Improve HTTPS RDATA fuzzer

Parse from two separate portions of the input and attempt IsEqual() between the two resulting parsed rdatas. Improves our ability to discover issues in the comparison logic. Bug: 1146873 Change-Id: Ib561dfce0a704a876cc731ef9037759d304f71ee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2525772 Commit-Queue: Eric Orth <ericorth@chromium.org> Reviewed-by: Dan McArdle <dmcardle@chromium.org> Cr-Commit-Position: refs/heads/master@{#825908}

Improve HTTPS RDATA fuzzer
Parse from two separate portions of the input and attempt IsEqual() between the two resulting parsed rdatas. Improves our ability to discover issues in the comparison logic. Bug: 1146873 Change-Id: Ib561dfce0a704a876cc731ef9037759d304f71ee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2525772 Commit-Queue: Eric Orth <ericorth@chromium.org> Reviewed-by: Dan McArdle <dmcardle@chromium.org> Cr-Commit-Position: refs/heads/master@{#825908}
3aa6eaa1 · Eric Orth · Commit Bot · 2171bc42 · 3aa6eaa1
Commit 3aa6eaa1 authored Nov 10, 2020 by Eric Orth Committed by Commit Bot Nov 10, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 5 deletions

net/dns/https_record_rdata_fuzzer.cc net/dns/https_record_rdata_fuzzer.cc +20 -5

No files found.
--- a/net/dns/https_record_rdata_fuzzer.cc
+++ b/net/dns/https_record_rdata_fuzzer.cc
@@ -4,10 +4,13 @@
 #include "net/dns/https_record_rdata.h"
+#include <fuzzer/FuzzedDataProvider.h>
 #include <stdint.h>
 #include <memory>
 #include <set>
+#include <string>
 #include <vector>
 #include "base/check.h"
@@ -18,17 +21,29 @@
 namespace net {
 namespace {
-void ParseAndExercise(base::StringPiece data) {
+void ParseAndExercise(FuzzedDataProvider& data_provider) {
-  std::unique_ptr<HttpsRecordRdata> parsed = HttpsRecordRdata::Parse(data);
+  std::string data1 = data_provider.ConsumeRandomLengthString();
-  std::unique_ptr<HttpsRecordRdata> parsed2 = HttpsRecordRdata::Parse(data);
+  std::unique_ptr<HttpsRecordRdata> parsed = HttpsRecordRdata::Parse(data1);
+  std::unique_ptr<HttpsRecordRdata> parsed2 = HttpsRecordRdata::Parse(data1);
+  std::unique_ptr<HttpsRecordRdata> parsed3 =
+      HttpsRecordRdata::Parse(data_provider.ConsumeRemainingBytesAsString());
  CHECK_EQ(!!parsed, !!parsed2);
  if (!parsed)
    return;
+  // `parsed` and `parsed2` parsed from the same data, so they should always be
+  // equal.
  CHECK(parsed->IsEqual(parsed.get()));
  CHECK(parsed->IsEqual(parsed2.get()));
+  CHECK(parsed2->IsEqual(parsed.get()));
+  // Attempt comparison with an rdata parsed from separate data. IsEqual() will
+  // probably return false most of the time, but easily could be true if the
+  // input data is similar enough.
+  if (parsed3)
+    CHECK_EQ(parsed->IsEqual(parsed3.get()), parsed3->IsEqual(parsed.get()));
  CHECK_EQ(parsed->Type(), dns_protocol::kTypeHttps);
  if (parsed->IsAlias()) {
@@ -65,8 +80,8 @@ void ParseAndExercise(base::StringPiece data) {
 }  // namespace
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  ParseAndExercise(
+  FuzzedDataProvider data_provider(data, size);
-      base::StringPiece(reinterpret_cast<const char*>(data), size));
+  ParseAndExercise(data_provider);
  return 0;
 }