Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 215468a1 authored by Pawan Wagh's avatar Pawan Wagh
Browse files

Restrict domain of transact codes in fuzzService 

Test: m libbinder_random_parcel
Bug: 261871104
Change-Id: Id5cff8223ad6f0463caf9a81e21e40317ada2d23
parent 7f273710

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+3 −1
Original line number Diff line number Diff line
@@ -37,7 +37,9 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { 
    }



    while (provider.remaining_bytes() > 0) {

        uint32_t code = provider.ConsumeIntegral<uint32_t>();

        // Most of the AIDL services will have small set of transaction codes.

        uint32_t code = provider.ConsumeBool() ? provider.ConsumeIntegral<uint32_t>()

                                               : provider.ConsumeIntegralInRange<uint32_t>(0, 100);

        uint32_t flags = provider.ConsumeIntegral<uint32_t>();

        Parcel data;

        // for increased fuzz coverage