| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "bindings/core/v8/SerializedScriptValue.h" | 5 #include "bindings/core/v8/SerializedScriptValue.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <cstddef> | 8 #include <cstddef> |
| 9 #include <cstdint> | 9 #include <cstdint> |
| 10 | 10 |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 61 | 61 |
| 62 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | 62 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 63 // Odd sizes are handled in various ways, depending how they arrive. | 63 // Odd sizes are handled in various ways, depending how they arrive. |
| 64 // Let's not worry about that case here. | 64 // Let's not worry about that case here. |
| 65 if (size % sizeof(UChar)) | 65 if (size % sizeof(UChar)) |
| 66 return 0; | 66 return 0; |
| 67 | 67 |
| 68 // Used to control what kind of extra data is provided to the deserializer. | 68 // Used to control what kind of extra data is provided to the deserializer. |
| 69 unsigned hash = StringHasher::hashMemory(data, size); | 69 unsigned hash = StringHasher::hashMemory(data, size); |
| 70 | 70 |
| 71 SerializedScriptValue::DeserializeOptions options; |
| 72 |
| 71 // If message ports are requested, make some. | 73 // If message ports are requested, make some. |
| 72 MessagePortArray* messagePorts = nullptr; | 74 MessagePortArray* messagePorts = nullptr; |
| 73 if (hash & kFuzzMessagePorts) { | 75 if (hash & kFuzzMessagePorts) { |
| 74 messagePorts = new MessagePortArray(3); | 76 options.messagePorts = new MessagePortArray(3); |
| 75 std::generate(messagePorts->begin(), messagePorts->end(), []() { | 77 std::generate(messagePorts->begin(), messagePorts->end(), []() { |
| 76 WebMessagePortChannelUniquePtr channel(new WebMessagePortChannelImpl()); | 78 WebMessagePortChannelUniquePtr channel(new WebMessagePortChannelImpl()); |
| 77 MessagePort* port = MessagePort::create(pageHolder->document()); | 79 MessagePort* port = MessagePort::create(pageHolder->document()); |
| 78 port->entangle(std::move(channel)); | 80 port->entangle(std::move(channel)); |
| 79 return port; | 81 return port; |
| 80 }); | 82 }); |
| 81 } | 83 } |
| 82 | 84 |
| 83 // If blobs are requested, supply blob info. | 85 // If blobs are requested, supply blob info. |
| 84 const auto* blobs = (hash & kFuzzBlobInfo) ? blobInfoArray : nullptr; | 86 options.blobInfo = (hash & kFuzzBlobInfo) ? blobInfoArray : nullptr; |
| 85 | 87 |
| 86 // Set up. | 88 // Set up. |
| 87 ScriptState* scriptState = ScriptState::forMainWorld(&pageHolder->frame()); | 89 ScriptState* scriptState = ScriptState::forMainWorld(&pageHolder->frame()); |
| 88 v8::Isolate* isolate = scriptState->isolate(); | 90 v8::Isolate* isolate = scriptState->isolate(); |
| 89 ScriptState::Scope scope(scriptState); | 91 ScriptState::Scope scope(scriptState); |
| 90 v8::TryCatch tryCatch(isolate); | 92 v8::TryCatch tryCatch(isolate); |
| 91 | 93 |
| 92 // Deserialize. | 94 // Deserialize. |
| 93 RefPtr<SerializedScriptValue> serializedScriptValue = | 95 RefPtr<SerializedScriptValue> serializedScriptValue = |
| 94 SerializedScriptValue::create(reinterpret_cast<const char*>(data), size); | 96 SerializedScriptValue::create(reinterpret_cast<const char*>(data), size); |
| 95 serializedScriptValue->deserialize(isolate, messagePorts, blobs); | 97 serializedScriptValue->deserialize(isolate, options); |
| 96 CHECK(!tryCatch.HasCaught()) | 98 CHECK(!tryCatch.HasCaught()) |
| 97 << "deserialize() should return null rather than throwing an exception."; | 99 << "deserialize() should return null rather than throwing an exception."; |
| 98 | 100 |
| 99 // Request a V8 GC. Oilpan will be invoked by the GC epilogue. | 101 // Request a V8 GC. Oilpan will be invoked by the GC epilogue. |
| 100 // | 102 // |
| 101 // Multiple GCs may be required to ensure everything is collected (due to | 103 // Multiple GCs may be required to ensure everything is collected (due to |
| 102 // a chain of persistent handles), so some objects may not be collected until | 104 // a chain of persistent handles), so some objects may not be collected until |
| 103 // a subsequent iteration. This is slow enough as is, so we compromise on one | 105 // a subsequent iteration. This is slow enough as is, so we compromise on one |
| 104 // major GC, as opposed to the 5 used in V8GCController for unit tests. | 106 // major GC, as opposed to the 5 used in V8GCController for unit tests. |
| 105 V8PerIsolateData::mainThreadIsolate()->RequestGarbageCollectionForTesting( | 107 V8PerIsolateData::mainThreadIsolate()->RequestGarbageCollectionForTesting( |
| 106 v8::Isolate::kFullGarbageCollection); | 108 v8::Isolate::kFullGarbageCollection); |
| 107 | 109 |
| 108 return 0; | 110 return 0; |
| 109 } | 111 } |
| 110 | 112 |
| 111 } // namespace blink | 113 } // namespace blink |
| 112 | 114 |
| 113 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { | 115 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { |
| 114 return blink::LLVMFuzzerInitialize(argc, argv); | 116 return blink::LLVMFuzzerInitialize(argc, argv); |
| 115 } | 117 } |
| 116 | 118 |
| 117 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | 119 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { |
| 118 return blink::LLVMFuzzerTestOneInput(data, size); | 120 return blink::LLVMFuzzerTestOneInput(data, size); |
| 119 } | 121 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2755383004:
Encapsulate optional SerializedScriptValue serialize/deserialize parameters. (Closed)
