Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8267a545 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Android (Google) Code Review
Browse files

Merge "ndk_mediaformat_fuzzer : Bug fix"

parents be353d16 85f2d215

media/ndk/fuzzer/ndk_mediaformat_fuzzer.cpp

+9 −1
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ 
#include <fcntl.h>

#include <fuzzer/FuzzedDataProvider.h>

#include <media/NdkMediaFormat.h>

#include <media/stagefright/foundation/AMessage.h>

#include <sys/mman.h>

#include <unistd.h>

#include <utils/Log.h>
@@ -176,11 +177,13 @@ constexpr size_t kMinBytes = 0; 
constexpr size_t kMaxBytes = 1000;

constexpr size_t kMinChoice = 0;

constexpr size_t kMaxChoice = 9;

const size_t kMaxIteration = android::AMessage::maxAllowedEntries();



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    FuzzedDataProvider fdp(data, size);

    AMediaFormat* mediaFormat = AMediaFormat_new();

    while (fdp.remaining_bytes()) {

    std::vector<std::string> nameCollection;

    while (fdp.remaining_bytes() && nameCollection.size() < kMaxIteration) {

        const char* name = nullptr;

        std::string nameString;

        if (fdp.ConsumeBool()) {
@@ -190,6 +193,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 
                            : fdp.ConsumeRandomLengthString(

                                      fdp.ConsumeIntegralInRange<size_t>(kMinBytes, kMaxBytes));

            name = nameString.c_str();

            std::vector<std::string>::iterator it =

                    find(nameCollection.begin(), nameCollection.end(), name);

            if (it == nameCollection.end()) {

                nameCollection.push_back(name);

            }

        }

        switch (fdp.ConsumeIntegralInRange<int32_t>(kMinChoice, kMaxChoice)) {

            case 0: {