libaddressinput is used in the browser process but has zero fuzzing coverage: https://chromium-coverage.appspot.com/reports/600954_fuzzers_only/linux/chromium/src/third_party/libaddressinput/report.html
(bulk comment) To see the most recent code coverage report produced by the fuzz targets, use "latest" instead of the revision number in the URL to https://chromium-coverage.appspot.com/. For example, https://chromium-coverage.appspot.com/reports/601457_fuzzers_only/linux/index.html needs to be changed to https://chromium-coverage.appspot.com/reports/latest_fuzzers_only/linux/index.html.
From Rouslan: For the user input, the important APIs to fuzz are in the following: https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/addressinput_util.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=32 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/canonicalize_string.cc?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=37 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/chrome_address_validator.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=113 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/chrome_address_validator.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=142 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/chrome_address_validator.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=151 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/input_suggester.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=66 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/string_compare.cc?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=56 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/string_compare.cc?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=61 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_formatter.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=34 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_formatter.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=39 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_formatter.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=45 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_input_helper.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=51 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_normalizer.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=39 https://cs.chromium.org/chromium/src/third_party/libaddressinput/src/cpp/include/libaddressinput/address_validator.h?rcl=d7ed8e2f3f35ce9a3aafdfdc48745ceab66e7229&l=98 The filesystem caches the data downloaded from the servers, so fuzzing the following functions will test both scenarios: https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/chrome_metadata_source.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=33 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/chrome_storage_impl.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=33 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/json.cc?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=93 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/json.cc?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=105 https://cs.chromium.org/chromium/src/third_party/libaddressinput/chromium/trie.h?rcl=0c489f4f41545adab3d4682f0f3c99713a3cb062&l=37 Note that some of the links that I provided are source files instead of header files. That’s because Chrome replaces some generic libaddressinput sources with Chrome specific utilities that are more powerful.
I am starting with some samples in https://chromium-review.googlesource.com/c/chromium/src/+/1342760 Assigning to rouslan@ to cover other sites.
fyi, json.cc links above should already be tested by json_reader_fuzzer.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/72a0f3193e379995483047b00b00851f0504118b commit 72a0f3193e379995483047b00b00851f0504118b Author: Abhishek Arya <inferno@chromium.org> Date: Mon Nov 19 23:54:31 2018 Add two fuzz targets for libaddressinput. R=rouslan@chromium.org Bug: 900477 Change-Id: I48e0221d6df217863427316967a166174c0acf04 Reviewed-on: https://chromium-review.googlesource.com/c/1342760 Commit-Queue: Abhishek Arya <inferno@chromium.org> Reviewed-by: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#609513} [modify] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/BUILD.gn [modify] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/README.chromium [add] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/fuzz/data/fmt.dict [add] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/fuzz/data/require.dict [add] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/fuzz/parse_address_fields_fuzzer.cc [add] https://crrev.com/72a0f3193e379995483047b00b00851f0504118b/third_party/libaddressinput/fuzz/parse_format_rule_fuzzer.cc
Comment 1 by mmoroz@chromium.org
, Oct 31