It handles outside data -> should be fuzzed.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1531f72f4b6639759c9d81fb451cb662ebc54a11 commit 1531f72f4b6639759c9d81fb451cb662ebc54a11 Author: morlovich <morlovich@chromium.org> Date: Fri Feb 03 18:11:11 2017 Add missing case in MapFramerErrorToNetError (SpdyFramer::SPDY_OVERSIZED_PAYLOAD) BUG=688004 Review-Url: https://codereview.chromium.org/2669263002 Cr-Commit-Position: refs/heads/master@{#448027} [modify] https://crrev.com/1531f72f4b6639759c9d81fb451cb662ebc54a11/net/spdy/spdy_session.cc [modify] https://crrev.com/1531f72f4b6639759c9d81fb451cb662ebc54a11/net/spdy/spdy_session_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ab1d1c1eb4095b86642845b826e6c43a1204be2a commit ab1d1c1eb4095b86642845b826e6c43a1204be2a Author: morlovich <morlovich@chromium.org> Date: Tue Feb 07 19:59:28 2017 Don't access .spec on a !is_valid PUSH_PROMISE URL. This avoids a DCHECK, and also logs the failing URL, rather than "" (the fallback behavior in the method's non-debug build). BUG=688004 Review-Url: https://codereview.chromium.org/2673363003 Cr-Commit-Position: refs/heads/master@{#448708} [modify] https://crrev.com/ab1d1c1eb4095b86642845b826e6c43a1204be2a/net/spdy/spdy_network_transaction_unittest.cc [modify] https://crrev.com/ab1d1c1eb4095b86642845b826e6c43a1204be2a/net/spdy/spdy_session.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/26140d43a8fd469f8746ba6552192517276652af commit 26140d43a8fd469f8746ba6552192517276652af Author: morlovich <morlovich@chromium.org> Date: Tue Feb 07 23:38:44 2017 Cleanup control_frame_fields_ if coalescer rejected the headers. Avoids a DCHECK on following frames on the same connection. Also refactored some tests for BufferedSpdyFramer slightly to avoid pointless reinterpret_cast back and forth. BUG=688004 Review-Url: https://codereview.chromium.org/2686613002 Cr-Commit-Position: refs/heads/master@{#448790} [modify] https://crrev.com/26140d43a8fd469f8746ba6552192517276652af/net/spdy/buffered_spdy_framer.cc [modify] https://crrev.com/26140d43a8fd469f8746ba6552192517276652af/net/spdy/buffered_spdy_framer_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609 commit 833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609 Author: morlovich <morlovich@chromium.org> Date: Fri Feb 10 16:53:04 2017 Initial fuzzer for SpdySession This is pretty limited in what it covers since it doesn't attempt to request other streams and the like; felt like the minimum reviewable version. BUG=688004 Review-Url: https://codereview.chromium.org/2686673003 Cr-Commit-Position: refs/heads/master@{#449636} [modify] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/BUILD.gn [add] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/data/fuzzer_data/net_spdy_session_fuzzer/simple_reply.bin [add] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/data/fuzzer_dictionaries/net_spdy_session_fuzzer.dict [modify] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/socket/fuzzed_socket_factory.cc [modify] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/socket/fuzzed_socket_factory.h [add] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/spdy/spdy_session_fuzzer.cc [modify] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/spdy/spdy_test_util_common.cc [modify] https://crrev.com/833190ec3fb8c4dd2d66e1b5b2ed3cf34a70f609/net/spdy/spdy_test_util_common.h
Comment 1 by mmenke@chromium.org
, Feb 2 2017