| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_ | |
| 6 #define NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 #include <vector> | |
| 10 | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "base/strings/string_piece.h" | |
| 13 #include "net/base/net_export.h" | |
| 14 #include "net/spdy/hpack_decoder.h" | |
| 15 #include "net/spdy/hpack_encoder.h" | |
| 16 | |
| 17 namespace net { | |
| 18 | |
| 19 class NET_EXPORT_PRIVATE HpackFuzzUtil { | |
| 20 public: | |
| 21 // A GeneratorContext holds ordered header names & values which are | |
| 22 // initially seeded and then expanded with dynamically generated data. | |
| 23 struct NET_EXPORT_PRIVATE GeneratorContext { | |
| 24 GeneratorContext(); | |
| 25 ~GeneratorContext(); | |
| 26 std::vector<std::string> names; | |
| 27 std::vector<std::string> values; | |
| 28 }; | |
| 29 | |
| 30 // Initializes a GeneratorContext with a random seed and name/value fixtures. | |
| 31 static void InitializeGeneratorContext(GeneratorContext* context); | |
| 32 | |
| 33 // Generates a header set from the generator context. | |
| 34 static std::map<std::string, std::string> NextGeneratedHeaderSet( | |
| 35 GeneratorContext* context); | |
| 36 | |
| 37 // Samples a size from the exponential distribution with mean |mean|, | |
| 38 // upper-bounded by |sanity_bound|. | |
| 39 static size_t SampleExponential(size_t mean, size_t sanity_bound); | |
| 40 | |
| 41 // Holds an input string, and manages an offset into that string. | |
| 42 struct NET_EXPORT_PRIVATE Input { | |
| 43 Input(); // Initializes |offset| to zero. | |
| 44 ~Input(); | |
| 45 | |
| 46 size_t remaining() { | |
| 47 return input.size() - offset; | |
| 48 } | |
| 49 const char* ptr() { | |
| 50 return input.data() + offset; | |
| 51 } | |
| 52 | |
| 53 std::string input; | |
| 54 size_t offset; | |
| 55 }; | |
| 56 | |
| 57 // Returns true if the next header block was set at |out|. Returns | |
| 58 // false if no input header blocks remain. | |
| 59 static bool NextHeaderBlock(Input* input, base::StringPiece* out); | |
| 60 | |
| 61 // Returns the serialized header block length prefix for a block of | |
| 62 // |block_size| bytes. | |
| 63 static std::string HeaderBlockPrefix(size_t block_size); | |
| 64 | |
| 65 // A FuzzerContext holds fuzzer input, as well as each of the decoder and | |
| 66 // encoder stages which fuzzed header blocks are processed through. | |
| 67 struct NET_EXPORT_PRIVATE FuzzerContext { | |
| 68 FuzzerContext(); | |
| 69 ~FuzzerContext(); | |
| 70 scoped_ptr<HpackDecoder> first_stage; | |
| 71 scoped_ptr<HpackEncoder> second_stage; | |
| 72 scoped_ptr<HpackDecoder> third_stage; | |
| 73 }; | |
| 74 | |
| 75 static void InitializeFuzzerContext(FuzzerContext* context); | |
| 76 | |
| 77 // Runs |input_block| through |first_stage| and, iff that succeeds, | |
| 78 // |second_stage| and |third_stage| as well. Returns whether all stages | |
| 79 // processed the input without error. | |
| 80 static bool RunHeaderBlockThroughFuzzerStages(FuzzerContext* context, | |
| 81 base::StringPiece input_block); | |
| 82 | |
| 83 // Flips random bits within |buffer|. The total number of flips is | |
| 84 // |flip_per_thousand| bits for every 1,024 bytes of |buffer_length|, | |
| 85 // rounding up. | |
| 86 static void FlipBits(uint8* buffer, | |
| 87 size_t buffer_length, | |
| 88 size_t flip_per_thousand); | |
| 89 }; | |
| 90 | |
| 91 } // namespace net | |
| 92 | |
| 93 #endif // NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master