base/strings/string_tokenizer_fuzzer.cc

*635a8641SAndroid Build Coastguard Worker// Copyright 2015 The Chromium Authors. All rights reserved.
*635a8641SAndroid Build Coastguard Worker// Use of this source code is governed by a BSD-style license that can be
*635a8641SAndroid Build Coastguard Worker// found in the LICENSE file.
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker#include <stddef.h>
*635a8641SAndroid Build Coastguard Worker#include <stdint.h>
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker#include <string>
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker#include "base/strings/string_tokenizer.h"
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Workervoid GetAllTokens(base::StringTokenizer& t) {
*635a8641SAndroid Build Coastguard Worker  while (t.GetNext()) {
*635a8641SAndroid Build Coastguard Worker    (void)t.token();
*635a8641SAndroid Build Coastguard Worker  }
*635a8641SAndroid Build Coastguard Worker}
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker// Entry point for LibFuzzer.
*635a8641SAndroid Build Coastguard Workerextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
*635a8641SAndroid Build Coastguard Worker  uint8_t size_t_bytes = sizeof(size_t);
*635a8641SAndroid Build Coastguard Worker  if (size < size_t_bytes + 1) {
*635a8641SAndroid Build Coastguard Worker    return 0;
*635a8641SAndroid Build Coastguard Worker  }
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  // Calculate pattern size based on remaining bytes, otherwise fuzzing is
*635a8641SAndroid Build Coastguard Worker  // inefficient with bailouts in most cases.
*635a8641SAndroid Build Coastguard Worker  size_t pattern_size =
*635a8641SAndroid Build Coastguard Worker      *reinterpret_cast<const size_t*>(data) % (size - size_t_bytes);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  std::string pattern(reinterpret_cast<const char*>(data + size_t_bytes),
*635a8641SAndroid Build Coastguard Worker                      pattern_size);
*635a8641SAndroid Build Coastguard Worker  std::string input(
*635a8641SAndroid Build Coastguard Worker      reinterpret_cast<const char*>(data + size_t_bytes + pattern_size),
*635a8641SAndroid Build Coastguard Worker      size - pattern_size - size_t_bytes);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  // Allow quote_chars and options to be set. Otherwise full coverage
*635a8641SAndroid Build Coastguard Worker  // won't be possible since IsQuote, FullGetNext and other functions
*635a8641SAndroid Build Coastguard Worker  // won't be called.
*635a8641SAndroid Build Coastguard Worker  base::StringTokenizer t(input, pattern);
*635a8641SAndroid Build Coastguard Worker  GetAllTokens(t);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  base::StringTokenizer t_quote(input, pattern);
*635a8641SAndroid Build Coastguard Worker  t_quote.set_quote_chars("\"");
*635a8641SAndroid Build Coastguard Worker  GetAllTokens(t_quote);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  base::StringTokenizer t_options(input, pattern);
*635a8641SAndroid Build Coastguard Worker  t_options.set_options(base::StringTokenizer::RETURN_DELIMS);
*635a8641SAndroid Build Coastguard Worker  GetAllTokens(t_options);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  base::StringTokenizer t_quote_and_options(input, pattern);
*635a8641SAndroid Build Coastguard Worker  t_quote_and_options.set_quote_chars("\"");
*635a8641SAndroid Build Coastguard Worker  t_quote_and_options.set_options(base::StringTokenizer::RETURN_DELIMS);
*635a8641SAndroid Build Coastguard Worker  GetAllTokens(t_quote_and_options);
*635a8641SAndroid Build Coastguard Worker
*635a8641SAndroid Build Coastguard Worker  return 0;
*635a8641SAndroid Build Coastguard Worker}