[Windows] Add fuzzer for safe browsing's binary feature extractor

Bug: 904877 Change-Id: I303d40cd19cc0dcfbdf3606bcaa357adb4793edd Reviewed-on: https://chromium-review.googlesource.com/c/1347579 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Cr-Commit-Position: refs/heads/master@{#612260}

[Windows] Add fuzzer for safe browsing's binary feature extractor
Bug: 904877 Change-Id: I303d40cd19cc0dcfbdf3606bcaa357adb4793edd Reviewed-on: https://chromium-review.googlesource.com/c/1347579 Commit-Queue: Jonathan Metzman <metzman@chromium.org> Reviewed-by: Varun Khaneja <vakh@chromium.org> Cr-Commit-Position: refs/heads/master@{#612260}
5681e43c · Jonathan Metzman · Commit Bot · 6258401b · 5681e43c · 5681e43c
Commit 5681e43c authored Nov 29, 2018 by Jonathan Metzman Committed by Commit Bot Nov 29, 2018
Showing with 48 additions and 5 deletions

chrome/common/safe_browsing/binary_feature_extractor_fuzzer.cc ...e/common/safe_browsing/binary_feature_extractor_fuzzer.cc +24 -0

chrome/test/BUILD.gn chrome/test/BUILD.gn +24 -5

No files found.
--- a/chrome/common/safe_browsing/binary_feature_extractor_fuzzer.cc
+++ b/chrome/common/safe_browsing/binary_feature_extractor_fuzzer.cc
+// Copyright 2018 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/common/safe_browsing/binary_feature_extractor.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <string>
+
+#include "components/safe_browsing/proto/csd.pb.h"
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
+  static safe_browsing::BinaryFeatureExtractor* extractor =
+      new safe_browsing::BinaryFeatureExtractor();
+
+  google::protobuf::RepeatedPtrField<std::string> signed_data;
+  safe_browsing::ClientDownloadRequest_ImageHeaders image_headers;
+  extractor->ExtractImageFeaturesFromData(
+      data, size, safe_browsing::BinaryFeatureExtractor::kDefaultOptions,
+      &image_headers, &signed_data);
+  return 0;
+}
--- a/chrome/test/BUILD.gn
+++ b/chrome/test/BUILD.gn
@@ -5790,12 +5790,12 @@ if (!is_android && !is_fuchsia) {
  }
 }

-# Note: this compiles and runs on Mac but may cause
-# system instability; if you try it out, close other
-# programs and then reboot afterwards. It should be
-# possible to make it work on Linux if you use the
-# --enable-speech-dispatcher flag.
 if (is_win) {
+  # Note: this compiles and runs on Mac but may cause
+  # system instability; if you try it out, close other
+  # programs and then reboot afterwards. It should be
+  # possible to make it work on Linux if you use the
+  # --enable-speech-dispatcher flag.
  fuzzer_test("tts_platform_fuzzer") {
    sources = [
      "../browser/speech/mock_tts_controller.cc",
@@ -5814,4 +5814,23 @@ if (is_win) {
      "//ui/base",
    ]
  }
+
+  fuzzer_test("safe_browsing_binary_feature_extractor_fuzzer") {
+    sources = [
+      "../common/safe_browsing/binary_feature_extractor.cc",
+      "../common/safe_browsing/binary_feature_extractor_fuzzer.cc",
+      "../common/safe_browsing/binary_feature_extractor_win.cc",
+      "../common/safe_browsing/pe_image_reader_win.cc",
+    ]
+    deps = [
+      "//base",
+      "//components/safe_browsing:csd_proto",
+      "//crypto",
+    ]
+    libs = [ "wintrust.lib" ]
+
+    # Directory contains useful and non-useful files. Don't worry about
+    # non-useful since they are eliminated during pruning.
+    seed_corpus = "data/safe_browsing/download_protection/"
+  }
 }