Deprecate fuzzing helpers in favor templated ConsumeIntegralInRange.

R=mmoroz@chromium.org,rch@chromium.org,enne@chromium.org,ajwong@chromium.org,jschin@chromium.org
TBR=tkent@chromium.org

Bug: 907103
Change-Id: Ib93a393e35650233f3c77e32080af048f9b301fb
Reviewed-on: https://chromium-review.googlesource.com/c/1351483
Commit-Queue: Abhishek Arya <inferno@chromium.org>
Reviewed-by: Ria Jiang <riajiang@chromium.org>
Reviewed-by: Kent Tamura <tkent@chromium.org>
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Jungshik Shin <jshin@chromium.org>
Reviewed-by: Albert J. Wong <ajwong@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611469}

base/pickle_fuzzer.cc

@@ -102,7 +102,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
       }
       case 14: {
         const char* data_result = nullptr;
-        int read_length = data_provider.ConsumeInt32InRange(0, kMaxReadLength);
+        int read_length =
+            data_provider.ConsumeIntegralInRange(0, kMaxReadLength);
         ignore_result(iter.ReadBytes(&data_result, read_length));
         break;
       }
@@ -113,7 +114,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
       }
       case 16: {
         ignore_result(iter.SkipBytes(
-            data_provider.ConsumeInt32InRange(0, kMaxSkipBytes)));
+            data_provider.ConsumeIntegralInRange(0, kMaxSkipBytes)));
         break;
       }
     }

base/test/fuzzed_data_provider.h

@@ -151,24 +151,11 @@ class FuzzedDataProvider {
     return ConsumeBytesAsString(remaining_bytes_);
   }
 
-  // TODO(mmoroz): consider deprecating these methods.
-  uint32_t ConsumeUint32InRange(uint32_t min, uint32_t max) {
-    return ConsumeIntegralInRange(min, max);
-  }
-
-  int32_t ConsumeInt32InRange(int32_t min, int32_t max) {
-    return ConsumeIntegralInRange(min, max);
-  }
-
-  int ConsumeIntInRange(int min, int max) {
-    return ConsumeIntegralInRange(min, max);
-  }
-
   // Reads one byte and returns a bool, or false when no data remains.
   bool ConsumeBool() { return 1 & ConsumeUint8(); }
 
   // Returns a uint8_t from the input or 0 if nothing remains. This is
-  // equivalent to ConsumeUint32InRange(0, 0xFF).
+  // equivalent to ConsumeIntegralInRange<uint8_t>(0, 0xFF).
   uint8_t ConsumeUint8() {
     return ConsumeIntegralInRange(std::numeric_limits<uint8_t>::min(),
                                   std::numeric_limits<uint8_t>::max());
@@ -176,16 +163,32 @@ class FuzzedDataProvider {
 
   // Returns a uint16_t from the input. If fewer than 2 bytes of data remain
   // will fill the most significant bytes with 0. This is equivalent to
-  // ConsumeUint32InRange(0, 0xFFFF).
+  // ConsumeIntegralInRange<uint16_t>(0, 0xFFFF).
   uint16_t ConsumeUint16() {
     return ConsumeIntegralInRange(std::numeric_limits<uint16_t>::min(),
                                   std::numeric_limits<uint16_t>::max());
   }
 
+  // Returns a uint32_t from the input. If fewer than 4 bytes of data remain
+  // will fill the most significant bytes with 0. This is equivalent to
+  // ConsumeIntegralInRange<uint32_t>(0, 0xFFFFFFFF).
+  uint16_t ConsumeUint32() {
+    return ConsumeIntegralInRange(std::numeric_limits<uint32_t>::min(),
+                                  std::numeric_limits<uint32_t>::max());
+  }
+
+  // Returns a uint64_t from the input. If fewer than 8 bytes of data remain
+  // will fill the most significant bytes with 0. This is equivalent to
+  // ConsumeIntegralInRange<uint64_t>(0, 0xFFFFFFFFFFFFFFFF).
+  uint16_t ConsumeUint64() {
+    return ConsumeIntegralInRange(std::numeric_limits<uint64_t>::min(),
+                                  std::numeric_limits<uint64_t>::max());
+  }
+
   // Returns a value from |array|, consuming as many bytes as needed to do so.
   // |array| must be a fixed-size array.
-  template <typename Type, size_t size>
-  Type PickValueInArray(Type (&array)[size]) {
+  template <typename T, size_t size>
+  T PickValueInArray(T (&array)[size]) {
     return array[ConsumeIntegralInRange<size_t>(0, size - 1)];
   }
 

