Returns a std::string of length from 0 to |max_length|. When it runs out of input data, returns what remains of the input. Designed to be more stable with respect to a fuzzer inserting characters than just picking a random length and then consuming that many bytes with |ConsumeBytes|.
| 149 | // with respect to a fuzzer inserting characters than just picking a random |
| 150 | // length and then consuming that many bytes with |ConsumeBytes|. |
| 151 | inline std::string |
| 152 | FuzzedDataProvider::ConsumeRandomLengthString(size_t max_length) { |
| 153 | // Reads bytes from the start of |data_ptr_|. Maps "\\" to "\", and maps "\" |
| 154 | // followed by anything else to the end of the string. As a result of this |
| 155 | // logic, a fuzzer can insert characters into the string, and the string |
| 156 | // will be lengthened to include those new characters, resulting in a more |
| 157 | // stable fuzzer than picking the length of a string independently from |
| 158 | // picking its contents. |
| 159 | std::string result; |
| 160 | |
| 161 | // Reserve the anticipated capaticity to prevent several reallocations. |
| 162 | result.reserve(std::min(max_length, remaining_bytes_)); |
| 163 | for (size_t i = 0; i < max_length && remaining_bytes_ != 0; ++i) { |
| 164 | char next = ConvertUnsignedToSigned<char>(data_ptr_[0]); |
| 165 | Advance(1); |
| 166 | if (next == '\\' && remaining_bytes_ != 0) { |
| 167 | next = ConvertUnsignedToSigned<char>(data_ptr_[0]); |
| 168 | Advance(1); |
| 169 | if (next != '\\') |
| 170 | break; |
| 171 | } |
| 172 | result += next; |
| 173 | } |
| 174 | |
| 175 | result.shrink_to_fit(); |
| 176 | return result; |
| 177 | } |
| 178 | |
| 179 | // Returns a std::string of length from 0 to |remaining_bytes_|. |
| 180 | inline std::string FuzzedDataProvider::ConsumeRandomLengthString() { |
no test coverage detected