OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <iostream> | 5 #include <iostream> |
6 #include <set> | 6 #include <set> |
7 #include <string> | 7 #include <string> |
8 #include <tuple> | 8 #include <tuple> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/macros.h" | 12 #include "base/macros.h" |
13 #include "base/memory/shared_memory_handle.h" | 13 #include "base/memory/shared_memory_handle.h" |
14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/values.h" |
15 #include "build/build_config.h" | 16 #include "build/build_config.h" |
16 #include "ipc/ipc_message.h" | 17 #include "ipc/ipc_message.h" |
17 #include "ipc/ipc_message_utils.h" | 18 #include "ipc/ipc_message_utils.h" |
18 #include "ipc/ipc_sync_channel.h" | 19 #include "ipc/ipc_sync_channel.h" |
19 #include "ipc/ipc_sync_message.h" | 20 #include "ipc/ipc_sync_message.h" |
20 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" | 21 #include "tools/ipc_fuzzer/fuzzer/fuzzer.h" |
21 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" | 22 #include "tools/ipc_fuzzer/fuzzer/rand_util.h" |
22 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" | 23 #include "tools/ipc_fuzzer/message_lib/message_cracker.h" |
23 #include "tools/ipc_fuzzer/message_lib/message_file.h" | 24 #include "tools/ipc_fuzzer/message_lib/message_file.h" |
24 | 25 |
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
530 std::string tmp; | 531 std::string tmp; |
531 p->GetString(index, &tmp); | 532 p->GetString(index, &tmp); |
532 fuzzer->FuzzString(&tmp); | 533 fuzzer->FuzzString(&tmp); |
533 p->Set(index, new base::Value(tmp)); | 534 p->Set(index, new base::Value(tmp)); |
534 break; | 535 break; |
535 } | 536 } |
536 case base::Value::Type::BINARY: { | 537 case base::Value::Type::BINARY: { |
537 char tmp[200]; | 538 char tmp[200]; |
538 size_t bin_length = RandInRange(sizeof(tmp)); | 539 size_t bin_length = RandInRange(sizeof(tmp)); |
539 fuzzer->FuzzData(tmp, bin_length); | 540 fuzzer->FuzzData(tmp, bin_length); |
540 p->Set(index, | 541 p->Set(index, base::Value::CreateWithCopiedBuffer(tmp, bin_length)); |
541 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length)); | |
542 break; | 542 break; |
543 } | 543 } |
544 case base::Value::Type::DICTIONARY: { | 544 case base::Value::Type::DICTIONARY: { |
545 base::DictionaryValue* tmp = new base::DictionaryValue(); | 545 base::DictionaryValue* tmp = new base::DictionaryValue(); |
546 p->GetDictionary(index, &tmp); | 546 p->GetDictionary(index, &tmp); |
547 FuzzParam(tmp, fuzzer); | 547 FuzzParam(tmp, fuzzer); |
548 p->Set(index, tmp); | 548 p->Set(index, tmp); |
549 break; | 549 break; |
550 } | 550 } |
551 case base::Value::Type::LIST: { | 551 case base::Value::Type::LIST: { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
600 std::string tmp; | 600 std::string tmp; |
601 fuzzer->FuzzString(&tmp); | 601 fuzzer->FuzzString(&tmp); |
602 p->SetWithoutPathExpansion(property, new base::Value(tmp)); | 602 p->SetWithoutPathExpansion(property, new base::Value(tmp)); |
603 break; | 603 break; |
604 } | 604 } |
605 case base::Value::Type::BINARY: { | 605 case base::Value::Type::BINARY: { |
606 char tmp[200]; | 606 char tmp[200]; |
607 size_t bin_length = RandInRange(sizeof(tmp)); | 607 size_t bin_length = RandInRange(sizeof(tmp)); |
608 fuzzer->FuzzData(tmp, bin_length); | 608 fuzzer->FuzzData(tmp, bin_length); |
609 p->SetWithoutPathExpansion( | 609 p->SetWithoutPathExpansion( |
610 property, | 610 property, base::Value::CreateWithCopiedBuffer(tmp, bin_length)); |
611 base::BinaryValue::CreateWithCopiedBuffer(tmp, bin_length)); | |
612 break; | 611 break; |
613 } | 612 } |
614 case base::Value::Type::DICTIONARY: { | 613 case base::Value::Type::DICTIONARY: { |
615 base::DictionaryValue* tmp = new base::DictionaryValue(); | 614 base::DictionaryValue* tmp = new base::DictionaryValue(); |
616 FuzzParam(tmp, fuzzer); | 615 FuzzParam(tmp, fuzzer); |
617 p->SetWithoutPathExpansion(property, tmp); | 616 p->SetWithoutPathExpansion(property, tmp); |
618 break; | 617 break; |
619 } | 618 } |
620 case base::Value::Type::LIST: { | 619 case base::Value::Type::LIST: { |
621 base::ListValue* tmp = new base::ListValue(); | 620 base::ListValue* tmp = new base::ListValue(); |
(...skipping 1201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1823 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" | 1822 #include "tools/ipc_fuzzer/message_lib/all_message_null_macros.h" |
1824 #undef IPC_MESSAGE_DECL | 1823 #undef IPC_MESSAGE_DECL |
1825 #define IPC_MESSAGE_DECL(name, ...) \ | 1824 #define IPC_MESSAGE_DECL(name, ...) \ |
1826 (*map)[static_cast<uint32_t>(name::ID)] = FuzzerHelper<name>::Fuzz; | 1825 (*map)[static_cast<uint32_t>(name::ID)] = FuzzerHelper<name>::Fuzz; |
1827 | 1826 |
1828 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { | 1827 void PopulateFuzzerFunctionMap(FuzzerFunctionMap* map) { |
1829 #include "tools/ipc_fuzzer/message_lib/all_messages.h" | 1828 #include "tools/ipc_fuzzer/message_lib/all_messages.h" |
1830 } | 1829 } |
1831 | 1830 |
1832 } // namespace ipc_fuzzer | 1831 } // namespace ipc_fuzzer |
OLD | NEW |