|
| 1 | +/* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 | + * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 | + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ |
| 4 | + |
| 5 | +#include "FuzzingInterfaceStream.h" |
| 6 | + |
| 7 | +#include "mozilla/NullPrincipal.h" |
| 8 | +#include "mozilla/fuzzing/FuzzingStreamListener.h" |
| 9 | + |
| 10 | +#include "nsICategoryManager.h" |
| 11 | +#include "nsIChannel.h" |
| 12 | +#include "nsIInputStream.h" |
| 13 | +#include "nsILoadInfo.h" |
| 14 | +#include "nsIMimeConverter.h" |
| 15 | +#include "nsIServiceManager.h" |
| 16 | +#include "nsIStreamConverterService.h" |
| 17 | +#include "nsIStreamListener.h" |
| 18 | +#include "nsIURL.h" |
| 19 | + |
| 20 | +#include "nsCOMPtr.h" |
| 21 | +#include "nsMsgUtils.h" |
| 22 | +#include "nsNetCID.h" |
| 23 | +#include "nsNetUtil.h" |
| 24 | +#include "nsString.h" |
| 25 | +#include "nsServiceManagerUtils.h" |
| 26 | + |
| 27 | +using namespace mozilla; |
| 28 | +using namespace mozilla::net; |
| 29 | + |
| 30 | +static int InitMimeDecoder(int* argc, char*** argv) { return 0; } |
| 31 | + |
| 32 | +static int FuzzingMimeDecoder(nsCOMPtr<nsIInputStream> stream) { |
| 33 | + nsresult rv; |
| 34 | + |
| 35 | + nsCOMPtr<nsIChannel> channel; |
| 36 | + nsCOMPtr<nsILoadGroup> loadGroup; |
| 37 | + nsCOMPtr<nsIURI> uri; |
| 38 | + |
| 39 | + rv = NS_NewURI(getter_AddRefs(uri), "about:blank"); |
| 40 | + |
| 41 | + if (NS_FAILED(rv)) { |
| 42 | + MOZ_CRASH("Call to NS_NewURI() failed."); |
| 43 | + } |
| 44 | + |
| 45 | + nsCOMPtr<nsIPrincipal> nullPrincipal = |
| 46 | + NullPrincipal::CreateWithoutOriginAttributes(); |
| 47 | + |
| 48 | + rv = NS_NewInputStreamChannel( |
| 49 | + getter_AddRefs(channel), uri, stream.forget(), nullPrincipal, |
| 50 | + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, |
| 51 | + nsIContentPolicy::TYPE_OTHER); |
| 52 | + |
| 53 | + if (NS_FAILED(rv)) { |
| 54 | + MOZ_CRASH("Call to NS_NewInputStreamChannel() failed."); |
| 55 | + } |
| 56 | + |
| 57 | + nsCOMPtr<nsIStreamListener> conversionListener; |
| 58 | + nsCOMPtr<nsIStreamConverterService> streamConverter = |
| 59 | + do_GetService("@mozilla.org/streamConverters;1", &rv); |
| 60 | + |
| 61 | + if (NS_FAILED(rv)) { |
| 62 | + MOZ_CRASH("Call to do_GetService() failed."); |
| 63 | + } |
| 64 | + |
| 65 | + // This listener will simply consume all of our data and record when |
| 66 | + // the request is stopped so we can synchronize the fuzzing loop. |
| 67 | + RefPtr<FuzzingStreamListener> streamListener = new FuzzingStreamListener(); |
| 68 | + |
| 69 | + rv = streamConverter->AsyncConvertData("message/rfc822", "*/*", |
| 70 | + streamListener, channel, |
| 71 | + getter_AddRefs(conversionListener)); |
| 72 | + |
| 73 | + if (NS_FAILED(rv)) { |
| 74 | + MOZ_CRASH("Call to AsyncConvertData() failed."); |
| 75 | + } |
| 76 | + |
| 77 | + rv = channel->AsyncOpen(conversionListener); |
| 78 | + |
| 79 | + if (NS_FAILED(rv)) { |
| 80 | + MOZ_CRASH("Call to AsyncOpen() failed."); |
| 81 | + } |
| 82 | + |
| 83 | + // Wait for StopRequest. |
| 84 | + streamListener->waitUntilDone(); |
| 85 | + |
| 86 | + return 0; |
| 87 | +} |
| 88 | + |
| 89 | +MOZ_FUZZING_INTERFACE_STREAM(InitMimeDecoder, FuzzingMimeDecoder, MimeDecoder); |
0 commit comments