Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d4f6ab5e authored by Steven Moreland's avatar Steven Moreland
Browse files

rpc_binder_fuzzer: case with transaction 

We still weren't getting coverage here, so manual corpus.

Here is the layout of a special transaction to get the root object, and
a transaction on the root object, respectively:

/ .... init ...                \/ conn init    \/    RpcWireHeader             \/ RpcTransactionBody                                                           \/ ctrl \
000000F0000000000000000000000000636369000000000000000000280000001111111111111111000000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a
000000F0000000000000000000000000636369000000000000000000280000001111111111111111030000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a

The test case which is added is done by joining these two transactions
(the root object must be retrieved before we can transact on it).

echo "000000F00000000000000000000000006363690000000000000000002800000011111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000280000001111111111111111030000000000000000000000000000000000000000000000000000000000000000000000000000008d4a8d4a" | xxd -ps -r

Hopefully this will be enough for the fuzzer to find the transaction
operations we have setup there.

Bug: 199324691
Test: rpc_binder_fuzzer tests/rpc_fuzzer/corpus/transact_on_binder (w/ log showing coverage)
Change-Id: I4b9b62525ec27994db261d7ee354049a21168602
parent 2aab4a79
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment