chromium/chrome/services/sharing/nearby/decoder/nearby_decoder_decode_advertisement_fuzzer.cc

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/services/sharing/nearby/decoder/nearby_decoder.h"

#include <stddef.h>
#include <stdint.h>
#include <memory>
#include <vector>

#include "base/logging.h"
#include "base/no_destructor.h"
#include "base/run_loop.h"
#include "base/task/single_thread_task_executor.h"
#include "chromeos/ash/services/nearby/public/mojom/nearby_decoder.mojom.h"
#include "chromeos/ash/services/nearby/public/mojom/nearby_decoder_types.mojom.h"
#include "mojo/core/embedder/embedder.h"
#include "mojo/public/cpp/bindings/remote.h"

struct Environment {
  Environment() {
    mojo::core::Init();
    // Disable noisy logging as per "libFuzzer in Chrome" documentation:
    // testing/libfuzzer/getting_started.md#Disable-noisy-error-message-logging.
    logging::SetMinLogLevel(logging::LOGGING_FATAL);

    // Create instance once to be reused between fuzzing rounds.
    decoder = std::make_unique<sharing::NearbySharingDecoder>(
        remote.BindNewPipeAndPassReceiver(),
        /*on_disconnect=*/base::DoNothing());
  }

  base::SingleThreadTaskExecutor task_executor;
  mojo::Remote<::sharing::mojom::NearbySharingDecoder> remote;
  std::unique_ptr<sharing::NearbySharingDecoder> decoder;
};

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  static base::NoDestructor<Environment> environment;

  std::vector<uint8_t> buffer(data, data + size);
  base::RunLoop run_loop;
  environment->decoder->DecodeAdvertisement(
      buffer, base::BindOnce(
                  [](base::RunLoop* run_loop,
                     ::sharing::mojom::AdvertisementPtr advertisement) {
                    run_loop->Quit();
                  },
                  &run_loop));
  run_loop.Run();

  return 0;
}