File: fuzzed_data_provider.h

package info (click to toggle)
chromium-browser 57.0.2987.98-1~deb8u1
  • links: PTS, VCS
  • area: main
  • in suites: jessie
  • size: 2,637,852 kB
  • ctags: 2,544,394
  • sloc: cpp: 12,815,961; ansic: 3,676,222; python: 1,147,112; asm: 526,608; java: 523,212; xml: 286,794; perl: 92,654; sh: 86,408; objc: 73,271; makefile: 27,698; cs: 18,487; yacc: 13,031; tcl: 12,957; pascal: 4,875; ml: 4,716; lex: 3,904; sql: 3,862; ruby: 1,982; lisp: 1,508; php: 1,368; exp: 404; awk: 325; csh: 117; jsp: 39; sed: 37
file content (80 lines) | stat: -rw-r--r-- 3,030 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef BASE_TEST_FUZZED_DATA_PROVIDER_H_
#define BASE_TEST_FUZZED_DATA_PROVIDER_H_

#include <stdint.h>

#include <string>

#include "base/base_export.h"
#include "base/macros.h"
#include "base/strings/string_piece.h"

namespace base {

// Utility class to break up fuzzer input for multiple consumers. Whenever run
// on the same input, provides the same output, as long as its methods are
// called in the same order, with the same arguments.
class FuzzedDataProvider {
 public:
  // |data| is an array of length |size| that the FuzzedDataProvider wraps to
  // provide more granular access. |data| must outlive the FuzzedDataProvider.
  FuzzedDataProvider(const uint8_t* data, size_t size);
  ~FuzzedDataProvider();

  // Returns a std::string containing |num_bytes| of input data. If fewer than
  // |num_bytes| of data remain, returns a shorter std::string containing all
  // of the data that's left.
  std::string ConsumeBytes(size_t num_bytes);

  // Returns a std::string containing all remaining bytes of the input data.
  std::string ConsumeRemainingBytes();

  // Returns a std::string of length from 0 to |max_length|. When it runs out of
  // input data, returns what remains of the input. Designed to be more stable
  // with respect to a fuzzer inserting characters than just picking a random
  // length and then consuming that many bytes with ConsumeBytes().
  std::string ConsumeRandomLengthString(size_t max_length);

  // Returns a number in the range [min, max] by consuming bytes from the input
  // data. The value might not be uniformly distributed in the given range. If
  // there's no input data left, always returns |min|. |min| must be less than
  // or equal to |max|.
  uint32_t ConsumeUint32InRange(uint32_t min, uint32_t max);
  int ConsumeInt32InRange(int min, int max);

  // Returns a bool, or false when no data remains.
  bool ConsumeBool();

  // Returns a uint8_t from the input or 0 if nothing remains. This is
  // equivalent to ConsumeUint32InRange(0, 0xFF).
  uint8_t ConsumeUint8();

  // Returns a uint16_t from the input. If fewer than 2 bytes of data remain
  // will fill the most significant bytes with 0. This is equivalent to
  // ConsumeUint32InRange(0, 0xFFFF).
  uint16_t ConsumeUint16();

  // Returns a value from |array|, consuming as many bytes as needed to do so.
  // |array| must be a fixed-size array. Equivalent to
  // array[ConsumeUint32InRange(sizeof(array)-1)];
  template <typename Type, size_t size>
  Type PickValueInArray(Type (&array)[size]) {
    return array[ConsumeUint32InRange(0, size - 1)];
  }

  // Reports the remaining bytes available for fuzzed input.
  size_t remaining_bytes() { return remaining_data_.length(); }

 private:
  StringPiece remaining_data_;

  DISALLOW_COPY_AND_ASSIGN(FuzzedDataProvider);
};

}  // namespace base

#endif  // BASE_TEST_FUZZED_DATA_PROVIDER_H_