Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1021015c authored by Steven Moreland's avatar Steven Moreland
Browse files

binder_parcel_fuzzer: avoid consuming all provider 

In doReadWriteFuzz, it should not call fillRandomParcel,
as this consumes the entire provider. It's meant to
always start with an empty Parcel, but I forgot to
remove this.

Ignore-AOSP-First: fuzzer work
Bug: 328161314
Test: run fuzzer, starts finding crashes
Change-Id: I1ce474a4e39464fd53f6cd9c440b40bd128fada1
parent 19ff63ee

libs/binder/tests/parcel_fuzzer/main.cpp

+1 −3
Original line number Diff line number Diff line
@@ -96,7 +96,7 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, 
    RandomParcelOptions options;



    P p;

    fillRandomParcel(&p, std::move(provider), &options);

    fillRandomParcel(&p, std::move(provider), &options); // consumes provider



    // since we are only using a byte to index

    CHECK_LE(reads.size(), 255u) << reads.size();
@@ -120,9 +120,7 @@ template <typename P> 
void doReadWriteFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads,

                     const std::vector<ParcelWrite<P>>& writes, FuzzedDataProvider&& provider) {

    RandomParcelOptions options;



    P p;

    fillRandomParcel(&p, std::move(provider), &options);



    // since we are only using a byte to index

    CHECK_LE(reads.size() + writes.size(), 255u) << reads.size();