Deprecate fuzzing helpers in favor templated ConsumeIntegralInRange.

R=mmoroz@chromium.org,rch@chromium.org,enne@chromium.org,ajwong@chromium.org,jschin@chromium.org TBR=tkent@chromium.org Bug: 907103 Change-Id: Ib93a393e35650233f3c77e32080af048f9b301fb Reviewed-on: https://chromium-review.googlesource.com/c/1351483 Commit-Queue: Abhishek Arya <inferno@chromium.org> Reviewed-by: Ria Jiang <riajiang@chromium.org> Reviewed-by: Kent Tamura <tkent@chromium.org> Reviewed-by: Ryan Hamilton <rch@chromium.org> Reviewed-by: enne <enne@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Jungshik Shin <jshin@chromium.org> Reviewed-by: Albert J. Wong <ajwong@chromium.org> Cr-Commit-Position: refs/heads/master@{#611469}

Deprecate fuzzing helpers in favor templated ConsumeIntegralInRange.
R=mmoroz@chromium.org,rch@chromium.org,enne@chromium.org,ajwong@chromium.org,jschin@chromium.org TBR=tkent@chromium.org Bug: 907103 Change-Id: Ib93a393e35650233f3c77e32080af048f9b301fb Reviewed-on: https://chromium-review.googlesource.com/c/1351483 Commit-Queue: Abhishek Arya <inferno@chromium.org> Reviewed-by: Ria Jiang <riajiang@chromium.org> Reviewed-by: Kent Tamura <tkent@chromium.org> Reviewed-by: Ryan Hamilton <rch@chromium.org> Reviewed-by: enne <enne@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Jungshik Shin <jshin@chromium.org> Reviewed-by: Albert J. Wong <ajwong@chromium.org> Cr-Commit-Position: refs/heads/master@{#611469}
5b644f62 · Abhishek Arya · Commit Bot · 75ece174 · 5b644f62 · 5b644f62
Commit 5b644f62 authored Nov 28, 2018 by Abhishek Arya Committed by Commit Bot Nov 28, 2018
25 changed files
--- a/base/pickle_fuzzer.cc
+++ b/base/pickle_fuzzer.cc
@@ -102,7 +102,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
      }
      case 14: {
        const char* data_result = nullptr;
-        int read_length = data_provider.ConsumeInt32InRange(0, kMaxReadLength);
+        int read_length =
+            data_provider.ConsumeIntegralInRange(0, kMaxReadLength);
        ignore_result(iter.ReadBytes(&data_result, read_length));
        break;
      }
@@ -113,7 +114,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
      }
      case 16: {
        ignore_result(iter.SkipBytes(
-            data_provider.ConsumeInt32InRange(0, kMaxSkipBytes)));
+            data_provider.ConsumeIntegralInRange(0, kMaxSkipBytes)));
        break;
      }
    }

