Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0a1c3885 authored by Treehugger Robot's avatar Treehugger Robot Committed by Android (Google) Code Review
Browse files

Merge changes I1ce474a4,I3c5d4c96 into main 

* changes:
  binder_parcel_fuzzer: avoid consuming all provider
  binder_parcel_fuzzer: cleanup dups/to remove
parents 606da751 1021015c

libs/binder/tests/parcel_fuzzer/binder.cpp

+0 −18
Original line number Diff line number Diff line
@@ -117,14 +117,6 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { 
        p.setDataPosition(pos);

        FUZZ_LOG() << "setDataPosition done";

    },

    [] (const ::android::Parcel& p, FuzzedDataProvider& provider) {

        size_t len = provider.ConsumeIntegralInRange<size_t>(0, 1024);

        std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(len);

        FUZZ_LOG() << "about to setData: " <<(bytes.data() ? HexString(bytes.data(), bytes.size()) : "null");

        // TODO: allow all read and write operations

        (*const_cast<::android::Parcel*>(&p)).setData(bytes.data(), bytes.size());

        FUZZ_LOG() << "setData done";

    },

    PARCEL_READ_NO_STATUS(size_t, allowFds),

    PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),

    PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders),
@@ -435,12 +427,6 @@ std::vector<ParcelWrite<::android::Parcel>> BINDER_PARCEL_WRITE_FUNCTIONS { 
        int32_t len = provider.ConsumeIntegral<int32_t>();

        p.appendFrom(&p2, start, len);

    },

    [] (::android::Parcel& p, FuzzedDataProvider& provider, android::RandomParcelOptions* /*options*/) {

        FUZZ_LOG() << "about to call setData";

        size_t len = provider.ConsumeIntegralInRange<size_t>(0, 1024);

        std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>(len);

        p.setData(bytes.data(), bytes.size());

    },

    [] (::android::Parcel& p, FuzzedDataProvider& provider, android::RandomParcelOptions* /*options*/) {

        FUZZ_LOG() << "about to call pushAllowFds";

        bool val = provider.ConsumeBool();
@@ -513,10 +499,6 @@ std::vector<ParcelWrite<::android::Parcel>> BINDER_PARCEL_WRITE_FUNCTIONS { 
        FUZZ_LOG() << "about to call writeNoException";

        p.writeNoException();

    },

    [] (::android::Parcel& p, FuzzedDataProvider& /* provider */, android::RandomParcelOptions* /*options*/) {

        FUZZ_LOG() << "about to call closeFileDescriptors";

        p.closeFileDescriptors();

    },

    [] (::android::Parcel& p, FuzzedDataProvider& provider, android::RandomParcelOptions* /*options*/) {

        FUZZ_LOG() << "about to call replaceCallingWorkSourceUid";

        uid_t uid = provider.ConsumeIntegral<uid_t>();

libs/binder/tests/parcel_fuzzer/main.cpp

+1 −3
Original line number Diff line number Diff line
@@ -96,7 +96,7 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, 
    RandomParcelOptions options;



    P p;

    fillRandomParcel(&p, std::move(provider), &options);

    fillRandomParcel(&p, std::move(provider), &options); // consumes provider



    // since we are only using a byte to index

    CHECK_LE(reads.size(), 255u) << reads.size();
@@ -120,9 +120,7 @@ template <typename P> 
void doReadWriteFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads,

                     const std::vector<ParcelWrite<P>>& writes, FuzzedDataProvider&& provider) {

    RandomParcelOptions options;



    P p;

    fillRandomParcel(&p, std::move(provider), &options);



    // since we are only using a byte to index

    CHECK_LE(reads.size() + writes.size(), 255u) << reads.size();