components/viz/host/hit_test/hit_test_query_fuzzer.cc

@@ -14,11 +14,6 @@
 
 namespace {
 
-uint32_t GetNextUInt32(base::FuzzedDataProvider* fuzz) {
-  return fuzz->ConsumeUint32InRange(std::numeric_limits<uint32_t>::min(),
-                                    std::numeric_limits<uint32_t>::max());
-}
-
 void AddHitTestRegion(base::FuzzedDataProvider* fuzz,
                       std::vector<viz::AggregatedHitTestRegion>* regions,
                       std::vector<viz::FrameSinkId>* frame_sink_ids,
@@ -26,17 +21,17 @@ void AddHitTestRegion(base::FuzzedDataProvider* fuzz,
   constexpr uint32_t kMaxDepthAllowed = 25;
   if (fuzz->remaining_bytes() < sizeof(viz::AggregatedHitTestRegion))
     return;
-  viz::FrameSinkId frame_sink_id(GetNextUInt32(fuzz), GetNextUInt32(fuzz));
-  uint32_t flags = GetNextUInt32(fuzz);
+  viz::FrameSinkId frame_sink_id(fuzz->ConsumeUint32(), fuzz->ConsumeUint32());
+  uint32_t flags = fuzz->ConsumeUint32();
   // The reasons' value is kNotAsyncHitTest if the flag's value is kHitTestAsk.
-  uint32_t reasons =
-      (flags & viz::HitTestRegionFlags::kHitTestAsk)
-          ? fuzz->ConsumeUint32InRange(1, std::numeric_limits<uint32_t>::max())
-          : viz::AsyncHitTestReasons::kNotAsyncHitTest;
+  uint32_t reasons = (flags & viz::HitTestRegionFlags::kHitTestAsk)
+                         ? fuzz->ConsumeIntegralInRange<uint32_t>(
+                               1, std::numeric_limits<uint32_t>::max())
+                         : viz::AsyncHitTestReasons::kNotAsyncHitTest;
   gfx::Rect rect(fuzz->ConsumeUint8(), fuzz->ConsumeUint8(),
                  fuzz->ConsumeUint16(), fuzz->ConsumeUint16());
   int32_t child_count =
-      depth < kMaxDepthAllowed ? fuzz->ConsumeUint32InRange(0, 10) : 0;
+      depth < kMaxDepthAllowed ? fuzz->ConsumeIntegralInRange(0, 10) : 0;
   gfx::Transform transform;
   if (fuzz->ConsumeBool() && fuzz->remaining_bytes() >= sizeof(transform)) {
     std::vector<uint8_t> matrix_bytes =

components/viz/service/hit_test/hit_test_manager_fuzzer.cc

@@ -25,7 +25,8 @@ constexpr uint32_t kMaxDepthAllowed = 255;
 // TODO(riajiang): Move into common functions that can be used by the fuzzer
 // for HitTestQuery.
 uint32_t GetNextUInt32NonZero(base::FuzzedDataProvider* fuzz) {
-  return fuzz->ConsumeUint32InRange(1, std::numeric_limits<uint32_t>::max());
+  return fuzz->ConsumeIntegralInRange<uint32_t>(
+      1, std::numeric_limits<uint32_t>::max());
 }
 
