1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifdef UNSAFE_BUFFERS_BUILD
6 // TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
7 #pragma allow_unsafe_buffers
8 #endif
9
10 #include <stddef.h>
11 #include <stdint.h>
12
13 #include <string>
14 #include <tuple>
15
16 #include "base/strings/string_tokenizer.h"
17
GetAllTokens(base::StringTokenizer & t)18 void GetAllTokens(base::StringTokenizer& t) {
19 while (t.GetNext()) {
20 std::ignore = t.token();
21 }
22 }
23
24 // Entry point for LibFuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)25 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
26 uint8_t size_t_bytes = sizeof(size_t);
27 if (size < size_t_bytes + 1) {
28 return 0;
29 }
30
31 // Calculate pattern size based on remaining bytes, otherwise fuzzing is
32 // inefficient with bailouts in most cases.
33 size_t pattern_size =
34 *reinterpret_cast<const size_t*>(data) % (size - size_t_bytes);
35
36 std::string pattern(reinterpret_cast<const char*>(data + size_t_bytes),
37 pattern_size);
38 std::string input(
39 reinterpret_cast<const char*>(data + size_t_bytes + pattern_size),
40 size - pattern_size - size_t_bytes);
41
42 // Allow quote_chars and options to be set. Otherwise full coverage
43 // won't be possible since IsQuote, FullGetNext and other functions
44 // won't be called.
45 for (bool return_delims : {false, true}) {
46 for (bool return_empty_strings : {false, true}) {
47 int options = 0;
48 if (return_delims)
49 options |= base::StringTokenizer::RETURN_DELIMS;
50 if (return_empty_strings)
51 options |= base::StringTokenizer::RETURN_EMPTY_TOKENS;
52
53 base::StringTokenizer t(input, pattern);
54 t.set_options(options);
55 GetAllTokens(t);
56
57 base::StringTokenizer t_quote(input, pattern);
58 t_quote.set_quote_chars("\"");
59 t_quote.set_options(options);
60 GetAllTokens(t_quote);
61 }
62 }
63
64 return 0;
65 }
66