| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <string> | 6 #include <string> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/memory/singleton.h" | 9 #include "base/memory/singleton.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 47 uint32_t buf_size = provider.ConsumeUint32InRange(1, 127); // 7 bits. | 47 uint32_t buf_size = provider.ConsumeUint32InRange(1, 127); // 7 bits. |
| 48 scoped_refptr<net::IOBuffer> buf( | 48 scoped_refptr<net::IOBuffer> buf( |
| 49 new net::IOBuffer(static_cast<size_t>(buf_size))); | 49 new net::IOBuffer(static_cast<size_t>(buf_size))); |
| 50 buf_.swap(buf); | 50 buf_.swap(buf); |
| 51 | 51 |
| 52 // Generate a range header, and a bool determining whether to use it. | 52 // Generate a range header, and a bool determining whether to use it. |
| 53 // Generate the header regardless of the bool value to keep the data URL and | 53 // Generate the header regardless of the bool value to keep the data URL and |
| 54 // header in consistent byte addresses so the fuzzer doesn't have to work as | 54 // header in consistent byte addresses so the fuzzer doesn't have to work as |
| 55 // hard. | 55 // hard. |
| 56 bool use_range = provider.ConsumeBool(); | 56 bool use_range = provider.ConsumeBool(); |
| 57 base::StringPiece range(provider.ConsumeBytes(kMaxLengthForFuzzedRange)); | 57 std::string range(provider.ConsumeBytes(kMaxLengthForFuzzedRange)); |
| 58 | 58 |
| 59 // Generate a sequence of reads sufficient to read the entire data URL. | 59 // Generate a sequence of reads sufficient to read the entire data URL. |
| 60 size_t simulated_bytes_read = 0; | 60 size_t simulated_bytes_read = 0; |
| 61 while (simulated_bytes_read < provider.remaining_bytes()) { | 61 while (simulated_bytes_read < provider.remaining_bytes()) { |
| 62 size_t read_length = provider.ConsumeUint32InRange(1, buf_size); | 62 size_t read_length = provider.ConsumeUint32InRange(1, buf_size); |
| 63 read_lengths_.push_back(read_length); | 63 read_lengths_.push_back(read_length); |
| 64 simulated_bytes_read += read_length; | 64 simulated_bytes_read += read_length; |
| 65 } | 65 } |
| 66 | 66 |
| 67 // The data URL is the rest of the fuzzed data with "data:" prepended, to | 67 // The data URL is the rest of the fuzzed data with "data:" prepended, to |
| 68 // ensure that if it's a URL, it's a data URL. If the URL is invalid just | 68 // ensure that if it's a URL, it's a data URL. If the URL is invalid just |
| 69 // use a test variant, so the fuzzer has a chance to execute something. | 69 // use a test variant, so the fuzzer has a chance to execute something. |
| 70 std::string data_url_string = | 70 std::string data_url_string = |
| 71 std::string("data:") + provider.ConsumeRemainingBytes().as_string(); | 71 std::string("data:") + provider.ConsumeRemainingBytes(); |
| 72 GURL data_url(data_url_string); | 72 GURL data_url(data_url_string); |
| 73 if (!data_url.is_valid()) | 73 if (!data_url.is_valid()) |
| 74 data_url = GURL("data:text/html;charset=utf-8,<p>test</p>"); | 74 data_url = GURL("data:text/html;charset=utf-8,<p>test</p>"); |
| 75 | 75 |
| 76 // Create a URLRequest with the given data URL and start reading | 76 // Create a URLRequest with the given data URL and start reading |
| 77 // from it. | 77 // from it. |
| 78 std::unique_ptr<net::URLRequest> request = | 78 std::unique_ptr<net::URLRequest> request = |
| 79 context_.CreateRequest(data_url, net::DEFAULT_PRIORITY, this); | 79 context_.CreateRequest(data_url, net::DEFAULT_PRIORITY, this); |
| 80 if (use_range) { | 80 if (use_range) { |
| 81 std::string range_str = range.as_string(); | 81 if (!net::HttpUtil::IsValidHeaderValue(range)) |
| 82 if (!net::HttpUtil::IsValidHeaderValue(range_str)) | 82 range = "bytes=3-"; |
| 83 range_str = "bytes=3-"; | 83 request->SetExtraRequestHeaderByName("Range", range, true); |
| 84 request->SetExtraRequestHeaderByName("Range", range_str, true); | |
| 85 } | 84 } |
| 86 | 85 |
| 87 // Block the thread while the request is read. | 86 // Block the thread while the request is read. |
| 88 base::RunLoop read_loop; | 87 base::RunLoop read_loop; |
| 89 read_loop_ = &read_loop; | 88 read_loop_ = &read_loop; |
| 90 request->Start(); | 89 request->Start(); |
| 91 read_loop.Run(); | 90 read_loop.Run(); |
| 92 read_loop_ = nullptr; | 91 read_loop_ = nullptr; |
| 93 return 0; | 92 return 0; |
| 94 } | 93 } |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 base::RunLoop* read_loop_; | 162 base::RunLoop* read_loop_; |
| 164 | 163 |
| 165 DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness); | 164 DISALLOW_COPY_AND_ASSIGN(URLRequestDataJobFuzzerHarness); |
| 166 }; | 165 }; |
| 167 | 166 |
| 168 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | 167 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 169 // Using a static singleton test harness lets the test run ~3-4x faster. | 168 // Using a static singleton test harness lets the test run ~3-4x faster. |
| 170 return URLRequestDataJobFuzzerHarness::GetInstance() | 169 return URLRequestDataJobFuzzerHarness::GetInstance() |
| 171 ->CreateAndReadFromDataURLRequest(data, size); | 170 ->CreateAndReadFromDataURLRequest(data, size); |
| 172 } | 171 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2308443002:
Make FuzzedDataProvider vend std::strings (Closed)