--- a/base/test/fuzzed_data_provider.h
+++ b/base/test/fuzzed_data_provider.h
@@ -151,24 +151,11 @@ class FuzzedDataProvider {
    return ConsumeBytesAsString(remaining_bytes_);
  }
-  // TODO(mmoroz): consider deprecating these methods.
-  uint32_t ConsumeUint32InRange(uint32_t min, uint32_t max) {
-    return ConsumeIntegralInRange(min, max);
-  }
-  int32_t ConsumeInt32InRange(int32_t min, int32_t max) {
-    return ConsumeIntegralInRange(min, max);
-  }
-  int ConsumeIntInRange(int min, int max) {
-    return ConsumeIntegralInRange(min, max);
-  }
  // Reads one byte and returns a bool, or false when no data remains.
  bool ConsumeBool() { return 1 & ConsumeUint8(); }
  // Returns a uint8_t from the input or 0 if nothing remains. This is
-  // equivalent to ConsumeUint32InRange(0, 0xFF).
+  // equivalent to ConsumeIntegralInRange<uint8_t>(0, 0xFF).
  uint8_t ConsumeUint8() {
    return ConsumeIntegralInRange(std::numeric_limits<uint8_t>::min(),
                                  std::numeric_limits<uint8_t>::max());
@@ -176,16 +163,32 @@ class FuzzedDataProvider {
  // Returns a uint16_t from the input. If fewer than 2 bytes of data remain
  // will fill the most significant bytes with 0. This is equivalent to
-  // ConsumeUint32InRange(0, 0xFFFF).
+  // ConsumeIntegralInRange<uint16_t>(0, 0xFFFF).
  uint16_t ConsumeUint16() {
    return ConsumeIntegralInRange(std::numeric_limits<uint16_t>::min(),
                                  std::numeric_limits<uint16_t>::max());
  }
+  // Returns a uint32_t from the input. If fewer than 4 bytes of data remain
+  // will fill the most significant bytes with 0. This is equivalent to
+  // ConsumeIntegralInRange<uint32_t>(0, 0xFFFFFFFF).
+  uint16_t ConsumeUint32() {
+    return ConsumeIntegralInRange(std::numeric_limits<uint32_t>::min(),
+                                  std::numeric_limits<uint32_t>::max());
+  }
+  // Returns a uint64_t from the input. If fewer than 8 bytes of data remain
+  // will fill the most significant bytes with 0. This is equivalent to
+  // ConsumeIntegralInRange<uint64_t>(0, 0xFFFFFFFFFFFFFFFF).
+  uint16_t ConsumeUint64() {
+    return ConsumeIntegralInRange(std::numeric_limits<uint64_t>::min(),
+                                  std::numeric_limits<uint64_t>::max());
+  }
  // Returns a value from |array|, consuming as many bytes as needed to do so.
  // |array| must be a fixed-size array.
-  template <typename Type, size_t size>
+  template <typename T, size_t size>
-  Type PickValueInArray(Type (&array)[size]) {
+  T PickValueInArray(T (&array)[size]) {
    return array[ConsumeIntegralInRange<size_t>(0, size - 1)];
  }

--- a/components/viz/host/hit_test/hit_test_query_fuzzer.cc
+++ b/components/viz/host/hit_test/hit_test_query_fuzzer.cc
@@ -14,11 +14,6 @@
 namespace {
-uint32_t GetNextUInt32(base::FuzzedDataProvider* fuzz) {
-  return fuzz->ConsumeUint32InRange(std::numeric_limits<uint32_t>::min(),
-                                    std::numeric_limits<uint32_t>::max());
-}
 void AddHitTestRegion(base::FuzzedDataProvider* fuzz,
                      std::vector<viz::AggregatedHitTestRegion>* regions,
                      std::vector<viz::FrameSinkId>* frame_sink_ids,
@@ -26,17 +21,17 @@ void AddHitTestRegion(base::FuzzedDataProvider* fuzz,
  constexpr uint32_t kMaxDepthAllowed = 25;
  if (fuzz->remaining_bytes() < sizeof(viz::AggregatedHitTestRegion))
    return;
-  viz::FrameSinkId frame_sink_id(GetNextUInt32(fuzz), GetNextUInt32(fuzz));
+  viz::FrameSinkId frame_sink_id(fuzz->ConsumeUint32(), fuzz->ConsumeUint32());
-  uint32_t flags = GetNextUInt32(fuzz);
+  uint32_t flags = fuzz->ConsumeUint32();
  // The reasons' value is kNotAsyncHitTest if the flag's value is kHitTestAsk.
-  uint32_t reasons =
+  uint32_t reasons = (flags & viz::HitTestRegionFlags::kHitTestAsk)
-      (flags & viz::HitTestRegionFlags::kHitTestAsk)
+                         ? fuzz->ConsumeIntegralInRange<uint32_t>(
-          ? fuzz->ConsumeUint32InRange(1, std::numeric_limits<uint32_t>::max())
+                               1, std::numeric_limits<uint32_t>::max())
                         : viz::AsyncHitTestReasons::kNotAsyncHitTest;
  gfx::Rect rect(fuzz->ConsumeUint8(), fuzz->ConsumeUint8(),
                 fuzz->ConsumeUint16(), fuzz->ConsumeUint16());
  int32_t child_count =
-      depth < kMaxDepthAllowed ? fuzz->ConsumeUint32InRange(0, 10) : 0;
+      depth < kMaxDepthAllowed ? fuzz->ConsumeIntegralInRange(0, 10) : 0;
  gfx::Transform transform;
  if (fuzz->ConsumeBool() && fuzz->remaining_bytes() >= sizeof(transform)) {
    std::vector<uint8_t> matrix_bytes =

