1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stddef.h>
6 #include <stdint.h>
7
8 #include <string>
9 #include <tuple>
10
11 #include "base/strings/string_tokenizer.h"
12
GetAllTokens(base::StringTokenizer & t)13 void GetAllTokens(base::StringTokenizer& t) {
14 while (t.GetNext()) {
15 std::ignore = t.token();
16 }
17 }
18
19 // Entry point for LibFuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)20 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
21 uint8_t size_t_bytes = sizeof(size_t);
22 if (size < size_t_bytes + 1) {
23 return 0;
24 }
25
26 // Calculate pattern size based on remaining bytes, otherwise fuzzing is
27 // inefficient with bailouts in most cases.
28 size_t pattern_size =
29 *reinterpret_cast<const size_t*>(data) % (size - size_t_bytes);
30
31 std::string pattern(reinterpret_cast<const char*>(data + size_t_bytes),
32 pattern_size);
33 std::string input(
34 reinterpret_cast<const char*>(data + size_t_bytes + pattern_size),
35 size - pattern_size - size_t_bytes);
36
37 // Allow quote_chars and options to be set. Otherwise full coverage
38 // won't be possible since IsQuote, FullGetNext and other functions
39 // won't be called.
40 for (bool return_delims : {false, true}) {
41 for (bool return_empty_strings : {false, true}) {
42 int options = 0;
43 if (return_delims)
44 options |= base::StringTokenizer::RETURN_DELIMS;
45 if (return_empty_strings)
46 options |= base::StringTokenizer::RETURN_EMPTY_TOKENS;
47
48 base::StringTokenizer t(input, pattern);
49 t.set_options(options);
50 GetAllTokens(t);
51
52 base::StringTokenizer t_quote(input, pattern);
53 t_quote.set_quote_chars("\"");
54 t_quote.set_options(options);
55 GetAllTokens(t_quote);
56 }
57 }
58
59 return 0;
60 }
61