diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 01:47:29 +0000 |
commit | 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d (patch) | |
tree | a31f07c9bcca9d56ce61e9a1ffd30ef350d513aa /netwerk/test/fuzz/TestURIFuzzing.cpp | |
parent | Initial commit. (diff) | |
download | firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.tar.xz firefox-esr-0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d.zip |
Adding upstream version 115.8.0esr.upstream/115.8.0esr
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'netwerk/test/fuzz/TestURIFuzzing.cpp')
-rw-r--r-- | netwerk/test/fuzz/TestURIFuzzing.cpp | 240 |
1 files changed, 240 insertions, 0 deletions
diff --git a/netwerk/test/fuzz/TestURIFuzzing.cpp b/netwerk/test/fuzz/TestURIFuzzing.cpp new file mode 100644 index 0000000000..bbd76706fc --- /dev/null +++ b/netwerk/test/fuzz/TestURIFuzzing.cpp @@ -0,0 +1,240 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +#include <iostream> + +#include "FuzzingInterface.h" +#include "nsComponentManagerUtils.h" +#include "nsCOMPtr.h" +#include "nsIURL.h" +#include "nsIStandardURL.h" +#include "nsIURIMutator.h" +#include "nsNetUtil.h" +#include "nsNetCID.h" +#include "nsPrintfCString.h" +#include "nsString.h" +#include "mozilla/Encoding.h" +#include "mozilla/Span.h" +#include "mozilla/Unused.h" + +template <typename T> +T get_numeric(char** buf, size_t* size) { + if (sizeof(T) > *size) { + return 0; + } + + T* iptr = reinterpret_cast<T*>(*buf); + *buf += sizeof(T); + *size -= sizeof(T); + return *iptr; +} + +nsAutoCString get_string(char** buf, size_t* size) { + uint8_t len = get_numeric<uint8_t>(buf, size); + if (len > *size) { + len = static_cast<uint8_t>(*size); + } + nsAutoCString str(*buf, len); + + *buf += len; + *size -= len; + return str; +} + +const char* charsets[] = { + "Big5", "EUC-JP", "EUC-KR", "gb18030", + "gbk", "IBM866", "ISO-2022-JP", "ISO-8859-10", + "ISO-8859-13", "ISO-8859-14", "ISO-8859-15", "ISO-8859-16", + "ISO-8859-2", "ISO-8859-3", "ISO-8859-4", "ISO-8859-5", + "ISO-8859-6", "ISO-8859-7", "ISO-8859-8", "ISO-8859-8-I", + "KOI8-R", "KOI8-U", "macintosh", "replacement", + "Shift_JIS", "UTF-16BE", "UTF-16LE", "UTF-8", + "windows-1250", "windows-1251", "windows-1252", "windows-1253", + "windows-1254", "windows-1255", "windows-1256", "windows-1257", + "windows-1258", "windows-874", "x-mac-cyrillic", "x-user-defined"}; + +static int FuzzingRunURIParser(const uint8_t* data, size_t size) { + char* buf = (char*)data; + + nsCOMPtr<nsIURI> uri; + nsAutoCString spec = get_string(&buf, &size); + + nsresult rv = NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec(spec) + .Finalize(uri); + + if (NS_FAILED(rv)) { + return 0; + } + + uint8_t iters = get_numeric<uint8_t>(&buf, &size); + for (int i = 0; i < iters; i++) { + if (get_numeric<uint8_t>(&buf, &size) % 25 != 0) { + NS_MutateURI mutator(uri); + nsAutoCString acdata = get_string(&buf, &size); + + switch (get_numeric<uint8_t>(&buf, &size) % 12) { + default: + mutator.SetSpec(acdata); + break; + case 1: + mutator.SetScheme(acdata); + break; + case 2: + mutator.SetUserPass(acdata); + break; + case 3: + mutator.SetUsername(acdata); + break; + case 4: + mutator.SetPassword(acdata); + break; + case 5: + mutator.SetHostPort(acdata); + break; + case 6: + // Called via SetHostPort + mutator.SetHost(acdata); + break; + case 7: + // Called via multiple paths + mutator.SetPathQueryRef(acdata); + break; + case 8: + mutator.SetRef(acdata); + break; + case 9: + mutator.SetFilePath(acdata); + break; + case 10: + mutator.SetQuery(acdata); + break; + case 11: { + const uint8_t index = get_numeric<uint8_t>(&buf, &size) % + (sizeof(charsets) / sizeof(char*)); + const char* charset = charsets[index]; + auto encoding = mozilla::Encoding::ForLabelNoReplacement( + mozilla::MakeStringSpan(charset)); + mutator.SetQueryWithEncoding(acdata, encoding); + break; + } + } + + nsresult rv = mutator.Finalize(uri); + if (NS_FAILED(rv)) { + return 0; + } + } else { + nsAutoCString out; + + if (uri) { + switch (get_numeric<uint8_t>(&buf, &size) % 26) { + default: + uri->GetSpec(out); + break; + case 1: + uri->GetPrePath(out); + break; + case 2: + uri->GetScheme(out); + break; + case 3: + uri->GetUserPass(out); + break; + case 4: + uri->GetUsername(out); + break; + case 5: + uri->GetPassword(out); + break; + case 6: + uri->GetHostPort(out); + break; + case 7: + uri->GetHost(out); + break; + case 8: { + int rv; + uri->GetPort(&rv); + break; + } + case 9: + uri->GetPathQueryRef(out); + break; + case 10: { + nsCOMPtr<nsIURI> other; + bool rv; + nsAutoCString spec = get_string(&buf, &size); + NS_NewURI(getter_AddRefs(other), spec); + uri->Equals(other, &rv); + break; + } + case 11: { + nsAutoCString scheme = get_string(&buf, &size); + bool rv; + uri->SchemeIs("https", &rv); + break; + } + case 12: { + nsAutoCString in = get_string(&buf, &size); + uri->Resolve(in, out); + break; + } + case 13: + uri->GetAsciiSpec(out); + break; + case 14: + uri->GetAsciiHostPort(out); + break; + case 15: + uri->GetAsciiHost(out); + break; + case 16: + uri->GetRef(out); + break; + case 17: { + nsCOMPtr<nsIURI> other; + bool rv; + nsAutoCString spec = get_string(&buf, &size); + NS_NewURI(getter_AddRefs(other), spec); + uri->EqualsExceptRef(other, &rv); + break; + } + case 18: + uri->GetSpecIgnoringRef(out); + break; + case 19: { + bool rv; + uri->GetHasRef(&rv); + break; + } + case 20: + uri->GetFilePath(out); + break; + case 21: + uri->GetQuery(out); + break; + case 22: + uri->GetDisplayHost(out); + break; + case 23: + uri->GetDisplayHostPort(out); + break; + case 24: + uri->GetDisplaySpec(out); + break; + case 25: + uri->GetDisplayPrePath(out); + break; + } + } + } + } + + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(nullptr, FuzzingRunURIParser, URIParser); |