Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1a90fc51 authored by Muhammad Haseeb Ahmad's avatar Muhammad Haseeb Ahmad
Browse files

Test: Add a fuzzer for libmedia's metadata component 

libmedia_metadata_fuzzer attempts to add random key/value pairs of the eligible types using metadata's appendBool and appendInt32 methods to a Metadata object. The fuzzer also calls the appendHeader() method to add a header, the updateLength() method during each iteration of appending key/val pairs and a resetParcel() method at the end.

Change-Id: I569c39954702f848bf5496528f7c3eb888c33ccc
parent 24ba1e48

media/libmedia/tests/fuzzer/Android.bp

0 → 100644
+10 −0
Original line number Diff line number Diff line 
cc_fuzz {

  name: "libmedia_metadata_fuzzer",

  srcs: [

    "libmedia_metadata_fuzzer.cpp",

  ],

  shared_libs: [

    "libmedia",

    "libbinder",

  ],

}
 
 No newline at end of file

media/libmedia/tests/fuzzer/libmedia_metadata_fuzzer.cpp

0 → 100644
+52 −0
Original line number Diff line number Diff line 
//This program fuzzes Metadata.cpp



#include <stddef.h>

#include <stdint.h>

#include <fuzzer/FuzzedDataProvider.h>

#include <media/Metadata.h>

#include <binder/Parcel.h>



using namespace android;

using namespace media;



static const float want_prob = 0.5;



bool bytesRemain(FuzzedDataProvider *fdp);



extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

    FuzzedDataProvider fdp(data, size);

    Parcel p;

    Metadata md = Metadata(&p);



    md.appendHeader();

    while (bytesRemain(&fdp)) {



        float got_prob = fdp.ConsumeProbability<float>();

        if (!bytesRemain(&fdp)) {

            break;

        }



        if (got_prob < want_prob) {

            int32_t key_bool = fdp.ConsumeIntegral<int32_t>();

            if (!bytesRemain(&fdp)) {

                break;

            }

            bool val_bool = fdp.ConsumeBool();

            md.appendBool(key_bool, val_bool);

        } else {

            int32_t key_int32 = fdp.ConsumeIntegral<int32_t>();

            if (!bytesRemain(&fdp)) {

                break;

            }

            bool val_int32 = fdp.ConsumeIntegral<int32_t>();

            md.appendInt32(key_int32, val_int32);

        }

        md.updateLength();

    }

    md.resetParcel();

    return 0;

}



bool bytesRemain(FuzzedDataProvider *fdp){

    return fdp -> remaining_bytes() > 0;

}
 
 No newline at end of file