Loading libs/binder/tests/parcel_fuzzer/binder.cpp +5 −0 Original line number Diff line number Diff line Loading @@ -121,6 +121,11 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors), PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders), PARCEL_READ_NO_STATUS(std::vector<int>, debugReadAllFileDescriptors), [] (const ::android::Parcel& p, FuzzedDataProvider&) { FUZZ_LOG() << "about to markSensitive"; p.markSensitive(); FUZZ_LOG() << "markSensitive done"; }, [] (const ::android::Parcel& p, FuzzedDataProvider& provider) { std::string interface = provider.ConsumeRandomLengthString(); FUZZ_LOG() << "about to enforceInterface: " << interface; Loading libs/binder/tests/parcel_fuzzer/random_parcel.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,13 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, const uint8_t fuzzerParcelOptions = provider.ConsumeIntegral<uint8_t>(); const bool resultShouldBeView = fuzzerParcelOptions & 1; const bool resultShouldBeRpc = fuzzerParcelOptions & 2; const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4; auto sensitivity_guard = binder::impl::make_scope_guard([&]() { if (resultShouldMarkSensitive) { outputParcel->markSensitive(); } }); Parcel* p; if (resultShouldBeView) { Loading @@ -49,6 +56,9 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, } else { p = outputParcel; // directly fill out the output Parcel } // must be last guard, so outputParcel gets setup as view before // other guards auto viewify_guard = binder::impl::make_scope_guard([&]() { if (resultShouldBeView) { outputParcel->makeDangerousViewOf(p); Loading Loading
libs/binder/tests/parcel_fuzzer/binder.cpp +5 −0 Original line number Diff line number Diff line Loading @@ -121,6 +121,11 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors), PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders), PARCEL_READ_NO_STATUS(std::vector<int>, debugReadAllFileDescriptors), [] (const ::android::Parcel& p, FuzzedDataProvider&) { FUZZ_LOG() << "about to markSensitive"; p.markSensitive(); FUZZ_LOG() << "markSensitive done"; }, [] (const ::android::Parcel& p, FuzzedDataProvider& provider) { std::string interface = provider.ConsumeRandomLengthString(); FUZZ_LOG() << "about to enforceInterface: " << interface; Loading
libs/binder/tests/parcel_fuzzer/random_parcel.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -40,6 +40,13 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, const uint8_t fuzzerParcelOptions = provider.ConsumeIntegral<uint8_t>(); const bool resultShouldBeView = fuzzerParcelOptions & 1; const bool resultShouldBeRpc = fuzzerParcelOptions & 2; const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4; auto sensitivity_guard = binder::impl::make_scope_guard([&]() { if (resultShouldMarkSensitive) { outputParcel->markSensitive(); } }); Parcel* p; if (resultShouldBeView) { Loading @@ -49,6 +56,9 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, } else { p = outputParcel; // directly fill out the output Parcel } // must be last guard, so outputParcel gets setup as view before // other guards auto viewify_guard = binder::impl::make_scope_guard([&]() { if (resultShouldBeView) { outputParcel->makeDangerousViewOf(p); Loading
