Loading libs/binder/Parcel.cpp +9 −0 Original line number Diff line number Diff line Loading @@ -966,7 +966,15 @@ bool Parcel::enforceInterface(const char16_t* interface, } } void Parcel::setEnforceNoDataAvail(bool enforceNoDataAvail) { mEnforceNoDataAvail = enforceNoDataAvail; } binder::Status Parcel::enforceNoDataAvail() const { if (!mEnforceNoDataAvail) { return binder::Status::ok(); } const auto n = dataAvail(); if (n == 0) { return binder::Status::ok(); Loading Loading @@ -3077,6 +3085,7 @@ void Parcel::initState() mAllowFds = true; mDeallocZero = false; mOwner = nullptr; mEnforceNoDataAvail = true; } void Parcel::scanForFds() const { Loading libs/binder/include/binder/Parcel.h +6 −0 Original line number Diff line number Diff line Loading @@ -150,6 +150,9 @@ public: // Returns Status(EX_BAD_PARCELABLE) when the Parcel is not consumed. binder::Status enforceNoDataAvail() const; // This Api is used by fuzzers to skip dataAvail checks. void setEnforceNoDataAvail(bool enforceNoDataAvail); void freeData(); size_t objectsCount() const; Loading Loading @@ -1329,6 +1332,9 @@ private: // data to be overridden with zero when deallocated mutable bool mDeallocZero; // Set this to false to skip dataAvail checks. bool mEnforceNoDataAvail; release_func mOwner; size_t mReserved; Loading libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { uint32_t code = provider.ConsumeIntegral<uint32_t>(); uint32_t flags = provider.ConsumeIntegral<uint32_t>(); Parcel data; // for increased fuzz coverage data.setEnforceNoDataAvail(provider.ConsumeBool()); sp<IBinder> target = options.extraBinders.at( provider.ConsumeIntegralInRange<size_t>(0, options.extraBinders.size() - 1)); Loading @@ -50,6 +52,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { fillRandomParcel(&data, FuzzedDataProvider(subData.data(), subData.size()), &options); Parcel reply; // for increased fuzz coverage reply.setEnforceNoDataAvail(provider.ConsumeBool()); (void)target->transact(code, data, &reply, flags); // feed back in binders and fds that are returned from the service, so that Loading Loading
libs/binder/Parcel.cpp +9 −0 Original line number Diff line number Diff line Loading @@ -966,7 +966,15 @@ bool Parcel::enforceInterface(const char16_t* interface, } } void Parcel::setEnforceNoDataAvail(bool enforceNoDataAvail) { mEnforceNoDataAvail = enforceNoDataAvail; } binder::Status Parcel::enforceNoDataAvail() const { if (!mEnforceNoDataAvail) { return binder::Status::ok(); } const auto n = dataAvail(); if (n == 0) { return binder::Status::ok(); Loading Loading @@ -3077,6 +3085,7 @@ void Parcel::initState() mAllowFds = true; mDeallocZero = false; mOwner = nullptr; mEnforceNoDataAvail = true; } void Parcel::scanForFds() const { Loading
libs/binder/include/binder/Parcel.h +6 −0 Original line number Diff line number Diff line Loading @@ -150,6 +150,9 @@ public: // Returns Status(EX_BAD_PARCELABLE) when the Parcel is not consumed. binder::Status enforceNoDataAvail() const; // This Api is used by fuzzers to skip dataAvail checks. void setEnforceNoDataAvail(bool enforceNoDataAvail); void freeData(); size_t objectsCount() const; Loading Loading @@ -1329,6 +1332,9 @@ private: // data to be overridden with zero when deallocated mutable bool mDeallocZero; // Set this to false to skip dataAvail checks. bool mEnforceNoDataAvail; release_func mOwner; size_t mReserved; Loading
libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { uint32_t code = provider.ConsumeIntegral<uint32_t>(); uint32_t flags = provider.ConsumeIntegral<uint32_t>(); Parcel data; // for increased fuzz coverage data.setEnforceNoDataAvail(provider.ConsumeBool()); sp<IBinder> target = options.extraBinders.at( provider.ConsumeIntegralInRange<size_t>(0, options.extraBinders.size() - 1)); Loading @@ -50,6 +52,8 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { fillRandomParcel(&data, FuzzedDataProvider(subData.data(), subData.size()), &options); Parcel reply; // for increased fuzz coverage reply.setEnforceNoDataAvail(provider.ConsumeBool()); (void)target->transact(code, data, &reply, flags); // feed back in binders and fds that are returned from the service, so that Loading
