Loading libs/binder/tests/parcel_fuzzer/binder_ndk.h +4 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,10 @@ public: return aParcel()->get()->setData(buffer, len); } android::status_t appendFrom(const NdkParcelAdapter* parcel, int32_t start, int32_t len) { return AParcel_appendFrom(parcel->aParcel(), aParcel(), start, len); } private: ndk::ScopedAParcel mParcel; }; Loading libs/binder/tests/parcel_fuzzer/main.cpp +25 −0 Original line number Diff line number Diff line Loading @@ -94,6 +94,25 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, } } // Append two random parcels. template <typename P> void doAppendFuzz(const char* backend, FuzzedDataProvider&& provider) { int32_t start = provider.ConsumeIntegral<int32_t>(); int32_t len = provider.ConsumeIntegral<int32_t>(); std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>( provider.ConsumeIntegralInRange<size_t>(0, provider.remaining_bytes())); P p0, p1; fillRandomParcel(&p0, FuzzedDataProvider(bytes.data(), bytes.size())); fillRandomParcel(&p1, std::move(provider)); FUZZ_LOG() << "backend: " << backend; FUZZ_LOG() << "start: " << start << " len: " << len; p0.appendFrom(&p1, start, len); } void* NothingClass_onCreate(void* args) { return args; } Loading Loading @@ -143,6 +162,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { doReadFuzz<NdkParcelAdapter>("binder_ndk", BINDER_NDK_PARCEL_READ_FUNCTIONS, std::move(provider)); }, [](FuzzedDataProvider&& provider) { doAppendFuzz<::android::Parcel>("binder", std::move(provider)); }, [](FuzzedDataProvider&& provider) { doAppendFuzz<NdkParcelAdapter>("binder_ndk", std::move(provider)); }, }; provider.PickValueInArray(fuzzBackend)(std::move(provider)); Loading Loading
libs/binder/tests/parcel_fuzzer/binder_ndk.h +4 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,10 @@ public: return aParcel()->get()->setData(buffer, len); } android::status_t appendFrom(const NdkParcelAdapter* parcel, int32_t start, int32_t len) { return AParcel_appendFrom(parcel->aParcel(), aParcel(), start, len); } private: ndk::ScopedAParcel mParcel; }; Loading
libs/binder/tests/parcel_fuzzer/main.cpp +25 −0 Original line number Diff line number Diff line Loading @@ -94,6 +94,25 @@ void doReadFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads, } } // Append two random parcels. template <typename P> void doAppendFuzz(const char* backend, FuzzedDataProvider&& provider) { int32_t start = provider.ConsumeIntegral<int32_t>(); int32_t len = provider.ConsumeIntegral<int32_t>(); std::vector<uint8_t> bytes = provider.ConsumeBytes<uint8_t>( provider.ConsumeIntegralInRange<size_t>(0, provider.remaining_bytes())); P p0, p1; fillRandomParcel(&p0, FuzzedDataProvider(bytes.data(), bytes.size())); fillRandomParcel(&p1, std::move(provider)); FUZZ_LOG() << "backend: " << backend; FUZZ_LOG() << "start: " << start << " len: " << len; p0.appendFrom(&p1, start, len); } void* NothingClass_onCreate(void* args) { return args; } Loading Loading @@ -143,6 +162,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { doReadFuzz<NdkParcelAdapter>("binder_ndk", BINDER_NDK_PARCEL_READ_FUNCTIONS, std::move(provider)); }, [](FuzzedDataProvider&& provider) { doAppendFuzz<::android::Parcel>("binder", std::move(provider)); }, [](FuzzedDataProvider&& provider) { doAppendFuzz<NdkParcelAdapter>("binder_ndk", std::move(provider)); }, }; provider.PickValueInArray(fuzzBackend)(std::move(provider)); Loading
