File: string_escape_fuzzer.cc

package info (click to toggle)
chromium 120.0.6099.224-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 6,112,112 kB
  • sloc: cpp: 32,907,025; ansic: 8,148,123; javascript: 3,679,536; python: 2,031,248; asm: 959,718; java: 804,675; xml: 617,256; sh: 111,417; objc: 100,835; perl: 88,443; cs: 53,032; makefile: 29,579; fortran: 24,137; php: 21,162; tcl: 21,147; sql: 20,809; ruby: 17,735; pascal: 12,864; yacc: 8,045; lisp: 3,388; lex: 1,323; ada: 727; awk: 329; jsp: 267; csh: 117; exp: 43; sed: 37
file content (37 lines) | stat: -rw-r--r-- 1,243 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "base/json/string_escape.h"

#include <memory>

// Entry point for LibFuzzer.
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  if (size < 2)
    return 0;

  const bool put_in_quotes = data[size - 1];

  // Create a copy of input buffer, as otherwise we don't catch
  // overflow that touches the last byte (which is used in put_in_quotes).
  size_t actual_size_char8 = size - 1;
  std::unique_ptr<char[]> input(new char[actual_size_char8]);
  memcpy(input.get(), data, actual_size_char8);

  base::StringPiece input_string(input.get(), actual_size_char8);
  std::string escaped_string;
  base::EscapeJSONString(input_string, put_in_quotes, &escaped_string);

  // Test for wide-strings if available size is even.
  if (actual_size_char8 & 1)
    return 0;

  size_t actual_size_char16 = actual_size_char8 / 2;
  base::StringPiece16 input_string16(reinterpret_cast<char16_t*>(input.get()),
                                     actual_size_char16);
  escaped_string.clear();
  base::EscapeJSONString(input_string16, put_in_quotes, &escaped_string);

  return 0;
}