--- a/components/viz/service/hit_test/hit_test_manager_fuzzer.cc
+++ b/components/viz/service/hit_test/hit_test_manager_fuzzer.cc
@@ -25,7 +25,8 @@ constexpr uint32_t kMaxDepthAllowed = 255;
 // TODO(riajiang): Move into common functions that can be used by the fuzzer
 // for HitTestQuery.
 uint32_t GetNextUInt32NonZero(base::FuzzedDataProvider* fuzz) {
-  return fuzz->ConsumeUint32InRange(1, std::numeric_limits<uint32_t>::max());
+  return fuzz->ConsumeIntegralInRange<uint32_t>(
+      1, std::numeric_limits<uint32_t>::max());
 }
 gfx::Transform GetNextTransform(base::FuzzedDataProvider* fuzz) {

--- a/content/test/fuzzer/merkle_integrity_source_stream_fuzzer.cc
+++ b/content/test/fuzzer/merkle_integrity_source_stream_fuzzer.cc
@@ -27,7 +27,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  auto mi_stream = std::make_unique<content::MerkleIntegritySourceStream>(
      header, std::move(fuzzed_source_stream));
  while (true) {
-    size_t read_size = data_provider.ConsumeUint32InRange(1, 1024);
+    size_t read_size = data_provider.ConsumeIntegralInRange(1, 1024);
    auto io_buffer = base::MakeRefCounted<net::IOBufferWithSize>(read_size);
    int result = mi_stream->Read(io_buffer.get(), io_buffer->size(),
                                 callback.callback());

--- a/net/data/fuzzer_dictionaries/net_http_server_fuzzer.dict
+++ b/net/data/fuzzer_dictionaries/net_http_server_fuzzer.dict
@@ -46,6 +46,6 @@
 # String terminator for FuzzedDataProvider::ConsumeRandomLengthString.
 "\\ "
-# There is a lot of use of ConsumeUint32InRange clients, like ConsumeBool,
+# There is a lot of use of ConsumeIntegralInRange clients, like ConsumeBool,
 # so try make it easy to produce lots of inputs for these.
 "\x00\x00\x00\x00"
--- a/net/dns/fuzzed_host_resolver.cc
+++ b/net/dns/fuzzed_host_resolver.cc
@@ -168,14 +168,14 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
  DnsConfig config;
  // Fuzz name servers.
-  uint32_t num_nameservers = data_provider_->ConsumeUint32InRange(0, 4);
+  uint32_t num_nameservers = data_provider_->ConsumeIntegralInRange(0, 4);
  for (uint32_t i = 0; i < num_nameservers; ++i) {
    config.nameservers.push_back(
        IPEndPoint(FuzzIPAddress(data_provider_), FuzzPort(data_provider_)));
  }
  // Fuzz suffix search list.
-  switch (data_provider_->ConsumeUint32InRange(0, 3)) {
+  switch (data_provider_->ConsumeIntegralInRange(0, 3)) {
    case 3:
      config.search.push_back("foo.com");
      FALLTHROUGH;
@@ -204,8 +204,8 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
  config.unhandled_options = data_provider_->ConsumeBool();
  config.append_to_multi_label_name = data_provider_->ConsumeBool();
  config.randomize_ports = data_provider_->ConsumeBool();
-  config.ndots = data_provider_->ConsumeInt32InRange(0, 3);
+  config.ndots = data_provider_->ConsumeIntegralInRange(0, 3);
-  config.attempts = data_provider_->ConsumeInt32InRange(1, 3);
+  config.attempts = data_provider_->ConsumeIntegralInRange(1, 3);
  // Timeouts don't really work for fuzzing. Even a timeout of 0 milliseconds
  // will be increased after the first timeout, resulting in inconsistent
@@ -218,7 +218,7 @@ void FuzzedHostResolver::SetDnsClientEnabled(bool enabled) {
  std::unique_ptr<DnsClient> dns_client = DnsClient::CreateClientForTesting(
      net_log_, &socket_factory_,
-      base::Bind(&base::FuzzedDataProvider::ConsumeInt32InRange,
+      base::Bind(&base::FuzzedDataProvider::ConsumeIntegralInRange<int32_t>,
                 base::Unretained(data_provider_)));
  dns_client->SetConfig(config);
  SetDnsClient(std::move(dns_client));