 gfx::Transform GetNextTransform(base::FuzzedDataProvider* fuzz) {

content/test/fuzzer/merkle_integrity_source_stream_fuzzer.cc

@@ -27,7 +27,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   auto mi_stream = std::make_unique<content::MerkleIntegritySourceStream>(
       header, std::move(fuzzed_source_stream));
   while (true) {
-    size_t read_size = data_provider.ConsumeUint32InRange(1, 1024);
+    size_t read_size = data_provider.ConsumeIntegralInRange(1, 1024);
     auto io_buffer = base::MakeRefCounted<net::IOBufferWithSize>(read_size);
     int result = mi_stream->Read(io_buffer.get(), io_buffer->size(),
                                  callback.callback());

net/data/fuzzer_dictionaries/net_http_server_fuzzer.dict

@@ -46,6 +46,6 @@
 # String terminator for FuzzedDataProvider::ConsumeRandomLengthString.
 "\\ "
 
-# There is a lot of use of ConsumeUint32InRange clients, like ConsumeBool,
+# There is a lot of use of ConsumeIntegralInRange clients, like ConsumeBool,
 # so try make it easy to produce lots of inputs for these.
 "\x00\x00\x00\x00"

net/dns/fuzzed_host_resolver.cc

@@ -168,14 +168,14 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
   DnsConfig config;
 
   // Fuzz name servers.
-  uint32_t num_nameservers = data_provider_->ConsumeUint32InRange(0, 4);
+  uint32_t num_nameservers = data_provider_->ConsumeIntegralInRange(0, 4);
   for (uint32_t i = 0; i < num_nameservers; ++i) {
     config.nameservers.push_back(
         IPEndPoint(FuzzIPAddress(data_provider_), FuzzPort(data_provider_)));
   }
 
   // Fuzz suffix search list.
-  switch (data_provider_->ConsumeUint32InRange(0, 3)) {
+  switch (data_provider_->ConsumeIntegralInRange(0, 3)) {
     case 3:
       config.search.push_back("foo.com");
       FALLTHROUGH;
@@ -204,8 +204,8 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
   config.unhandled_options = data_provider_->ConsumeBool();
   config.append_to_multi_label_name = data_provider_->ConsumeBool();
   config.randomize_ports = data_provider_->ConsumeBool();
-  config.ndots = data_provider_->ConsumeInt32InRange(0, 3);
-  config.attempts = data_provider_->ConsumeInt32InRange(1, 3);
+  config.ndots = data_provider_->ConsumeIntegralInRange(0, 3);
+  config.attempts = data_provider_->ConsumeIntegralInRange(1, 3);
 
   // Timeouts don't really work for fuzzing. Even a timeout of 0 milliseconds
   // will be increased after the first timeout, resulting in inconsistent
@@ -218,7 +218,7 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
 
   std::unique_ptr<DnsClient> dns_client = DnsClient::CreateClientForTesting(
       net_log_, &socket_factory_,
-      base::Bind(&base::FuzzedDataProvider::ConsumeInt32InRange,
+      base::Bind(&base::FuzzedDataProvider::ConsumeIntegralInRange<int32_t>,
                  base::Unretained(data_provider_)));
   dns_client->SetConfig(config);
   SetDnsClient(std::move(dns_client));

net/dns/host_resolver_impl_fuzzer.cc

@@ -64,8 +64,8 @@ class DnsRequest {
       std::vector<std::unique_ptr<DnsRequest>>* dns_requests) {
     if (dns_requests->empty())
       return;
-    uint32_t index =
-        data_provider->ConsumeUint32InRange(0, dns_requests->size() - 1);
+    uint32_t index = data_provider->ConsumeIntegralInRange<uint32_t>(
+        0, dns_requests->size() - 1);
 
