Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 40966bd4 authored by Aditya Wazir's avatar Aditya Wazir
Browse files

camera_fuzzer: Fix fd handling for native_handle_t object 

Resolved `fdsan: attempted to close file descriptor`
error by properly opening file descriptors in
CameraFuzzer::createNativeHandle. This ensures file
descriptors are correctly assigned in native_handle_t
objects used in camera_fuzzer.

Test: ./camera_fuzzer
Bug: 335562493

Change-Id: I393b7c8160520b3b0ba1d3d1d377c6980232fae8
parent db12f549

camera/tests/fuzzer/camera_fuzzer.cpp

+17 −12
Original line number Diff line number Diff line
@@ -88,6 +88,7 @@ class CameraFuzzer : public ::android::hardware::BnCameraClient { 
    bool initCamera();

    void invokeCamera();

    void invokeSetParameters();

    native_handle_t* createNativeHandle();

    sp<Camera> mCamera = nullptr;

    FuzzedDataProvider* mFDP = nullptr;
@@ -102,6 +103,18 @@ class CameraFuzzer : public ::android::hardware::BnCameraClient { 
    };

};



native_handle_t* CameraFuzzer::createNativeHandle() {

    int32_t numFds = mFDP->ConsumeIntegralInRange<int32_t>(kMinElements, kMaxElements);

    int32_t numInts = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

    native_handle_t* handle = native_handle_create(numFds, numInts);

    for (int32_t i = 0; i < numFds; ++i) {

        std::string filename = mFDP->ConsumeRandomLengthString(kMaxBytes);

        int32_t fd = open(filename.c_str(), O_RDWR | O_CREAT | O_TRUNC);

        handle->data[i] = fd;

    }

    return handle;

}



bool CameraFuzzer::initCamera() {

    ProcessState::self()->startThreadPool();

    sp<IServiceManager> sm = defaultServiceManager();
@@ -288,15 +301,11 @@ void CameraFuzzer::invokeCamera() { 
                },

                [&]() {

                    int64_t timestamp = mFDP->ConsumeIntegral<int64_t>();

                    int32_t numFds = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                    int32_t numInts = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                    native_handle_t* handle = native_handle_create(numFds, numInts);

                    native_handle_t* handle = createNativeHandle();

                    mCamera->recordingFrameHandleCallbackTimestamp(timestamp, handle);

                },

                [&]() {

                    int32_t numFds = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                    int32_t numInts = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                    native_handle_t* handle = native_handle_create(numFds, numInts);

                    native_handle_t* handle = createNativeHandle();

                    mCamera->releaseRecordingFrameHandle(handle);

                },

                [&]() { mCamera->releaseRecordingFrame(iMem); },
@@ -305,9 +314,7 @@ void CameraFuzzer::invokeCamera() { 
                    for (int8_t i = 0;

                         i < mFDP->ConsumeIntegralInRange<int8_t>(kMinElements, kMaxElements);

                         ++i) {

                        int32_t numFds = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                        int32_t numInts = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                        native_handle_t* handle = native_handle_create(numFds, numInts);

                        native_handle_t* handle = createNativeHandle();

                        handles.push_back(handle);

                    }

                    mCamera->releaseRecordingFrameHandleBatch(handles);
@@ -317,9 +324,7 @@ void CameraFuzzer::invokeCamera() { 
                    for (int8_t i = 0;

                         i < mFDP->ConsumeIntegralInRange<int8_t>(kMinElements, kMaxElements);

                         ++i) {

                        int32_t numFds = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                        int32_t numInts = mFDP->ConsumeIntegralInRange<int32_t>(kNumMin, kNumMax);

                        native_handle_t* handle = native_handle_create(numFds, numInts);

                        native_handle_t* handle = createNativeHandle();

                        handles.push_back(handle);

                    }

                    std::vector<nsecs_t> timestamps;