Loading libs/binder/tests/parcel_fuzzer/main.cpp +5 −1 Original line number Diff line number Diff line Loading @@ -107,7 +107,11 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, CHECK_LE(reads.size(), 255u) << reads.size(); FUZZ_LOG() << "doReadFuzz backend: " << backend; if (p.data() != nullptr) { FUZZ_LOG() << "input: " << HexString(p.data(), p.dataSize()); } FUZZ_LOG() << "instructions: " << HexString(instructions.data(), instructions.size()); FuzzedDataProvider instructionsProvider(instructions.data(), instructions.size()); Loading libs/binder/tests/parcel_fuzzer/random_parcel.cpp +24 −0 Original line number Diff line number Diff line Loading @@ -41,6 +41,7 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, const bool resultShouldBeView = fuzzerParcelOptions & 1; const bool resultShouldBeRpc = fuzzerParcelOptions & 2; const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4; const bool resultRandomSet = fuzzerParcelOptions & 8; auto sensitivity_guard = binder::impl::make_scope_guard([&]() { if (resultShouldMarkSensitive) { Loading Loading @@ -87,6 +88,12 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, options->writeHeader(p, provider); } std::vector<uint8_t> instructionData; if (resultRandomSet) { size_t dataSize = provider.ConsumeIntegralInRange<size_t>(0, 100); instructionData = provider.ConsumeBytes<uint8_t>(dataSize); } while (provider.remaining_bytes() > 0) { auto fillFunc = provider.PickValueInArray<const std::function<void()>>({ // write data Loading Loading @@ -149,6 +156,23 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, fillFunc(); } if (resultRandomSet) { auto value = 0; FuzzedDataProvider setInstructionsProvider(instructionData.data(), instructionData.size()); while (setInstructionsProvider.remaining_bytes() > 0) { if (setInstructionsProvider.ConsumeBool()) { value = setInstructionsProvider.ConsumeIntegralInRange<size_t>(0, 2048); } auto setRandomValue = setInstructionsProvider.PickValueInArray<const std::function<void()>>({ [&]() { p->setDataCapacity(value); }, [&]() { p->setDataPosition(value); }, [&]() { p->setDataSize(value); }, }); setRandomValue(); } } } } // namespace android Loading
libs/binder/tests/parcel_fuzzer/main.cpp +5 −1 Original line number Diff line number Diff line Loading @@ -107,7 +107,11 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, CHECK_LE(reads.size(), 255u) << reads.size(); FUZZ_LOG() << "doReadFuzz backend: " << backend; if (p.data() != nullptr) { FUZZ_LOG() << "input: " << HexString(p.data(), p.dataSize()); } FUZZ_LOG() << "instructions: " << HexString(instructions.data(), instructions.size()); FuzzedDataProvider instructionsProvider(instructions.data(), instructions.size()); Loading
libs/binder/tests/parcel_fuzzer/random_parcel.cpp +24 −0 Original line number Diff line number Diff line Loading @@ -41,6 +41,7 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, const bool resultShouldBeView = fuzzerParcelOptions & 1; const bool resultShouldBeRpc = fuzzerParcelOptions & 2; const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4; const bool resultRandomSet = fuzzerParcelOptions & 8; auto sensitivity_guard = binder::impl::make_scope_guard([&]() { if (resultShouldMarkSensitive) { Loading Loading @@ -87,6 +88,12 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, options->writeHeader(p, provider); } std::vector<uint8_t> instructionData; if (resultRandomSet) { size_t dataSize = provider.ConsumeIntegralInRange<size_t>(0, 100); instructionData = provider.ConsumeBytes<uint8_t>(dataSize); } while (provider.remaining_bytes() > 0) { auto fillFunc = provider.PickValueInArray<const std::function<void()>>({ // write data Loading Loading @@ -149,6 +156,23 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider, fillFunc(); } if (resultRandomSet) { auto value = 0; FuzzedDataProvider setInstructionsProvider(instructionData.data(), instructionData.size()); while (setInstructionsProvider.remaining_bytes() > 0) { if (setInstructionsProvider.ConsumeBool()) { value = setInstructionsProvider.ConsumeIntegralInRange<size_t>(0, 2048); } auto setRandomValue = setInstructionsProvider.PickValueInArray<const std::function<void()>>({ [&]() { p->setDataCapacity(value); }, [&]() { p->setDataPosition(value); }, [&]() { p->setDataSize(value); }, }); setRandomValue(); } } } } // namespace android