     // Remove the request from the list before waiting on it - this prevents one
     // of the other callbacks from deleting the callback being waited on.
@@ -83,8 +83,8 @@ class DnsRequest {
       std::vector<std::unique_ptr<DnsRequest>>* dns_requests) {
     if (dns_requests->empty())
       return;
-    uint32_t index =
-        data_provider->ConsumeUint32InRange(0, dns_requests->size() - 1);
+    uint32_t index = data_provider->ConsumeIntegralInRange<uint32_t>(
+        0, dns_requests->size() - 1);
     auto request = dns_requests->begin() + index;
     (*request)->Cancel();
     dns_requests->erase(request);
@@ -112,7 +112,7 @@ class DnsRequest {
 
     while (true) {
       bool done = false;
-      switch (data_provider_->ConsumeInt32InRange(0, 2)) {
+      switch (data_provider_->ConsumeIntegralInRange(0, 2)) {
         case 0:
           // Quit on 0, or when no data is left.
           done = true;
@@ -141,9 +141,9 @@ class DnsRequest {
     if (data_provider_->ConsumeBool())
       info.set_host_resolver_flags(net::HOST_RESOLVER_CANONNAME);
 
-    net::RequestPriority priority =
-        static_cast<net::RequestPriority>(data_provider_->ConsumeInt32InRange(
-            net::MINIMUM_PRIORITY, net::MAXIMUM_PRIORITY));
+    net::RequestPriority priority = static_cast<net::RequestPriority>(
+        data_provider_->ConsumeIntegralInRange<int32_t>(net::MINIMUM_PRIORITY,
+                                                        net::MAXIMUM_PRIORITY));
 
     // Decide if should be a cache-only resolution.
     if (data_provider_->ConsumeBool()) {
@@ -206,7 +206,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     net::TestNetLog net_log;
 
     net::HostResolver::Options options;
-    options.max_concurrent_resolves = data_provider.ConsumeUint32InRange(1, 8);
+    options.max_concurrent_resolves =
+        data_provider.ConsumeIntegralInRange(1, 8);
     options.enable_caching = data_provider.ConsumeBool();
     net::FuzzedHostResolver host_resolver(options, &net_log, &data_provider);
     host_resolver.SetDnsClientEnabled(data_provider.ConsumeBool());
@@ -214,7 +215,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     std::vector<std::unique_ptr<DnsRequest>> dns_requests;
     bool done = false;
     while (!done) {
-      switch (data_provider.ConsumeInt32InRange(0, 3)) {
+      switch (data_provider.ConsumeIntegralInRange(0, 3)) {
         case 0:
           // Quit on 0, or when no data is left.
           done = true;

net/filter/fuzzed_source_stream.cc

@@ -40,7 +40,7 @@ int FuzzedSourceStream::Read(IOBuffer* buf,
   DCHECK_LE(0, buf_len);
 
   bool sync = data_provider_->ConsumeBool();
-  int result = data_provider_->ConsumeUint32InRange(0, buf_len);
+  int result = data_provider_->ConsumeIntegralInRange(0, buf_len);
   std::string data = data_provider_->ConsumeBytesAsString(result);
   result = data.size();
 

net/ntlm/ntlm_client_fuzzer.cc

@@ -24,9 +24,7 @@ base::string16 ConsumeRandomLengthString16(
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   base::FuzzedDataProvider fdp(data, size);
   bool is_v2 = fdp.ConsumeBool();
-  uint64_t client_time =
-      (static_cast<uint64_t>(fdp.ConsumeUint32InRange(0, 0xffffffffu)) << 32) |
-      static_cast<uint64_t>(fdp.ConsumeUint32InRange(0, 0xffffffffu));
+  uint64_t client_time = fdp.ConsumeUint64();
   net::ntlm::NtlmClient client((net::ntlm::NtlmFeatures(is_v2)));
 
   // Generate the input strings and challenge message. The strings will have a

net/socket/fuzzed_datagram_client_socket.cc

@@ -140,7 +140,7 @@ int FuzzedDatagramClientSocket::Read(IOBuffer* buf,
 
   // Get contents of response.
   std::string data = data_provider_->ConsumeRandomLengthString(
-      data_provider_->ConsumeUint32InRange(0, buf_len));
+      data_provider_->ConsumeIntegralInRange(0, buf_len));
 
