| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/logging.h" |
| 6 #include "base/macros.h" |
| 7 #include "base/memory/ptr_util.h" |
| 8 #include "base/run_loop.h" |
| 9 #include "base/test/fuzzed_data_provider.h" |
| 10 #include "net/base/net_errors.h" |
| 11 #include "net/base/request_priority.h" |
| 12 #include "net/log/test_net_log.h" |
| 13 #include "net/socket/fuzzed_socket_factory.h" |
| 14 #include "net/spdy/spdy_test_util_common.h" |
| 15 |
| 16 namespace { |
| 17 |
| 18 class FuzzerDelegate : public net::SpdyStream::Delegate { |
| 19 public: |
| 20 explicit FuzzerDelegate(const base::Closure& done_closure) |
| 21 : done_closure_(done_closure) {} |
| 22 |
| 23 void OnHeadersSent() override {} |
| 24 void OnHeadersReceived( |
| 25 const net::SpdyHeaderBlock& response_headers) override {} |
| 26 void OnDataReceived(std::unique_ptr<net::SpdyBuffer> buffer) override {} |
| 27 void OnDataSent() override {} |
| 28 void OnTrailers(const net::SpdyHeaderBlock& trailers) override {} |
| 29 |
| 30 void OnClose(int status) override { done_closure_.Run(); } |
| 31 |
| 32 private: |
| 33 base::Closure done_closure_; |
| 34 DISALLOW_COPY_AND_ASSIGN(FuzzerDelegate); |
| 35 }; |
| 36 |
| 37 } // namespace |
| 38 |
| 39 // Fuzzer for SpdySession |
| 40 // |
| 41 // |data| is used to create a FuzzedServerSocket. |
| 42 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 43 net::BoundTestNetLog bound_test_net_log; |
| 44 base::FuzzedDataProvider data_provider(data, size); |
| 45 net::FuzzedSocketFactory socket_factory(&data_provider); |
| 46 socket_factory.set_fuzz_connect_result(false); |
| 47 net::SpdySessionDependencies deps; |
| 48 std::unique_ptr<net::HttpNetworkSession> http_session( |
| 49 net::SpdySessionDependencies::SpdyCreateSessionWithSocketFactory( |
| 50 &deps, &socket_factory)); |
| 51 |
| 52 net::ProxyServer direct_connect(net::ProxyServer::Direct()); |
| 53 net::SpdySessionKey session_key(net::HostPortPair("127.0.0.1", 80), |
| 54 direct_connect, net::PRIVACY_MODE_DISABLED); |
| 55 base::WeakPtr<net::SpdySession> spdy_session(net::CreateInsecureSpdySession( |
| 56 http_session.get(), session_key, bound_test_net_log.bound())); |
| 57 |
| 58 net::SpdyStreamRequest stream_request; |
| 59 base::WeakPtr<net::SpdyStream> stream; |
| 60 |
| 61 net::TestCompletionCallback wait_for_start; |
| 62 int rv = stream_request.StartRequest( |
| 63 net::SPDY_REQUEST_RESPONSE_STREAM, spdy_session, |
| 64 GURL("http://www.example.invalid/"), net::DEFAULT_PRIORITY, |
| 65 bound_test_net_log.bound(), wait_for_start.callback()); |
| 66 |
| 67 if (rv == net::ERR_IO_PENDING) { |
| 68 rv = wait_for_start.WaitForResult(); |
| 69 } |
| 70 |
| 71 // Re-check the status after potential event loop. |
| 72 if (rv != net::OK) { |
| 73 LOG(WARNING) << "StartRequest failed with result=" << rv; |
| 74 return 0; |
| 75 } |
| 76 |
| 77 stream = stream_request.ReleaseStream(); |
| 78 stream->SendRequestHeaders( |
| 79 net::SpdyTestUtil::ConstructGetHeaderBlock("http://www.example.invalid"), |
| 80 net::NO_MORE_DATA_TO_SEND); |
| 81 |
| 82 base::RunLoop run_loop; |
| 83 FuzzerDelegate delegate(run_loop.QuitClosure()); |
| 84 stream->SetDelegate(&delegate); |
| 85 run_loop.Run(); |
| 86 |
| 87 // Give a chance for GOING_AWAY sessions to wrap up. |
| 88 base::RunLoop().RunUntilIdle(); |
| 89 |
| 90 return 0; |
| 91 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2686673003:
Initial fuzzer for SpdySession (Closed)