--- a/net/dns/host_resolver_impl_fuzzer.cc
+++ b/net/dns/host_resolver_impl_fuzzer.cc
@@ -64,8 +64,8 @@ class DnsRequest {
      std::vector<std::unique_ptr<DnsRequest>>* dns_requests) {
    if (dns_requests->empty())
      return;
-    uint32_t index =
+    uint32_t index = data_provider->ConsumeIntegralInRange<uint32_t>(
-        data_provider->ConsumeUint32InRange(0, dns_requests->size() - 1);
+        0, dns_requests->size() - 1);
    // Remove the request from the list before waiting on it - this prevents one
    // of the other callbacks from deleting the callback being waited on.
@@ -83,8 +83,8 @@ class DnsRequest {
      std::vector<std::unique_ptr<DnsRequest>>* dns_requests) {
    if (dns_requests->empty())
      return;
-    uint32_t index =
+    uint32_t index = data_provider->ConsumeIntegralInRange<uint32_t>(
-        data_provider->ConsumeUint32InRange(0, dns_requests->size() - 1);
+        0, dns_requests->size() - 1);
    auto request = dns_requests->begin() + index;
    (*request)->Cancel();
    dns_requests->erase(request);
@@ -112,7 +112,7 @@ class DnsRequest {
    while (true) {
      bool done = false;
-      switch (data_provider_->ConsumeInt32InRange(0, 2)) {
+      switch (data_provider_->ConsumeIntegralInRange(0, 2)) {
        case 0:
          // Quit on 0, or when no data is left.
          done = true;
@@ -141,9 +141,9 @@ class DnsRequest {
    if (data_provider_->ConsumeBool())
      info.set_host_resolver_flags(net::HOST_RESOLVER_CANONNAME);
-    net::RequestPriority priority =
+    net::RequestPriority priority = static_cast<net::RequestPriority>(
-        static_cast<net::RequestPriority>(data_provider_->ConsumeInt32InRange(
+        data_provider_->ConsumeIntegralInRange<int32_t>(net::MINIMUM_PRIORITY,
-            net::MINIMUM_PRIORITY, net::MAXIMUM_PRIORITY));
+                                                        net::MAXIMUM_PRIORITY));
    // Decide if should be a cache-only resolution.
    if (data_provider_->ConsumeBool()) {
@@ -206,7 +206,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    net::TestNetLog net_log;
    net::HostResolver::Options options;
-    options.max_concurrent_resolves = data_provider.ConsumeUint32InRange(1, 8);
+    options.max_concurrent_resolves =
+        data_provider.ConsumeIntegralInRange(1, 8);
    options.enable_caching = data_provider.ConsumeBool();
    net::FuzzedHostResolver host_resolver(options, &net_log, &data_provider);
    host_resolver.SetDnsClientEnabled(data_provider.ConsumeBool());
@@ -214,7 +215,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
    std::vector<std::unique_ptr<DnsRequest>> dns_requests;
    bool done = false;
    while (!done) {
-      switch (data_provider.ConsumeInt32InRange(0, 3)) {
+      switch (data_provider.ConsumeIntegralInRange(0, 3)) {
        case 0:
          // Quit on 0, or when no data is left.
          done = true;