   int result;
   if (data.size() > 0) {

net/socket/socks_client_socket_fuzzer.cc

@@ -36,7 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   scoped_refptr<net::RuleBasedHostResolverProc> rules(
       new net::RuleBasedHostResolverProc(nullptr));
   mock_host_resolver.set_synchronous_mode(data_provider.ConsumeBool());
-  switch (data_provider.ConsumeInt32InRange(0, 2)) {
+  switch (data_provider.ConsumeIntegralInRange(0, 2)) {
     case 0:
       rules->AddRule("*", "127.0.0.1");
       break;

net/third_party/http2/decoder/http2_frame_decoder_fuzzer.cc

@@ -15,7 +15,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   base::FuzzedDataProvider fuzzed_data_provider(data, size);
   http2::Http2FrameDecoder decoder;
   while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
     std::vector<char> chunk =
         fuzzed_data_provider.ConsumeBytes<char>(chunk_size);
 

net/third_party/http2/hpack/decoder/hpack_decoder_fuzzer.cc

@@ -18,12 +18,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   base::FuzzedDataProvider fuzzed_data_provider(data, size);
   size_t max_string_size =
-      fuzzed_data_provider.ConsumeUint32InRange(1, 10 * size);
+      fuzzed_data_provider.ConsumeIntegralInRange<size_t>(1, 10 * size);
   http2::HpackDecoder decoder(http2::HpackDecoderNoOpListener::NoOpListener(),
                               max_string_size);
   decoder.StartDecodingBlock();
   while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
     std::vector<char> chunk =
         fuzzed_data_provider.ConsumeBytes<char>(chunk_size);
 

net/third_party/quic/core/qpack/fuzzer/qpack_decoder_fuzzer.cc

@@ -38,8 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   // Process up to 64 kB fragments at a time.  Too small upper bound might not
   // provide enough coverage, too large would make fuzzing less efficient.
-  auto fragment_size_generator = std::bind(
-      &QuicFuzzedDataProvider::ConsumeUint32InRange, &provider, 1, 64 * 1024);
+  auto fragment_size_generator =
+      std::bind(&QuicFuzzedDataProvider::ConsumeIntegralInRange<uint32_t>,
+                &provider, 1, 64 * 1024);
 
   QpackDecode(
       &handler, fragment_size_generator,

net/third_party/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc

@@ -119,8 +119,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   // Process up to 64 kB fragments at a time.  Too small upper bound might not
   // provide enough coverage, too large would make fuzzing less efficient.
-  auto fragment_size_generator = std::bind(
-      &QuicFuzzedDataProvider::ConsumeUint32InRange, &provider, 1, 64 * 1024);
+  auto fragment_size_generator =
+      std::bind(&QuicFuzzedDataProvider::ConsumeIntegralInRange<uint32_t>,
+                &provider, 1, 64 * 1024);
 
   // Encode header list.
   QuicString encoded_header_block =

net/url_request/url_request_data_job_fuzzer.cc

@@ -47,7 +47,7 @@ class URLRequestDataJobFuzzerHarness : public net::URLRequest::Delegate {
     read_lengths_.clear();
 
     // Allocate an IOBuffer with fuzzed size.
-    int buf_size = provider.ConsumeUint32InRange(1, 127);  // 7 bits.
+    int buf_size = provider.ConsumeIntegralInRange(1, 127);  // 7 bits.
     buf_ = base::MakeRefCounted<net::IOBufferWithSize>(buf_size);
 
     // Generate a range header, and a bool determining whether to use it.
@@ -63,7 +63,7 @@ class URLRequestDataJobFuzzerHarness : public net::URLRequest::Delegate {
     size_t simulated_bytes_read = 0;
     while (simulated_bytes_read < provider.remaining_bytes() &&
            read_lengths_.size() < 20000u) {
-      size_t read_length = provider.ConsumeUint32InRange(1, buf_size);
+      size_t read_length = provider.ConsumeIntegralInRange(1, buf_size);
       read_lengths_.push_back(read_length);
       simulated_bytes_read += read_length;
     }

