Google Git
Sign in
chromium / chromium / src.git / 85285b04a02b765d7e4741f1e1588ae520c226d6 / . / base / pickle_fuzzer.cc
blob: 2f06f995ab25e4101f900a7bc8d9d83084178eee [file] [log] [blame]
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]1// Copyright 2018 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Max Moroz4905fa42019-08-29 13:52:36[diff] [blame]5#include <fuzzer/FuzzedDataProvider.h>
6
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]7#include "base/macros.h"
8#include "base/pickle.h"
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]9
10namespace {
11constexpr int kIterations = 16;
12constexpr int kReadControlBytes = 32;
13constexpr int kReadDataTypes = 17;
14constexpr int kMaxReadLength = 1024;
15constexpr int kMaxSkipBytes = 1024;
16} // namespace
17
18extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
19 if (size < kReadControlBytes) {
20 return 0;
21 }
22 // Use the first kReadControlBytes bytes of the fuzzer input to control how
23 // the pickled data is read.
Max Morozdc9c1c132019-07-01 23:45:15[diff] [blame]24 FuzzedDataProvider data_provider(data, kReadControlBytes);
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]25 data += kReadControlBytes;
26 size -= kReadControlBytes;
27
28 base::Pickle pickle(reinterpret_cast<const char*>(data), size);
29 base::PickleIterator iter(pickle);
30 for (int i = 0; i < kIterations; i++) {
Abhishek Arya3ca20a12018-11-28 18:56:02[diff] [blame]31 uint8_t read_type = data_provider.ConsumeIntegral<uint8_t>();
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]32 switch (read_type % kReadDataTypes) {
33 case 0: {
34 bool result = 0;
35 ignore_result(iter.ReadBool(&result));
36 break;
37 }
38 case 1: {
39 int result = 0;
40 ignore_result(iter.ReadInt(&result));
41 break;
42 }
43 case 2: {
44 long result = 0;
45 ignore_result(iter.ReadLong(&result));
46 break;
47 }
48 case 3: {
49 uint16_t result = 0;
50 ignore_result(iter.ReadUInt16(&result));
51 break;
52 }
53 case 4: {
54 uint32_t result = 0;
55 ignore_result(iter.ReadUInt32(&result));
56 break;
57 }
58 case 5: {
59 int64_t result = 0;
60 ignore_result(iter.ReadInt64(&result));
61 break;
62 }
63 case 6: {
64 uint64_t result = 0;
65 ignore_result(iter.ReadUInt64(&result));
66 break;
67 }
68 case 7: {
69 float result = 0;
70 ignore_result(iter.ReadFloat(&result));
71 break;
72 }
73 case 8: {
74 double result = 0;
75 ignore_result(iter.ReadDouble(&result));
76 break;
77 }
78 case 9: {
79 std::string result;
80 ignore_result(iter.ReadString(&result));
81 break;
82 }
83 case 10: {
84 base::StringPiece result;
85 ignore_result(iter.ReadStringPiece(&result));
86 break;
87 }
88 case 11: {
Jan Wilken Dörrie85285b02021-03-11 23:38:47[diff] [blame^]89 std::u16string result;
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]90 ignore_result(iter.ReadString16(&result));
91 break;
92 }
93 case 12: {
94 base::StringPiece16 result;
95 ignore_result(iter.ReadStringPiece16(&result));
96 break;
97 }
98 case 13: {
99 const char* data_result = nullptr;
100 int length_result = 0;
101 ignore_result(iter.ReadData(&data_result, &length_result));
102 break;
103 }
104 case 14: {
105 const char* data_result = nullptr;
Abhishek Arya5b644f62018-11-28 00:47:17[diff] [blame]106 int read_length =
107 data_provider.ConsumeIntegralInRange(0, kMaxReadLength);
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]108 ignore_result(iter.ReadBytes(&data_result, read_length));
109 break;
110 }
111 case 15: {
112 int result = 0;
113 ignore_result(iter.ReadLength(&result));
114 break;
115 }
116 case 16: {
117 ignore_result(iter.SkipBytes(
Abhishek Arya5b644f62018-11-28 00:47:17[diff] [blame]118 data_provider.ConsumeIntegralInRange(0, kMaxSkipBytes)));
Anand K. Mistry7404c0582018-11-21 16:17:51[diff] [blame]119 break;
120 }
121 }
122 }
123
124 return 0;
125}