--- a/net/filter/fuzzed_source_stream.cc
+++ b/net/filter/fuzzed_source_stream.cc
@@ -40,7 +40,7 @@ int FuzzedSourceStream::Read(IOBuffer* buf,
  DCHECK_LE(0, buf_len);
  bool sync = data_provider_->ConsumeBool();
-  int result = data_provider_->ConsumeUint32InRange(0, buf_len);
+  int result = data_provider_->ConsumeIntegralInRange(0, buf_len);
  std::string data = data_provider_->ConsumeBytesAsString(result);
  result = data.size();

--- a/net/ntlm/ntlm_client_fuzzer.cc
+++ b/net/ntlm/ntlm_client_fuzzer.cc
@@ -24,9 +24,7 @@ base::string16 ConsumeRandomLengthString16(
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  base::FuzzedDataProvider fdp(data, size);
  bool is_v2 = fdp.ConsumeBool();
-  uint64_t client_time =
+  uint64_t client_time = fdp.ConsumeUint64();
-      (static_cast<uint64_t>(fdp.ConsumeUint32InRange(0, 0xffffffffu)) << 32) |
-      static_cast<uint64_t>(fdp.ConsumeUint32InRange(0, 0xffffffffu));
  net::ntlm::NtlmClient client((net::ntlm::NtlmFeatures(is_v2)));
  // Generate the input strings and challenge message. The strings will have a

--- a/net/socket/fuzzed_datagram_client_socket.cc
+++ b/net/socket/fuzzed_datagram_client_socket.cc
@@ -140,7 +140,7 @@ int FuzzedDatagramClientSocket::Read(IOBuffer* buf,
  // Get contents of response.
  std::string data = data_provider_->ConsumeRandomLengthString(
-      data_provider_->ConsumeUint32InRange(0, buf_len));
+      data_provider_->ConsumeIntegralInRange(0, buf_len));
  int result;
  if (data.size() > 0) {

--- a/net/socket/socks_client_socket_fuzzer.cc
+++ b/net/socket/socks_client_socket_fuzzer.cc
@@ -36,7 +36,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  scoped_refptr<net::RuleBasedHostResolverProc> rules(
      new net::RuleBasedHostResolverProc(nullptr));
  mock_host_resolver.set_synchronous_mode(data_provider.ConsumeBool());
-  switch (data_provider.ConsumeInt32InRange(0, 2)) {
+  switch (data_provider.ConsumeIntegralInRange(0, 2)) {
    case 0:
      rules->AddRule("*", "127.0.0.1");
      break;

--- a/net/third_party/http2/decoder/http2_frame_decoder_fuzzer.cc
+++ b/net/third_party/http2/decoder/http2_frame_decoder_fuzzer.cc
@@ -15,7 +15,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  base::FuzzedDataProvider fuzzed_data_provider(data, size);
  http2::Http2FrameDecoder decoder;
  while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
    std::vector<char> chunk =
        fuzzed_data_provider.ConsumeBytes<char>(chunk_size);

--- a/net/third_party/http2/hpack/decoder/hpack_decoder_fuzzer.cc
+++ b/net/third_party/http2/hpack/decoder/hpack_decoder_fuzzer.cc
@@ -18,12 +18,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  base::FuzzedDataProvider fuzzed_data_provider(data, size);
  size_t max_string_size =
-      fuzzed_data_provider.ConsumeUint32InRange(1, 10 * size);
+      fuzzed_data_provider.ConsumeIntegralInRange<size_t>(1, 10 * size);
  http2::HpackDecoder decoder(http2::HpackDecoderNoOpListener::NoOpListener(),
                              max_string_size);
  decoder.StartDecodingBlock();
  while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
    std::vector<char> chunk =
        fuzzed_data_provider.ConsumeBytes<char>(chunk_size);

