1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
content / test / fuzzer / signed_exchange_envelope_fuzzer.cc [blame]
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/342213636): Remove this and spanify to fix the errors.
#pragma allow_unsafe_buffers
#endif
#include "base/at_exit.h"
#include "base/containers/span.h"
#include "base/i18n/icu_util.h"
#include "content/browser/web_package/signed_exchange_envelope.h" // nogncheck
#include "content/browser/web_package/signed_exchange_prologue.h" // nogncheck
namespace content {
namespace signed_exchange_prologue {
struct IcuEnvironment {
IcuEnvironment() { CHECK(base::i18n::InitializeICU()); }
// used by ICU integration.
base::AtExitManager at_exit_manager;
};
IcuEnvironment* env = new IcuEnvironment();
std::vector<uint8_t> CopyIntoSeparateBufferToSurfaceOutOfBoundAccess(
base::span<const uint8_t> data) {
return std::vector<uint8_t>(data.begin(), data.end());
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
if (size < BeforeFallbackUrl::kEncodedSizeInBytes)
return 0;
auto before_fallback_url_bytes =
CopyIntoSeparateBufferToSurfaceOutOfBoundAccess(
base::make_span(data, BeforeFallbackUrl::kEncodedSizeInBytes));
auto before_fallback_url = BeforeFallbackUrl::Parse(
base::make_span(before_fallback_url_bytes), nullptr /* devtools_proxy */);
data += BeforeFallbackUrl::kEncodedSizeInBytes;
size -= BeforeFallbackUrl::kEncodedSizeInBytes;
size_t fallback_url_and_after_length =
before_fallback_url.ComputeFallbackUrlAndAfterLength();
if (size < fallback_url_and_after_length)
return 0;
auto fallback_url_and_after_bytes =
CopyIntoSeparateBufferToSurfaceOutOfBoundAccess(
base::make_span(data, fallback_url_and_after_length));
auto fallback_url_and_after = FallbackUrlAndAfter::Parse(
base::make_span(fallback_url_and_after_bytes), before_fallback_url,
nullptr /* devtools_proxy */);
if (!fallback_url_and_after.is_valid())
return 0;
data += fallback_url_and_after_length;
size -= fallback_url_and_after_length;
std::string signature_header_field(
reinterpret_cast<const char*>(data),
std::min(size, fallback_url_and_after.signature_header_field_length()));
data += signature_header_field.size();
size -= signature_header_field.size();
auto cbor_header =
CopyIntoSeparateBufferToSurfaceOutOfBoundAccess(base::make_span(
data, std::min(size, fallback_url_and_after.cbor_header_length())));
SignedExchangeEnvelope::Parse(
SignedExchangeVersion::kB3, fallback_url_and_after.fallback_url(),
signature_header_field, base::make_span(cbor_header),
nullptr /* devtools_proxy */);
return 0;
}
} // namespace signed_exchange_prologue
} // namespace content