1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include <fuzzer/FuzzedDataProvider.h> 6 #include <stddef.h> 7 #include <stdint.h> 8 9 #include <memory> 10 #include <vector> 11 12 #include "base/containers/span.h" 13 #include "base/files/file_path.h" 14 #include "base/logging.h" 15 #include "base/time/time.h" 16 #include "net/dns/dns_response.h" 17 #include "net/dns/record_parsed.h" 18 InitLogging()19void InitLogging() { 20 // For debugging, it may be helpful to enable verbose logging by setting the 21 // minimum log level to (-LOGGING_FATAL). 22 logging::SetMinLogLevel(logging::LOGGING_FATAL); 23 24 logging::LoggingSettings settings; 25 settings.logging_dest = 26 logging::LOG_TO_SYSTEM_DEBUG_LOG | logging::LOG_TO_STDERR; 27 logging::InitLogging(settings); 28 } 29 30 // Entry point for LibFuzzer. LLVMFuzzerTestOneInput(const uint8_t * data_ptr,size_t size)31extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data_ptr, size_t size) { 32 // SAFETY: libfuzzer provides a valid pointer and size pair. 33 auto data = UNSAFE_BUFFERS(base::span(data_ptr, size)); 34 InitLogging(); 35 36 FuzzedDataProvider data_provider(data.data(), data.size()); 37 size_t num_records = data_provider.ConsumeIntegral<size_t>(); 38 std::vector<uint8_t> packet = data_provider.ConsumeRemainingBytes<uint8_t>(); 39 40 net::DnsRecordParser parser(packet, /*offset=*/0, num_records); 41 if (!parser.IsValid()) { 42 return 0; 43 } 44 45 base::Time time; 46 std::unique_ptr<const net::RecordParsed> record_parsed; 47 do { 48 record_parsed = net::RecordParsed::CreateFrom(&parser, time); 49 } while (record_parsed); 50 51 net::DnsResourceRecord record; 52 while (parser.ReadRecord(&record)) { 53 } 54 55 return 0; 56 } 57