--- a/net/third_party/quic/core/qpack/fuzzer/qpack_decoder_fuzzer.cc
+++ b/net/third_party/quic/core/qpack/fuzzer/qpack_decoder_fuzzer.cc
@@ -38,8 +38,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Process up to 64 kB fragments at a time.  Too small upper bound might not
  // provide enough coverage, too large would make fuzzing less efficient.
-  auto fragment_size_generator = std::bind(
+  auto fragment_size_generator =
-      &QuicFuzzedDataProvider::ConsumeUint32InRange, &provider, 1, 64 * 1024);
+      std::bind(&QuicFuzzedDataProvider::ConsumeIntegralInRange<uint32_t>,
+                &provider, 1, 64 * 1024);
  QpackDecode(
      &handler, fragment_size_generator,

--- a/net/third_party/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc
+++ b/net/third_party/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc
@@ -119,8 +119,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Process up to 64 kB fragments at a time.  Too small upper bound might not
  // provide enough coverage, too large would make fuzzing less efficient.
-  auto fragment_size_generator = std::bind(
+  auto fragment_size_generator =
-      &QuicFuzzedDataProvider::ConsumeUint32InRange, &provider, 1, 64 * 1024);
+      std::bind(&QuicFuzzedDataProvider::ConsumeIntegralInRange<uint32_t>,
+                &provider, 1, 64 * 1024);
  // Encode header list.
  QuicString encoded_header_block =

--- a/net/url_request/url_request_data_job_fuzzer.cc
+++ b/net/url_request/url_request_data_job_fuzzer.cc
@@ -47,7 +47,7 @@ class URLRequestDataJobFuzzerHarness : public net::URLRequest::Delegate {
    read_lengths_.clear();
    // Allocate an IOBuffer with fuzzed size.
-    int buf_size = provider.ConsumeUint32InRange(1, 127);  // 7 bits.
+    int buf_size = provider.ConsumeIntegralInRange(1, 127);  // 7 bits.
    buf_ = base::MakeRefCounted<net::IOBufferWithSize>(buf_size);
    // Generate a range header, and a bool determining whether to use it.
@@ -63,7 +63,7 @@ class URLRequestDataJobFuzzerHarness : public net::URLRequest::Delegate {
    size_t simulated_bytes_read = 0;
    while (simulated_bytes_read < provider.remaining_bytes() &&
           read_lengths_.size() < 20000u) {
-      size_t read_length = provider.ConsumeUint32InRange(1, buf_size);
+      size_t read_length = provider.ConsumeIntegralInRange(1, buf_size);
      read_lengths_.push_back(read_length);
      simulated_bytes_read += read_length;
    }

--- a/net/websockets/websocket_deflate_stream_fuzzer.cc
+++ b/net/websockets/websocket_deflate_stream_fuzzer.cc
@@ -67,7 +67,8 @@ class WebSocketFuzzedStream final : public WebSocketStream {
 private:
  std::unique_ptr<WebSocketFrame> CreateFrame() {
    WebSocketFrameHeader::OpCode opcode =
-        fuzzed_data_provider_->ConsumeUint32InRange(
+        fuzzed_data_provider_
+            ->ConsumeIntegralInRange<WebSocketFrameHeader::OpCode>(
                WebSocketFrameHeader::kOpCodeContinuation,
                WebSocketFrameHeader::kOpCodeControlUnused);
    auto frame = std::make_unique<WebSocketFrame>(opcode);
@@ -80,7 +81,7 @@ class WebSocketFuzzedStream final : public WebSocketStream {
    frame->header.reserved3 = (flags >> 3) & 0x1;
    frame->header.masked = (flags >> 4) & 0x1;
    uint64_t payload_length =
-        fuzzed_data_provider_->ConsumeUint32InRange(0, 64);
+        fuzzed_data_provider_->ConsumeIntegralInRange(0, 64);
    std::vector<char> payload =
        fuzzed_data_provider_->ConsumeBytes<char>(payload_length);
    frame->data = base::MakeRefCounted<IOBufferWithSize>(payload.size());

