net/websockets/websocket_deflate_stream_fuzzer.cc - Issue 2308443002: Make FuzzedDataProvider vend std::strings

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: net/websockets/websocket_deflate_stream_fuzzer.cc

Issue 2308443002: Make FuzzedDataProvider vend std::strings (Closed)

Patch Set: thestig review Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <stddef.h>	5 #include <stddef.h>

6 #include <stdint.h>	6 #include <stdint.h>

7	7

8 #include <memory>	8 #include <memory>

9 #include <string>	9 #include <string>

10 #include <vector>	10 #include <vector>

(...skipping 49 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
60 auto frame = base::MakeUnique<WebSocketFrame>(opcode);	60 auto frame = base::MakeUnique<WebSocketFrame>(opcode);

61 // Bad news: ConsumeBool actually consumes a whole byte per call, so do	61 // Bad news: ConsumeBool actually consumes a whole byte per call, so do

62 // something hacky to conserve precious bits.	62 // something hacky to conserve precious bits.

63 uint8_t flags = fuzzed_data_provider_.ConsumeUint8();	63 uint8_t flags = fuzzed_data_provider_.ConsumeUint8();

64 frame->header.final = flags & 0x1;	64 frame->header.final = flags & 0x1;

65 frame->header.reserved1 = (flags >> 1) & 0x1;	65 frame->header.reserved1 = (flags >> 1) & 0x1;

66 frame->header.reserved2 = (flags >> 2) & 0x1;	66 frame->header.reserved2 = (flags >> 2) & 0x1;

67 frame->header.reserved3 = (flags >> 3) & 0x1;	67 frame->header.reserved3 = (flags >> 3) & 0x1;

68 frame->header.masked = (flags >> 4) & 0x1;	68 frame->header.masked = (flags >> 4) & 0x1;

69 uint64_t payload_length = fuzzed_data_provider_.ConsumeInt32InRange(0, 64);	69 uint64_t payload_length = fuzzed_data_provider_.ConsumeInt32InRange(0, 64);

70 base::StringPiece payload =	70 std::string payload = fuzzed_data_provider_.ConsumeBytes(payload_length);

71 fuzzed_data_provider_.ConsumeBytes(payload_length);	71 frame->data = new StringIOBuffer(payload);

72 frame->data = new WrappedIOBuffer(payload.data());

73 frame->header.payload_length = payload.size();	72 frame->header.payload_length = payload.size();

74 return frame;	73 return frame;

75 }	74 }

76	75

77 base::FuzzedDataProvider fuzzed_data_provider_;	76 base::FuzzedDataProvider fuzzed_data_provider_;

78 };	77 };

79	78

80 void WebSocketDeflateStreamFuzz(const uint8_t* data, size_t size) {	79 void WebSocketDeflateStreamFuzz(const uint8_t* data, size_t size) {

81 // WebSocketDeflateStream needs to be constructed on each call because it	80 // WebSocketDeflateStream needs to be constructed on each call because it

82 // has state.	81 // has state.

(...skipping 11 matching lines...) Expand all Loading...
94 } // namespace	93 } // namespace

95	94

96 } // namespace net	95 } // namespace net

97	96

98 // Entry point for LibFuzzer.	97 // Entry point for LibFuzzer.

99 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {	98 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

100 net::WebSocketDeflateStreamFuzz(data, size);	99 net::WebSocketDeflateStreamFuzz(data, size);

101	100

102 return 0;	101 return 0;

103 }	102 }

OLD	NEW

« no previous file with comments | « net/url_request/url_request_data_job_fuzzer.cc ('k') | net/websockets/websocket_frame_parser_fuzzer.cc » ('j') | no next file with comments »