• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BASE_TEST_FUZZED_DATA_PROVIDER_H_
6 #define BASE_TEST_FUZZED_DATA_PROVIDER_H_
7 
8 #include <stdint.h>
9 
10 #include <string>
11 
12 #include "base/base_export.h"
13 #include "base/macros.h"
14 #include "base/strings/string_piece.h"
15 
16 namespace base {
17 
18 // Utility class to break up fuzzer input for multiple consumers. Whenever run
19 // on the same input, provides the same output, as long as its methods are
20 // called in the same order, with the same arguments.
21 class FuzzedDataProvider {
22  public:
23   // |data| is an array of length |size| that the FuzzedDataProvider wraps to
24   // provide more granular access. |data| must outlive the FuzzedDataProvider.
25   FuzzedDataProvider(const uint8_t* data, size_t size);
26   ~FuzzedDataProvider();
27 
28   // Returns a std::string containing |num_bytes| of input data. If fewer than
29   // |num_bytes| of data remain, returns a shorter std::string containing all
30   // of the data that's left.
31   std::string ConsumeBytes(size_t num_bytes);
32 
33   // Returns a std::string containing all remaining bytes of the input data.
34   std::string ConsumeRemainingBytes();
35 
36   // Returns a std::string of length from 0 to |max_length|. When it runs out of
37   // input data, returns what remains of the input. Designed to be more stable
38   // with respect to a fuzzer inserting characters than just picking a random
39   // length and then consuming that many bytes with ConsumeBytes().
40   std::string ConsumeRandomLengthString(size_t max_length);
41 
42   // Returns a number in the range [min, max] by consuming bytes from the input
43   // data. The value might not be uniformly distributed in the given range. If
44   // there's no input data left, always returns |min|. |min| must be less than
45   // or equal to |max|.
46   uint32_t ConsumeUint32InRange(uint32_t min, uint32_t max);
47   int ConsumeInt32InRange(int min, int max);
48 
49   // Returns a bool, or false when no data remains.
50   bool ConsumeBool();
51 
52   // Returns a uint8_t from the input or 0 if nothing remains. This is
53   // equivalent to ConsumeUint32InRange(0, 0xFF).
54   uint8_t ConsumeUint8();
55 
56   // Returns a uint16_t from the input. If fewer than 2 bytes of data remain
57   // will fill the most significant bytes with 0. This is equivalent to
58   // ConsumeUint32InRange(0, 0xFFFF).
59   uint16_t ConsumeUint16();
60 
61   // Returns a value from |array|, consuming as many bytes as needed to do so.
62   // |array| must be a fixed-size array. Equivalent to
63   // array[ConsumeUint32InRange(sizeof(array)-1)];
64   template <typename Type, size_t size>
PickValueInArray(Type (& array)[size])65   Type PickValueInArray(Type (&array)[size]) {
66     return array[ConsumeUint32InRange(0, size - 1)];
67   }
68 
69   // Reports the remaining bytes available for fuzzed input.
remaining_bytes()70   size_t remaining_bytes() { return remaining_data_.length(); }
71 
72  private:
73   StringPiece remaining_data_;
74 
75   DISALLOW_COPY_AND_ASSIGN(FuzzedDataProvider);
76 };
77 
78 }  // namespace base
79 
80 #endif  // BASE_TEST_FUZZED_DATA_PROVIDER_H_
81