Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / net / spdy / fuzzing / hpack_fuzz_util.h
bloba15a3fd29951fc7b770a728c79723749722f0d07
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_
6 #define NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_
8 #include <string>
9 #include <vector>
11 #include "base/memory/scoped_ptr.h"
12 #include "base/strings/string_piece.h"
13 #include "net/base/net_export.h"
14 #include "net/spdy/hpack/hpack_decoder.h"
15 #include "net/spdy/hpack/hpack_encoder.h"
17 namespace net {
19 class NET_EXPORT_PRIVATE HpackFuzzUtil {
20 public:
21 // A GeneratorContext holds ordered header names & values which are
22 // initially seeded and then expanded with dynamically generated data.
23 struct NET_EXPORT_PRIVATE GeneratorContext {
24 GeneratorContext();
25 ~GeneratorContext();
26 std::vector<std::string> names;
27 std::vector<std::string> values;
30 // Initializes a GeneratorContext with a random seed and name/value fixtures.
31 static void InitializeGeneratorContext(GeneratorContext* context);
33 // Generates a header set from the generator context.
34 static SpdyHeaderBlock NextGeneratedHeaderSet(GeneratorContext* context);
36 // Samples a size from the exponential distribution with mean |mean|,
37 // upper-bounded by |sanity_bound|.
38 static size_t SampleExponential(size_t mean, size_t sanity_bound);
40 // Holds an input string, and manages an offset into that string.
41 struct NET_EXPORT_PRIVATE Input {
42 Input(); // Initializes |offset| to zero.
43 ~Input();
45 size_t remaining() {
46 return input.size() - offset;
48 const char* ptr() {
49 return input.data() + offset;
52 std::string input;
53 size_t offset;
56 // Returns true if the next header block was set at |out|. Returns
57 // false if no input header blocks remain.
58 static bool NextHeaderBlock(Input* input, base::StringPiece* out);
60 // Returns the serialized header block length prefix for a block of
61 // |block_size| bytes.
62 static std::string HeaderBlockPrefix(size_t block_size);
64 // A FuzzerContext holds fuzzer input, as well as each of the decoder and
65 // encoder stages which fuzzed header blocks are processed through.
66 struct NET_EXPORT_PRIVATE FuzzerContext {
67 FuzzerContext();
68 ~FuzzerContext();
69 scoped_ptr<HpackDecoder> first_stage;
70 scoped_ptr<HpackEncoder> second_stage;
71 scoped_ptr<HpackDecoder> third_stage;
74 static void InitializeFuzzerContext(FuzzerContext* context);
76 // Runs |input_block| through |first_stage| and, iff that succeeds,
77 // |second_stage| and |third_stage| as well. Returns whether all stages
78 // processed the input without error.
79 static bool RunHeaderBlockThroughFuzzerStages(FuzzerContext* context,
80 base::StringPiece input_block);
82 // Flips random bits within |buffer|. The total number of flips is
83 // |flip_per_thousand| bits for every 1,024 bytes of |buffer_length|,
84 // rounding up.
85 static void FlipBits(uint8* buffer,
86 size_t buffer_length,
87 size_t flip_per_thousand);
90 } // namespace net
92 #endif // NET_SPDY_FUZZING_HPACK_FUZZ_UTIL_H_