--- a/net/websockets/websocket_frame_parser_fuzzer.cc
+++ b/net/websockets/websocket_frame_parser_fuzzer.cc
@@ -16,7 +16,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  net::WebSocketFrameParser parser;
  std::vector<std::unique_ptr<net::WebSocketFrameChunk>> frame_chunks;
  while (fuzzed_data_provider.remaining_bytes() > 0) {
-    size_t chunk_size = fuzzed_data_provider.ConsumeUint32InRange(1, 32);
+    size_t chunk_size = fuzzed_data_provider.ConsumeIntegralInRange(1, 32);
    std::vector<char> chunk =
        fuzzed_data_provider.ConsumeBytes<char>(chunk_size);
    parser.Decode(chunk.data(), chunk.size(), &frame_chunks);

--- a/third_party/blink/renderer/core/css/parser/css_parser_fast_paths_fuzzer.cc
+++ b/third_party/blink/renderer/core/css/parser/css_parser_fast_paths_fuzzer.cc
@@ -18,7 +18,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  blink::FuzzedDataProvider provider(data, size);
  const auto property_id =
-      blink::convertToCSSPropertyID(provider.ConsumeInt32InRange(
+      blink::convertToCSSPropertyID(provider.ConsumeIntegralInRange<int>(
          blink::firstCSSProperty, blink::lastCSSProperty));
  const auto data_string = provider.ConsumeRemainingBytes();

--- a/third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h
+++ b/third_party/blink/renderer/core/html/parser/text_resource_decoder_for_fuzzing.h
@@ -22,7 +22,7 @@ class TextResourceDecoderForFuzzing : public TextResourceDecoder {
  static TextResourceDecoderOptions FuzzedOption(
      FuzzedDataProvider& fuzzed_data) {
    switch (static_cast<TextResourceDecoderOptions::EncodingDetectionOption>(
-        fuzzed_data.ConsumeInt32InRange(
+        fuzzed_data.ConsumeIntegralInRange<int32_t>(
            TextResourceDecoderOptions::kUseAllAutoDetection,
            TextResourceDecoderOptions::kAlwaysUseUTF8ForText))) {
      case TextResourceDecoderOptions::kUseAllAutoDetection:
@@ -42,7 +42,7 @@ class TextResourceDecoderForFuzzing : public TextResourceDecoder {
  static TextResourceDecoderOptions::ContentType FuzzedContentType(
      FuzzedDataProvider& fuzzed_data) {
    return static_cast<TextResourceDecoderOptions::ContentType>(
-        fuzzed_data.ConsumeInt32InRange(
+        fuzzed_data.ConsumeIntegralInRange<int32_t>(
            TextResourceDecoderOptions::kPlainTextContent,
            TextResourceDecoderOptions::kMaxContentType));
  }

