1 // Copyright 2018 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <fuzzer/FuzzedDataProvider.h>
9 #include "base/pickle.h"
12 constexpr int kIterations = 16;
13 constexpr int kReadControlBytes = 32;
14 constexpr int kReadDataTypes = 17;
15 constexpr int kMaxReadLength = 1024;
16 constexpr int kMaxSkipBytes = 1024;
19 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
20 if (size < kReadControlBytes) {
23 // Use the first kReadControlBytes bytes of the fuzzer input to control how
24 // the pickled data is read.
25 FuzzedDataProvider data_provider(data, kReadControlBytes);
26 data += kReadControlBytes;
27 size -= kReadControlBytes;
29 base::Pickle pickle(reinterpret_cast<const char*>(data), size);
30 base::PickleIterator iter(pickle);
31 for (int i = 0; i < kIterations; i++) {
32 uint8_t read_type = data_provider.ConsumeIntegral<uint8_t>();
33 switch (read_type % kReadDataTypes) {
36 std::ignore = iter.ReadBool(&result);
41 std::ignore = iter.ReadInt(&result);
46 std::ignore = iter.ReadLong(&result);
51 std::ignore = iter.ReadUInt16(&result);
56 std::ignore = iter.ReadUInt32(&result);
61 std::ignore = iter.ReadInt64(&result);
66 std::ignore = iter.ReadUInt64(&result);
71 std::ignore = iter.ReadFloat(&result);
76 std::ignore = iter.ReadDouble(&result);
81 std::ignore = iter.ReadString(&result);
85 base::StringPiece result;
86 std::ignore = iter.ReadStringPiece(&result);
90 std::u16string result;
91 std::ignore = iter.ReadString16(&result);
95 base::StringPiece16 result;
96 std::ignore = iter.ReadStringPiece16(&result);
100 const char* data_result = nullptr;
101 size_t length_result = 0;
102 std::ignore = iter.ReadData(&data_result, &length_result);
106 const char* data_result = nullptr;
108 data_provider.ConsumeIntegralInRange(0, kMaxReadLength);
110 iter.ReadBytes(&data_result, static_cast<size_t>(read_length));
115 std::ignore = iter.ReadLength(&result);
119 std::ignore = iter.SkipBytes(static_cast<size_t>(
120 data_provider.ConsumeIntegralInRange(0, kMaxSkipBytes)));