks like it is hard to avoid statefulness.

+        bool sawError;
+        codec->decode(reinterpret_cast<const char*>(data), size, flush,
+                      stopOnError, sawError);
+      }
+    }
+
+    for (const auto& unencodableHandling : unencodableHandlingOptions) {
+      if (size % sizeof(LChar) == 0) {
+        std::unique_ptr<TextCodec> codec = newTextCodec(encoding);
+        codec->encode(reinterpret_cast<const LChar*>(data),
+                      size / sizeof(LChar), unencodableHandling);
+      }
+      if (size % sizeof(UChar) == 0) {
+        std::unique_ptr<TextCodec> codec = newTextCodec(encoding);
+        codec->encode(reinterpret_cast<const UChar*>(data),
+                      size / sizeof(UChar), unencodableHandling);
+      }
+    }
+  }
+
+  return 0;
+}