Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5de922ff authored by Steven Moreland's avatar Steven Moreland
Browse files

binder_rpc_fuzzer: remove rlimit stuff 

Copying from another commit in this project, where I'm doing this:

Originally I was going for a model where too big of allocations are
actually sent to malloc and they fail, but this wasn't really a good
plan:
- allocatoins which are near the maximum can cause arbitrary threads
  to fail even if they allocate just one byte
- Android doesn't use C++ exceptions and the libbinder API freezes
  its use of std::vector. I was looking at forking libstdc++ to fix
  that, but it's overkill
- rlimit doesn't play well with crash_dump* in Android or with the
  fuzzing infrastructure (causes worse stack to get delayed)

Instead, going with this model of only making "reasonable" allocations
to begin with (reject too-big allocations without letting them fail).

Bug: 182938024
Test: binder_rpc_fuzzer for several minutes
Change-Id: I7f34313c5fafe4e54ac05a83be9edd4ed764436f
parent c3229abc

libs/binder/tests/rpc_fuzzer/main.cpp

+0 −20
Original line number Diff line number Diff line
@@ -29,20 +29,6 @@ namespace android { 
static const std::string kSock = std::string(getenv("TMPDIR") ?: "/tmp") +

        "/binderRpcFuzzerSocket_" + std::to_string(getpid());



size_t getHardMemoryLimit() {

    struct rlimit limit;

    CHECK(0 == getrlimit(RLIMIT_AS, &limit)) << errno;

    return limit.rlim_max;

}



void setMemoryLimit(size_t cur, size_t max) {

    const struct rlimit kLimit = {

            .rlim_cur = cur,

            .rlim_max = max,

    };

    CHECK(0 == setrlimit(RLIMIT_AS, &kLimit)) << errno;

}



class SomeBinder : public BBinder {

    status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags = 0) {

        (void)flags;
@@ -75,10 +61,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 
    server->iUnderstandThisCodeIsExperimentalAndIWillNotUseItInProduction();

    CHECK(server->setupUnixDomainServer(kSock.c_str()));



    static constexpr size_t kMemLimit = 1llu * 1024 * 1024 * 1024;

    size_t hardLimit = getHardMemoryLimit();

    setMemoryLimit(std::min(kMemLimit, hardLimit), hardLimit);



    std::thread serverThread([=] { (void)server->acceptOne(); });



    sockaddr_un addr{
@@ -113,8 +95,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { 
        usleep(1);

    }



    setMemoryLimit(hardLimit, hardLimit);



    return 0;

}