1 // Copyright 2024 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 6 #define TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 7 8 #include <unordered_map> 9 10 #include "third_party/blink/public/common/browser_interface_broker_proxy.h" 11 #include "third_party/blink/public/common/thread_safe_browser_interface_broker_proxy.h" 12 13 class RendererFuzzerBase { 14 public: 15 virtual void Run( 16 const blink::BrowserInterfaceBrokerProxy* context_interface_broker_proxy, 17 blink::ThreadSafeBrowserInterfaceBrokerProxy* 18 process_interface_broker_proxy, 19 std::vector<uint8_t>&& input, 20 base::OnceClosure done_closure) = 0; 21 virtual const char* Id() = 0; 22 }; 23 24 class RendererFuzzing { 25 private: 26 std::unordered_map<std::string, RendererFuzzerBase*> fuzzers_; 27 28 public: RegisterFuzzer(RendererFuzzerBase * fuzzer)29 bool RegisterFuzzer(RendererFuzzerBase* fuzzer) { 30 fuzzers_[fuzzer->Id()] = fuzzer; 31 return true; 32 } 33 34 static void Run( 35 const blink::BrowserInterfaceBrokerProxy* context_interface_broker_proxy, 36 blink::ThreadSafeBrowserInterfaceBrokerProxy* 37 process_interface_broker_proxy, 38 const std::string& fuzzer_id, 39 std::vector<uint8_t>&& input, 40 base::OnceClosure done_closure); 41 42 static RendererFuzzing* GetInstance(); 43 }; 44 45 #define REGISTER_RENDERER_FUZZER(klass) \ 46 static bool RegisterFuzzerForClass_##T = \ 47 RendererFuzzing::GetInstance()->RegisterFuzzer(new klass) 48 49 #endif // TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 50