1 // Copyright 2024 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 6 #define TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 7 8 #include <unordered_map> 9 10 #include "base/memory/raw_ptr.h" 11 #include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h" 12 #include "third_party/blink/public/common/thread_safe_browser_interface_broker_proxy.h" 13 #include "third_party/blink/public/platform/browser_interface_broker_proxy.h" 14 15 class RendererFuzzerBase { 16 public: 17 virtual void Run( 18 const blink::BrowserInterfaceBrokerProxy* context_interface_broker_proxy, 19 blink::ThreadSafeBrowserInterfaceBrokerProxy* 20 process_interface_broker_proxy, 21 blink::AssociatedInterfaceProvider* associated_interface_provider, 22 std::vector<uint8_t>&& input, 23 base::OnceClosure done_closure) = 0; 24 virtual const char* Id() = 0; 25 }; 26 27 class RendererFuzzing { 28 private: 29 std::unordered_map<std::string, raw_ptr<RendererFuzzerBase, CtnExperimental>> 30 fuzzers_; 31 32 public: RegisterFuzzer(RendererFuzzerBase * fuzzer)33 bool RegisterFuzzer(RendererFuzzerBase* fuzzer) { 34 fuzzers_[fuzzer->Id()] = fuzzer; 35 return true; 36 } 37 38 static void Run( 39 const blink::BrowserInterfaceBrokerProxy* context_interface_broker_proxy, 40 blink::ThreadSafeBrowserInterfaceBrokerProxy* 41 process_interface_broker_proxy, 42 blink::AssociatedInterfaceProvider* associated_interface_provider, 43 const std::string& fuzzer_id, 44 std::vector<uint8_t>&& input, 45 base::OnceClosure done_closure); 46 47 static RendererFuzzing* GetInstance(); 48 }; 49 50 #define REGISTER_RENDERER_FUZZER(klass) \ 51 static bool RegisterFuzzerForClass_##T = \ 52 RendererFuzzing::GetInstance()->RegisterFuzzer(new klass) 53 54 #endif // TESTING_LIBFUZZER_RENDERER_FUZZING_RENDERER_FUZZING_H_ 55