Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a9d6f894 authored by Kunal Rai's avatar Kunal Rai
Browse files

inputflinger_blocking_queue_fuzzer: Bug Fix 

Resolved signed integer overflow. A range for duration has been set to prevent integer overflow.

exec/s: 4500
Test: ./inputflinger_blocking_queue_fuzzer clusterfuzz-testcase-minimized-inputflinger_blocking_queue_fuzzer-6214201068552192

Bug: 289472805
Change-Id: I012ced70927af97b4ebc9a314445f340d3b135f5
parent 8162d2ed

services/inputflinger/tests/fuzzers/BlockingQueueFuzzer.cpp

+3 −2
Original line number Diff line number Diff line
@@ -50,8 +50,9 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) { 
                    // Pops blocks if it is empty, so only pop up to num elements inserted.

                    size_t numPops = fdp.ConsumeIntegralInRange<size_t>(0, filled);

                    for (size_t i = 0; i < numPops; i++) {

                        queue.popWithTimeout(

                                std::chrono::nanoseconds{fdp.ConsumeIntegral<int64_t>()});

                        // Provide a random timeout up to 1 second

                        queue.popWithTimeout(std::chrono::nanoseconds(

                                fdp.ConsumeIntegralInRange<int64_t>(0, 1E9)));

                    }

                    filled > numPops ? filled -= numPops : filled = 0;

                },