commit c416f80a900acf43478a6ad469ed0fa4af2e35aa
author Max Moroz <mmoroz@chromium.org> Wed Nov 21 22:15:42 2018
committer Commit Bot <commit-bot@chromium.org> Wed Nov 21 22:15:42 2018
tree d29c19638556d84bbe54f4dd57df8c299fd3c68a
parent 9cc972342b18b81244dabf6bfa5364a1ecc19def

Refactor base::FuzzedDataProvider and fix the calling sites. The main goals:

1) Avoid using std::string as a container for non-string data. The problem
   is that the underlying std::string buffer is bigger than the data we put
   inside (at least by 1 byte (null terminator), and might be even bigger).
   This may hide buffer overflow errors from ASan.

2) Make FuzzedDataProvider portable (remove //base dependency).

3) Make the types it returns more explicit (e.g. `int32_t` instead of `int`).

Bug: 907103, 906080
Change-Id: Ibe1cd5ef6cb72140459a8ba3ac301f8c2bef48b9
Reviewed-on: https://chromium-review.googlesource.com/c/1344993
Commit-Queue: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Cait Phillips <caitkp@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Oliver Chang <ochang@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610236}

net/websockets/websocket_frame_parser_fuzzer.cc

diff --git a/net/websockets/websocket_frame_parser_fuzzer.cc b/net/websockets/websocket_frame_parser_fuzzer.cc
index 5320af4..112a8db 100644
--- a/net/websockets/websocket_frame_parser_fuzzer.cc
+++ b/net/websockets/websocket_frame_parser_fuzzer.cc
@@ -17,7 +17,8 @@
   std::vector<std::unique_ptr<net::WebSocketFrameChunk>> frame_chunks;
   while (fuzzed_data_provider.remaining_bytes() > 0) {
     size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
-    std::string chunk = fuzzed_data_provider.ConsumeBytes(chunk_size);
+    std::vector<char> chunk =
+        fuzzed_data_provider.ConsumeBytes<char>(chunk_size);
     parser.Decode(chunk.data(), chunk.size(), &frame_chunks);
   }
   return 0;