1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stddef.h>
6 #include <stdint.h>
7
8 #include <string>
9
10 #include "base/strings/string_tokenizer.h"
11
GetAllTokens(base::StringTokenizer & t)12 void GetAllTokens(base::StringTokenizer& t) {
13 while (t.GetNext()) {
14 (void)t.token();
15 }
16 }
17
18 // Entry point for LibFuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)19 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
20 uint8_t size_t_bytes = sizeof(size_t);
21 if (size < size_t_bytes + 1) {
22 return 0;
23 }
24
25 // Calculate pattern size based on remaining bytes, otherwise fuzzing is
26 // inefficient with bailouts in most cases.
27 size_t pattern_size =
28 *reinterpret_cast<const size_t*>(data) % (size - size_t_bytes);
29
30 std::string pattern(reinterpret_cast<const char*>(data + size_t_bytes),
31 pattern_size);
32 std::string input(
33 reinterpret_cast<const char*>(data + size_t_bytes + pattern_size),
34 size - pattern_size - size_t_bytes);
35
36 // Allow quote_chars and options to be set. Otherwise full coverage
37 // won't be possible since IsQuote, FullGetNext and other functions
38 // won't be called.
39 base::StringTokenizer t(input, pattern);
40 GetAllTokens(t);
41
42 base::StringTokenizer t_quote(input, pattern);
43 t_quote.set_quote_chars("\"");
44 GetAllTokens(t_quote);
45
46 base::StringTokenizer t_options(input, pattern);
47 t_options.set_options(base::StringTokenizer::RETURN_DELIMS);
48 GetAllTokens(t_options);
49
50 base::StringTokenizer t_quote_and_options(input, pattern);
51 t_quote_and_options.set_quote_chars("\"");
52 t_quote_and_options.set_options(base::StringTokenizer::RETURN_DELIMS);
53 GetAllTokens(t_quote_and_options);
54
55 return 0;
56 }
57