File: renderer_proto_tree_fuzzer.cc

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (100 lines) | stat: -rw-r--r-- 2,606 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Fuzzer for content/renderer

#include <stddef.h>
#include <stdint.h>
#include <memory>
#include <sstream>

#include "content/test/fuzzer/fuzzer_support.h"
#include "content/test/fuzzer/html_tree.pb.h"
#include "third_party/libprotobuf-mutator/src/src/libfuzzer/libfuzzer_macro.h"

namespace content {

class HtmlTreeWriter {
 public:
  HtmlTreeWriter() {}

  template <typename T>
  HtmlTreeWriter& operator<<(const T& t) {
    out_ << t;
    return *this;
  }

  std::string str() const { return out_.str(); }

 private:
  std::ostringstream out_;
};

static HtmlTreeWriter& operator<<(HtmlTreeWriter& w,
                                  const Attribute::Value& value) {
  switch (value.value_case()) {
    case Attribute::Value::kBoolValue:
      return w << (value.bool_value() ? "true" : "false");
    case Attribute::Value::kUintValue:
      return w << value.uint_value();
    case Attribute::Value::kIntValue:
      return w << value.int_value();
    case Attribute::Value::kDoubleValue:
      return w << value.double_value();
    case Attribute::Value::kPxValue:
      return w << value.px_value() << "px";
    case Attribute::Value::kPctValue:
      return w << value.pct_value() << "%";
    case Attribute::Value::VALUE_NOT_SET:
      return w;
  }
}

static HtmlTreeWriter& operator<<(HtmlTreeWriter& w,
                                  const Attribute::Name& name) {
  return w << Attribute_Name_Name(name);
}

static HtmlTreeWriter& operator<<(HtmlTreeWriter& w, const Attribute& attr) {
  return w << attr.name() << "=\"" << attr.value() << "\"";
}

static HtmlTreeWriter& operator<<(HtmlTreeWriter& w, const Tag::Name& tagName) {
  return w << Tag_Name_Name(tagName);
}

static void operator<<(HtmlTreeWriter& w, const Tag& tag) {
  w << "<" << tag.name();
  for (const auto& attr : tag.attrs()) {
    w << " " << attr;
  }

  w << ">";
  for (const auto& subtag : tag.subtags()) {
    w << subtag;
  }
  w << "</" << tag.name() << ">";
}

static void operator<<(HtmlTreeWriter& w, const Document& document) {
  w << document.root();
}

static std::string str(const Document& document) {
  HtmlTreeWriter writer;
  writer << document;
  return writer.str();
}

static Env* env = nullptr;

DEFINE_BINARY_PROTO_FUZZER(const Document& document) {
  // Environment has to be initialized in the same thread.
  if (env == nullptr)
    env = new Env();

  env->adapter->LoadHTML(str(document), "http://www.example.org");
}

}  // namespace content