--- a/third_party/blink/renderer/platform/testing/fuzzed_data_provider.cc
+++ b/third_party/blink/renderer/platform/testing/fuzzed_data_provider.cc
@@ -11,8 +11,7 @@ FuzzedDataProvider::FuzzedDataProvider(const uint8_t* bytes, size_t num_bytes)
 CString FuzzedDataProvider::ConsumeBytesInRange(uint32_t min_bytes,
                                                uint32_t max_bytes) {
-  size_t num_bytes =
+  size_t num_bytes = provider_.ConsumeIntegralInRange(min_bytes, max_bytes);
-      static_cast<size_t>(provider_.ConsumeUint32InRange(min_bytes, max_bytes));
  std::vector<char> bytes = provider_.ConsumeBytes<char>(num_bytes);
  return CString(bytes.data(), bytes.size());
 }
@@ -22,12 +21,4 @@ CString FuzzedDataProvider::ConsumeRemainingBytes() {
  return CString(bytes.data(), bytes.size());
 }
-bool FuzzedDataProvider::ConsumeBool() {
-  return provider_.ConsumeBool();
-}
-int FuzzedDataProvider::ConsumeInt32InRange(int min, int max) {
-  return provider_.ConsumeInt32InRange(min, max);
-}
 }  // namespace blink
--- a/third_party/blink/renderer/platform/testing/fuzzed_data_provider.h
+++ b/third_party/blink/renderer/platform/testing/fuzzed_data_provider.h
@@ -28,19 +28,22 @@ class FuzzedDataProvider {
  CString ConsumeRemainingBytes();
  // Returns a bool, or false when no data remains.
-  bool ConsumeBool();
+  bool ConsumeBool() { return provider_.ConsumeBool(); }
  // Returns a number in the range [min, max] by consuming bytes from the input
  // data. The value might not be uniformly distributed in the given range. If
  // there's no input data left, always returns |min|. |min| must be less than
  // or equal to |max|.
-  int ConsumeInt32InRange(int min, int max);
+  template <typename T>
+  T ConsumeIntegralInRange(T min, T max) {
+    return provider_.ConsumeIntegralInRange<T>(min, max);
+  }
  // Returns a value from |array|, consuming as many bytes as needed to do so.
  // |array| must be a fixed-size array.
-  template <typename Type, size_t size>
+  template <typename T, size_t size>
-  Type PickValueInArray(Type (&array)[size]) {
+  T PickValueInArray(T (&array)[size]) {
-    return array[provider_.ConsumeUint32InRange(0, size - 1)];
+    return array[provider_.ConsumeIntegralInRange<size_t>(0, size - 1)];
  }
  // Reports the remaining bytes available for fuzzed input.

--- a/third_party/ced/compact_enc_det_fuzzer.cc
+++ b/third_party/ced/compact_enc_det_fuzzer.cc
@@ -21,11 +21,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  CompactEncDet::TextCorpusType corpus =
      static_cast<CompactEncDet::TextCorpusType>(
-          data_provider.ConsumeInt32InRange(0, CompactEncDet::NUM_CORPA));
+          data_provider.ConsumeIntegralInRange<int32_t>(
+              0, CompactEncDet::NUM_CORPA));
  Encoding encoding_hint = static_cast<Encoding>(
-      data_provider.ConsumeInt32InRange(0, NUM_ENCODINGS));
+      data_provider.ConsumeIntegralInRange<int32_t>(0, NUM_ENCODINGS));
  Language langauge_hint = static_cast<Language>(
-      data_provider.ConsumeInt32InRange(0, NUM_LANGUAGES));
+      data_provider.ConsumeIntegralInRange<int32_t>(0, NUM_LANGUAGES));
  bool ignore_7bit_mail_encodings = data_provider.ConsumeBool();
  std::vector<char> text = data_provider.ConsumeRemainingBytes<char>();

--- a/third_party/sfntly/fuzzers/subset_font_fuzzer.cc
+++ b/third_party/sfntly/fuzzers/subset_font_fuzzer.cc
@@ -16,10 +16,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  constexpr int kMaxFontSize = 50 * 1024 * 1024;
  base::FuzzedDataProvider fuzzed_data(data, size);
-  size_t font_name_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontNameSize);
+  size_t font_name_size =
+      fuzzed_data.ConsumeIntegralInRange(0, kMaxFontNameSize);
  std::string font_name = fuzzed_data.ConsumeBytesAsString(font_name_size);
-  size_t font_str_size = fuzzed_data.ConsumeUint32InRange(0, kMaxFontSize);
+  size_t font_str_size = fuzzed_data.ConsumeIntegralInRange(0, kMaxFontSize);
  std::vector<unsigned char> font_str =
      fuzzed_data.ConsumeBytes<unsigned char>(font_str_size);