1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include <stddef.h>
6 #include <stdint.h>
7 
8 #include <string>
9 
10 #include "base/strings/string_tokenizer.h"
11 
GetAllTokens(base::StringTokenizer & t)12 void GetAllTokens(base::StringTokenizer& t) {
13   while (t.GetNext()) {
14     (void)t.token();
15   }
16 }
17 
18 // Entry point for LibFuzzer.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)19 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
20   uint8_t size_t_bytes = sizeof(size_t);
21   if (size < size_t_bytes + 1) {
22     return 0;
23   }
24 
25   // Calculate pattern size based on remaining bytes, otherwise fuzzing is
26   // inefficient with bailouts in most cases.
27   size_t pattern_size =
28       *reinterpret_cast<const size_t*>(data) % (size - size_t_bytes);
29 
30   std::string pattern(reinterpret_cast<const char*>(data + size_t_bytes),
31                       pattern_size);
32   std::string input(
33       reinterpret_cast<const char*>(data + size_t_bytes + pattern_size),
34       size - pattern_size - size_t_bytes);
35 
36   // Allow quote_chars and options to be set. Otherwise full coverage
37   // won't be possible since IsQuote, FullGetNext and other functions
38   // won't be called.
39   base::StringTokenizer t(input, pattern);
40   GetAllTokens(t);
41 
42   base::StringTokenizer t_quote(input, pattern);
43   t_quote.set_quote_chars("\"");
44   GetAllTokens(t_quote);
45 
46   base::StringTokenizer t_options(input, pattern);
47   t_options.set_options(base::StringTokenizer::RETURN_DELIMS);
48   GetAllTokens(t_options);
49 
50   base::StringTokenizer t_quote_and_options(input, pattern);
51   t_quote_and_options.set_quote_chars("\"");
52   t_quote_and_options.set_options(base::StringTokenizer::RETURN_DELIMS);
53   GetAllTokens(t_quote_and_options);
54 
55   return 0;
56 }
57