net/websockets/websocket_deflate_stream_fuzzer.cc

@@ -67,9 +67,10 @@ class WebSocketFuzzedStream final : public WebSocketStream {
  private:
   std::unique_ptr<WebSocketFrame> CreateFrame() {
     WebSocketFrameHeader::OpCode opcode =
-        fuzzed_data_provider_->ConsumeUint32InRange(
-            WebSocketFrameHeader::kOpCodeContinuation,
-            WebSocketFrameHeader::kOpCodeControlUnused);
+        fuzzed_data_provider_
+            ->ConsumeIntegralInRange<WebSocketFrameHeader::OpCode>(
+                WebSocketFrameHeader::kOpCodeContinuation,
+                WebSocketFrameHeader::kOpCodeControlUnused);
     auto frame = std::make_unique<WebSocketFrame>(opcode);
     // Bad news: ConsumeBool actually consumes a whole byte per call, so do
     // something hacky to conserve precious bits.
@@ -80,7 +81,7 @@ class WebSocketFuzzedStream final : public WebSocketStream {
     frame->header.reserved3 = (flags >> 3) & 0x1;
     frame->header.masked = (flags >> 4) & 0x1;
     uint64_t payload_length =
-        fuzzed_data_provider_->ConsumeUint32InRange(0, 64);
+        fuzzed_data_provider_->ConsumeIntegralInRange(0, 64);
     std::vector<char> payload =
         fuzzed_data_provider_->ConsumeBytes<char>(payload_length);
     frame->data = base::MakeRefCounted<IOBufferWithSize>(payload.size());

net/websockets/websocket_frame_parser_fuzzer.cc

@@ -16,7 +16,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   net::WebSocketFrameParser parser;
   std::vector<std::unique_ptr<net::WebSocketFrameChunk>> frame_chunks;
   while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
     std::vector<char> chunk =
         fuzzed_data_provider.ConsumeBytes<char>(chunk_size);
     parser.Decode(chunk.data(), chunk.size(), &frame_chunks);

third_party/blink/renderer/core/css/parser/css_parser_fast_paths_fuzzer.cc

@@ -18,7 +18,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   blink::FuzzedDataProvider provider(data, size);
 
   const auto property_id =
-      blink::convertToCSSPropertyID(provider.ConsumeInt32InRange(
+      blink::convertToCSSPropertyID(provider.ConsumeIntegralInRange<int>(
           blink::firstCSSProperty, blink::lastCSSProperty));
   const auto data_string = provider.ConsumeRemainingBytes();
 

third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h

@@ -22,7 +22,7 @@ class TextResourceDecoderForFuzzing : public TextResourceDecoder {
   static TextResourceDecoderOptions FuzzedOption(
       FuzzedDataProvider& fuzzed_data) {
     switch (static_cast<TextResourceDecoderOptions::EncodingDetectionOption>(
-        fuzzed_data.ConsumeInt32InRange(
+        fuzzed_data.ConsumeIntegralInRange<int32_t>(
             TextResourceDecoderOptions::kUseAllAutoDetection,
             TextResourceDecoderOptions::kAlwaysUseUTF8ForText))) {
       case TextResourceDecoderOptions::kUseAllAutoDetection:
@@ -42,7 +42,7 @@ class TextResourceDecoderForFuzzing : public TextResourceDecoder {
   static TextResourceDecoderOptions::ContentType FuzzedContentType(
       FuzzedDataProvider& fuzzed_data) {
     return static_cast<TextResourceDecoderOptions::ContentType>(
-        fuzzed_data.ConsumeInt32InRange(
+        fuzzed_data.ConsumeIntegralInRange<int32_t>(
             TextResourceDecoderOptions::kPlainTextContent,
             TextResourceDecoderOptions::kMaxContentType));
   }

third_party/blink/renderer/platform/testing/fuzzed_data_provider.cc

@@ -11,8 +11,7 @@ FuzzedDataProvider::FuzzedDataProvider(const uint8_t* bytes, size_t num_bytes)
 
