OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ | 5 #ifndef NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ |
6 #define NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ | 6 #define NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ |
7 | 7 |
8 #include <stddef.h> | 8 #include <stddef.h> |
9 #include <stdint.h> | 9 #include <stdint.h> |
10 | 10 |
11 #include <memory> | 11 #include <memory> |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "net/base/net_export.h" | |
15 #include "net/spdy/core/hpack/hpack_decoder.h" | 14 #include "net/spdy/core/hpack/hpack_decoder.h" |
16 #include "net/spdy/core/hpack/hpack_encoder.h" | 15 #include "net/spdy/core/hpack/hpack_encoder.h" |
| 16 #include "net/spdy/platform/api/spdy_export.h" |
17 #include "net/spdy/platform/api/spdy_string.h" | 17 #include "net/spdy/platform/api/spdy_string.h" |
18 #include "net/spdy/platform/api/spdy_string_piece.h" | 18 #include "net/spdy/platform/api/spdy_string_piece.h" |
19 | 19 |
20 namespace net { | 20 namespace net { |
21 | 21 |
22 class NET_EXPORT_PRIVATE HpackFuzzUtil { | 22 class SPDY_EXPORT_PRIVATE HpackFuzzUtil { |
23 public: | 23 public: |
24 // A GeneratorContext holds ordered header names & values which are | 24 // A GeneratorContext holds ordered header names & values which are |
25 // initially seeded and then expanded with dynamically generated data. | 25 // initially seeded and then expanded with dynamically generated data. |
26 struct NET_EXPORT_PRIVATE GeneratorContext { | 26 struct SPDY_EXPORT_PRIVATE GeneratorContext { |
27 GeneratorContext(); | 27 GeneratorContext(); |
28 ~GeneratorContext(); | 28 ~GeneratorContext(); |
29 std::vector<SpdyString> names; | 29 std::vector<SpdyString> names; |
30 std::vector<SpdyString> values; | 30 std::vector<SpdyString> values; |
31 }; | 31 }; |
32 | 32 |
33 // Initializes a GeneratorContext with a random seed and name/value fixtures. | 33 // Initializes a GeneratorContext with a random seed and name/value fixtures. |
34 static void InitializeGeneratorContext(GeneratorContext* context); | 34 static void InitializeGeneratorContext(GeneratorContext* context); |
35 | 35 |
36 // Generates a header set from the generator context. | 36 // Generates a header set from the generator context. |
37 static SpdyHeaderBlock NextGeneratedHeaderSet(GeneratorContext* context); | 37 static SpdyHeaderBlock NextGeneratedHeaderSet(GeneratorContext* context); |
38 | 38 |
39 // Samples a size from the exponential distribution with mean |mean|, | 39 // Samples a size from the exponential distribution with mean |mean|, |
40 // upper-bounded by |sanity_bound|. | 40 // upper-bounded by |sanity_bound|. |
41 static size_t SampleExponential(size_t mean, size_t sanity_bound); | 41 static size_t SampleExponential(size_t mean, size_t sanity_bound); |
42 | 42 |
43 // Holds an input SpdyString, and manages an offset into that SpdyString. | 43 // Holds an input SpdyString, and manages an offset into that SpdyString. |
44 struct NET_EXPORT_PRIVATE Input { | 44 struct SPDY_EXPORT_PRIVATE Input { |
45 Input(); // Initializes |offset| to zero. | 45 Input(); // Initializes |offset| to zero. |
46 ~Input(); | 46 ~Input(); |
47 | 47 |
48 size_t remaining() { | 48 size_t remaining() { |
49 return input.size() - offset; | 49 return input.size() - offset; |
50 } | 50 } |
51 const char* ptr() { | 51 const char* ptr() { |
52 return input.data() + offset; | 52 return input.data() + offset; |
53 } | 53 } |
54 | 54 |
55 SpdyString input; | 55 SpdyString input; |
56 size_t offset; | 56 size_t offset; |
57 }; | 57 }; |
58 | 58 |
59 // Returns true if the next header block was set at |out|. Returns | 59 // Returns true if the next header block was set at |out|. Returns |
60 // false if no input header blocks remain. | 60 // false if no input header blocks remain. |
61 static bool NextHeaderBlock(Input* input, SpdyStringPiece* out); | 61 static bool NextHeaderBlock(Input* input, SpdyStringPiece* out); |
62 | 62 |
63 // Returns the serialized header block length prefix for a block of | 63 // Returns the serialized header block length prefix for a block of |
64 // |block_size| bytes. | 64 // |block_size| bytes. |
65 static SpdyString HeaderBlockPrefix(size_t block_size); | 65 static SpdyString HeaderBlockPrefix(size_t block_size); |
66 | 66 |
67 // A FuzzerContext holds fuzzer input, as well as each of the decoder and | 67 // A FuzzerContext holds fuzzer input, as well as each of the decoder and |
68 // encoder stages which fuzzed header blocks are processed through. | 68 // encoder stages which fuzzed header blocks are processed through. |
69 struct NET_EXPORT_PRIVATE FuzzerContext { | 69 struct SPDY_EXPORT_PRIVATE FuzzerContext { |
70 FuzzerContext(); | 70 FuzzerContext(); |
71 ~FuzzerContext(); | 71 ~FuzzerContext(); |
72 std::unique_ptr<HpackDecoder> first_stage; | 72 std::unique_ptr<HpackDecoder> first_stage; |
73 std::unique_ptr<HpackEncoder> second_stage; | 73 std::unique_ptr<HpackEncoder> second_stage; |
74 std::unique_ptr<HpackDecoder> third_stage; | 74 std::unique_ptr<HpackDecoder> third_stage; |
75 }; | 75 }; |
76 | 76 |
77 static void InitializeFuzzerContext(FuzzerContext* context); | 77 static void InitializeFuzzerContext(FuzzerContext* context); |
78 | 78 |
79 // Runs |input_block| through |first_stage| and, iff that succeeds, | 79 // Runs |input_block| through |first_stage| and, iff that succeeds, |
80 // |second_stage| and |third_stage| as well. Returns whether all stages | 80 // |second_stage| and |third_stage| as well. Returns whether all stages |
81 // processed the input without error. | 81 // processed the input without error. |
82 static bool RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, | 82 static bool RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, |
83 SpdyStringPiece input_block); | 83 SpdyStringPiece input_block); |
84 | 84 |
85 // Flips random bits within |buffer|. The total number of flips is | 85 // Flips random bits within |buffer|. The total number of flips is |
86 // |flip_per_thousand| bits for every 1,024 bytes of |buffer_length|, | 86 // |flip_per_thousand| bits for every 1,024 bytes of |buffer_length|, |
87 // rounding up. | 87 // rounding up. |
88 static void FlipBits(uint8_t* buffer, | 88 static void FlipBits(uint8_t* buffer, |
89 size_t buffer_length, | 89 size_t buffer_length, |
90 size_t flip_per_thousand); | 90 size_t flip_per_thousand); |
91 }; | 91 }; |
92 | 92 |
93 } // namespace net | 93 } // namespace net |
94 | 94 |
95 #endif // NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ | 95 #endif // NET_SPDY_CORE_FUZZING_HPACK_FUZZ_UTIL_H_ |
OLD | NEW |