commit 6456b27a067cdb172d9c0510222222d387ded788
author Robert Sesek <rsesek@chromium.org> Thu Oct 24 22:33:24 2019
committer Commit Bot <commit-bot@chromium.org> Thu Oct 24 22:33:24 2019
tree 864b094a2290bfbb57566d3c68a65881ee293993
parent ce9a7623e943811a44becd067f624949d7c8a921

Convert TemplateURLParser's ParameterFilter to be a callback.

This removes a hurdle around object lifetimes for an upcoming change that
makes TemplateURLParser asynchronous.

Bug: 699342
Change-Id: I92d88f221d7c06f48d6f3e3a9e21f34514c70661
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1877188
Reviewed-by: Kevin Bailey <krb@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Ilya Sherman <isherman@chromium.org>
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#709248}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 11f9afd5dbb5c599b64956b734eefb8600dcd9a1

fuzzers/template_url_parser_fuzzer.cc

diff --git a/fuzzers/template_url_parser_fuzzer.cc b/fuzzers/template_url_parser_fuzzer.cc
index 64e9122..06889bc 100644
--- a/fuzzers/template_url_parser_fuzzer.cc
+++ b/fuzzers/template_url_parser_fuzzer.cc
@@ -11,28 +11,21 @@
 #include "libxml/parser.h"
 
 #include "base/at_exit.h"
+#include "base/bind.h"
 #include "base/command_line.h"
 #include "base/i18n/icu_util.h"
 #include "components/search_engines/search_terms_data.h"
 #include "components/search_engines/template_url.h"
 #include "components/search_engines/template_url_parser.h"
+#include "testing/libfuzzer/libfuzzer_exports.h"
 
-class PseudoRandomFilter : public TemplateURLParser::ParameterFilter {
- public:
-  explicit PseudoRandomFilter(uint32_t seed) : generator_(seed), pool_(0, 1) {}
-  ~PseudoRandomFilter() override = default;
-
-  bool KeepParameter(const std::string&, const std::string&) override {
-    // Return true 254/255 times, ie: as if pool_ only returned uint8_t.
-    return pool_(generator_) % (UINT8_MAX + 1);
-  }
-
- private:
-  std::mt19937 generator_;
-  // Use a uint16_t here instead of uint8_t because uniform_int_distribution
-  // does not support 8 bit types on Windows.
-  std::uniform_int_distribution<uint16_t> pool_;
-};
+bool PseudoRandomFilter(std::mt19937* generator,
+                        std::uniform_int_distribution<uint16_t>* pool,
+                        const std::string&,
+                        const std::string&) {
+  // Return true 254/255 times, ie: as if pool only returned uint8_t.
+  return (*pool)(*generator) % (UINT8_MAX + 1);
+}
 
 struct FuzzerFixedParams {
   uint32_t seed_;
@@ -60,11 +53,21 @@
   if (size < sizeof(FuzzerFixedParams)) {
     return 0;
   }
+
   const FuzzerFixedParams* params =
       reinterpret_cast<const FuzzerFixedParams*>(data);
   size -= sizeof(FuzzerFixedParams);
+
+  std::mt19937 generator(params->seed_);
+  // Use a uint16_t here instead of uint8_t because uniform_int_distribution
+  // does not support 8 bit types on Windows.
+  std::uniform_int_distribution<uint16_t> pool(0, 1);
+
+  TemplateURLParser::ParameterFilter filter =
+      base::BindRepeating(&PseudoRandomFilter, base::Unretained(&generator),
+                          base::Unretained(&pool));
+
   const char* char_data = reinterpret_cast<const char*>(params + 1);
-  PseudoRandomFilter filter(params->seed_);
-  TemplateURLParser::Parse(SearchTermsData(), char_data, size, &filter);
+  TemplateURLParser::Parse(SearchTermsData(), char_data, size, filter);
   return 0;
 }