 CString FuzzedDataProvider::ConsumeBytesInRange(uint32_t min_bytes,
                                                 uint32_t max_bytes) {
-  size_t num_bytes =
-      static_cast<size_t>(provider_.ConsumeUint32InRange(min_bytes, max_bytes));
+  size_t num_bytes = provider_.ConsumeIntegralInRange(min_bytes, max_bytes);
   std::vector<char> bytes = provider_.ConsumeBytes<char>(num_bytes);
   return CString(bytes.data(), bytes.size());
 }
@@ -22,12 +21,4 @@ CString FuzzedDataProvider::ConsumeRemainingBytes() {
   return CString(bytes.data(), bytes.size());
 }
 
-bool FuzzedDataProvider::ConsumeBool() {
-  return provider_.ConsumeBool();
-}
-
-int FuzzedDataProvider::ConsumeInt32InRange(int min, int max) {
-  return provider_.ConsumeInt32InRange(min, max);
-}
-
 }  // namespace blink

third_party/blink/renderer/platform/testing/fuzzed_data_provider.h

@@ -28,19 +28,22 @@ class FuzzedDataProvider {
   CString ConsumeRemainingBytes();
 
   // Returns a bool, or false when no data remains.
-  bool ConsumeBool();
+  bool ConsumeBool() { return provider_.ConsumeBool(); }
 
   // Returns a number in the range [min, max] by consuming bytes from the input
   // data. The value might not be uniformly distributed in the given range. If
   // there's no input data left, always returns |min|. |min| must be less than
   // or equal to |max|.
-  int ConsumeInt32InRange(int min, int max);
+  template <typename T>
+  T ConsumeIntegralInRange(T min, T max) {
+    return provider_.ConsumeIntegralInRange<T>(min, max);
+  }
 
   // Returns a value from |array|, consuming as many bytes as needed to do so.
   // |array| must be a fixed-size array.
-  template <typename Type, size_t size>
-  Type PickValueInArray(Type (&array)[size]) {
-    return array[provider_.ConsumeUint32InRange(0, size - 1)];
+  template <typename T, size_t size>
+  T PickValueInArray(T (&array)[size]) {
+    return array[provider_.ConsumeIntegralInRange<size_t>(0, size - 1)];
   }
 
   // Reports the remaining bytes available for fuzzed input.

third_party/ced/compact_enc_det_fuzzer.cc

@@ -21,11 +21,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   CompactEncDet::TextCorpusType corpus =
       static_cast<CompactEncDet::TextCorpusType>(
-          data_provider.ConsumeInt32InRange(0, CompactEncDet::NUM_CORPA));
+          data_provider.ConsumeIntegralInRange<int32_t>(
+              0, CompactEncDet::NUM_CORPA));
   Encoding encoding_hint = static_cast<Encoding>(
-      data_provider.ConsumeInt32InRange(0, NUM_ENCODINGS));
+      data_provider.ConsumeIntegralInRange<int32_t>(0, NUM_ENCODINGS));
   Language langauge_hint = static_cast<Language>(
-      data_provider.ConsumeInt32InRange(0, NUM_LANGUAGES));
+      data_provider.ConsumeIntegralInRange<int32_t>(0, NUM_LANGUAGES));
   bool ignore_7bit_mail_encodings = data_provider.ConsumeBool();
 
   std::vector<char> text = data_provider.ConsumeRemainingBytes<char>();

third_party/sfntly/fuzzers/subset_font_fuzzer.cc

@@ -16,10 +16,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   constexpr int kMaxFontSize = 50 * 1024 * 1024;
   base::FuzzedDataProvider fuzzed_data(data, size);
 
-  size_t font_name_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);
+  size_t font_name_size =
+      fuzzed_data.ConsumeIntegralInRange(0, kMaxFontNameSize);
   std::string font_name = fuzzed_data.ConsumeBytesAsString(font_name_size);
 
-  size_t font_str_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontSize);
+  size_t font_str_size = fuzzed_data.ConsumeIntegralInRange(0, kMaxFontSize);
   std::vector<unsigned char> font_str =
       fuzzed_data.ConsumeBytes<unsigned char>(font_str_size);