• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "base/json/string_escape.h"
6 
7 #include <memory>
8 
9 // Entry point for LibFuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)10 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
11   if (size < 2)
12     return 0;
13 
14   const bool put_in_quotes = data[size - 1];
15 
16   // Create a copy of input buffer, as otherwise we don't catch
17   // overflow that touches the last byte (which is used in put_in_quotes).
18   size_t actual_size_char8 = size - 1;
19   std::unique_ptr<char[]> input(new char[actual_size_char8]);
20   memcpy(input.get(), data, actual_size_char8);
21 
22   base::StringPiece input_string(input.get(), actual_size_char8);
23   std::string escaped_string;
24   base::EscapeJSONString(input_string, put_in_quotes, &escaped_string);
25 
26   // Test for wide-strings if available size is even.
27   if (actual_size_char8 & 1)
28     return 0;
29 
30   size_t actual_size_char16 = actual_size_char8 / 2;
31   base::StringPiece16 input_string16(
32       reinterpret_cast<base::char16*>(input.get()), actual_size_char16);
33   escaped_string.clear();
34   base::EscapeJSONString(input_string16, put_in_quotes, &escaped_string);
35 
36   return 0;
37 }
38