Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01f7c334 authored by Akhilesh Sanikop's avatar Akhilesh Sanikop
Browse files

inputflinger: only use UTF-8 characters in device name and location 

Resolved aborts by passing UTF-8 valid
strings to InputDeviceIdentifier.

Test: ./inputflinger_switch_input_fuzzer
Bug: 352086709
Flag: EXEMPT bugfix in fuzzer

Change-Id: I20d02933160f2582d3fc183daa558de5a48b2563
parent 3ffd1628

services/inputflinger/tests/fuzzers/MapperHelpers.h

+2 −2
Original line number Diff line number Diff line
@@ -367,8 +367,8 @@ private: 
template <class Fdp>

InputDevice getFuzzedInputDevice(Fdp& fdp, FuzzInputReaderContext* context) {

    InputDeviceIdentifier identifier;

    identifier.name = fdp.ConsumeRandomLengthString(16);

    identifier.location = fdp.ConsumeRandomLengthString(12);

    identifier.name = fdp.ConsumeRandomLengthUtf8String(16);

    identifier.location = fdp.ConsumeRandomLengthUtf8String(12);

    int32_t deviceID = fdp.ConsumeIntegralInRange(0, 5);

    int32_t deviceGeneration = fdp.ConsumeIntegralInRange(0, 5);

    return InputDevice(context, deviceID, deviceGeneration, identifier);

services/inputflinger/tests/fuzzers/ThreadSafeFuzzedDataProvider.h

+39 −1
Original line number Diff line number Diff line
@@ -15,7 +15,7 @@ 
 */



#include <fuzzer/FuzzedDataProvider.h>



#include <algorithm>

/**

 * A thread-safe interface to the FuzzedDataProvider

 */
@@ -60,6 +60,44 @@ public: 
        return FuzzedDataProvider::ConsumeRandomLengthString();

    }



    // Converting the string to a UTF-8 string by setting the prefix bits of each

    // byte according to UTF-8 encoding rules.

    std::string ConsumeRandomLengthUtf8String(size_t max_length) {

        std::scoped_lock _l(mLock);

        std::string result = FuzzedDataProvider::ConsumeRandomLengthString(max_length);

        size_t remaining_bytes = result.length(), idx = 0;

        while (remaining_bytes > 0) {

            size_t random_byte_size = FuzzedDataProvider::ConsumeIntegralInRange(1, 4);

            size_t byte_size = std::min(random_byte_size, remaining_bytes);

            switch (byte_size) {

                // Prefix byte: 0xxxxxxx

                case 1:

                    result[idx++] &= 0b01111111;

                    break;

                // Prefix bytes: 110xxxxx 10xxxxxx

                case 2:

                    result[idx++] = (result[idx] & 0b00011111) | 0b11000000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    break;

                // Prefix bytes: 1110xxxx 10xxxxxx 10xxxxxx

                case 3:

                    result[idx++] = (result[idx] & 0b00001111) | 0b11100000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    break;

                // Prefix bytes: 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx

                case 4:

                    result[idx++] = (result[idx] & 0b00000111) | 0b11110000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    result[idx++] = (result[idx] & 0b00111111) | 0b10000000;

                    break;

            }

            remaining_bytes -= byte_size;

        }

        return result;

    }



    std::string ConsumeRemainingBytesAsString() {

        std::scoped_lock _l(mLock);

        return FuzzedDataProvider::ConsumeRemainingBytesAsString();