binder_rpc_fuzzer: use ConsumeRandomLengthString
This function uses a clever mechanism (by establishing an end-of-string sequence '\[^\]' and treating '\\' as '\') in order to allow perterbations from the fuzzer to more easily resize a string being read without changing the structure of the rest of the fuzz data. In the previous solution (since FuzzedDataProvider reads integral values off of the end of the fuzz data), a change in the size of data being read may shift things in the string in a way that fundamentally changes the structure of the data being processed. In order to try to allow the fuzzer to more easily exploit high-coverage strings, changing to this approach. Note, ConsumeRandomLengthString will read in binary data as well and it will also allow null bytes. Bug: 199324691 Test: binder_rpc_fuzzer Change-Id: Iaab6e7045add2e0bf541e5218364ffba49138bdc
Loading
Please register or sign in to comment